Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in April 2020
Healthcare Targeted By More Attacks But Less Sophistication
News  |  4/30/2020  | 
An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
Things Keeping CISOs Up at Night During the COVID-19 Pandemic
Commentary  |  4/30/2020  | 
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
News  |  4/29/2020  | 
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
4 Ways to Get to Defensive When Faced by an Advanced Attack
Commentary  |  4/29/2020  | 
To hold your own against nation-state-grade attacks, you must think and act differently.
Continued Use of Python 2 Will Heighten Security Risks
News  |  4/28/2020  | 
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Top 10 Cyber Incident Response Mistakes and How to Avoid Them
Slideshows  |  4/27/2020  | 
From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
The Evolving Threat of Credential Stuffing
Commentary  |  4/23/2020  | 
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
11 Tips for Protecting Active Directory While Working from Home
Commentary  |  4/22/2020  | 
To improve the security of your corporate's network, protect the remote use of AD credentials.
Making the Case for Process Documentation in Cyber Threat Intel
Commentary  |  4/22/2020  | 
Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a must
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
'Look for the Helpers' to Securely Enable the Remote Workforce
Commentary  |  4/17/2020  | 
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Commentary  |  4/15/2020  | 
Hackers are upping their game, especially as they target mobile devices.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day
News  |  4/14/2020  | 
Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Cybercrime May Be the World's Third-Largest Economy by 2021
Commentary  |  4/13/2020  | 
The underground economy is undergoing an industrialization wave and booming like never before.
No STEM, No Problem: How to Close the Security Workforce Gap
Commentary  |  4/9/2020  | 
Those who work well with others, learn quickly, and possess a proactive mindset toward the work can make great employees, even if their backgrounds aren't rooted in cybersecurity.
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
Best Practices to Manage Third-Party Cyber-Risk Today
Commentary  |  4/2/2020  | 
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
Why All Employees Are Responsible for Company Cybersecurity
Commentary  |  4/1/2020  | 
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.