Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in April 2021
New Threat Group Carrying Out Aggressive Ransomware Campaign
News  |  4/30/2021  | 
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
The Ticking Time Bomb in Every Company's Code
Commentary  |  4/30/2021  | 
Developers must weigh the benefits and risks of using third-party code in Web apps.
Researchers Connect Complex Specs to Software Vulnerabilities
News  |  4/29/2021  | 
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
74% of Financial Institutions See Spike in COVID-Related Threats
Quick Hits  |  4/28/2021  | 
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
News  |  4/26/2021  | 
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Apple Patches Serious MacOS Security Flaw
Quick Hits  |  4/26/2021  | 
The bug can put Mac users at "grave risk" as it allows attackers to bypass Apple's security mechanisms, a researcher reports.
Shift Left: From Concept to Practice
Commentary  |  4/26/2021  | 
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
Insider Data Leaks: A Growing Enterprise Threat
Quick Hits  |  4/23/2021  | 
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.
Prometei Botnet Adds New Twist to Exchange Server Attacks
Quick Hits  |  4/22/2021  | 
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Improving the Vulnerability Reporting Process With 5 Steps
Commentary  |  4/22/2021  | 
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
University Suspends Project After Researchers Submitted Vulnerable Linux Patches
News  |  4/22/2021  | 
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Justice Dept. Creates Task Force to Stop Ransomware Spread
Quick Hits  |  4/21/2021  | 
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Commentary  |  4/14/2021  | 
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dependency Problems Increase for Open Source Components
News  |  4/14/2021  | 
The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
News  |  4/13/2021  | 
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
New Malware Downloader Spotted in Targeted Campaigns
News  |  4/12/2021  | 
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Commentary  |  4/8/2021  | 
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
Cring Ransomware Used in Attacks on European Industrial Firms
Quick Hits  |  4/7/2021  | 
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
Rethinking Cyberattack Response: Prevention & Preparedness
Commentary  |  4/7/2021  | 
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
Commentary  |  4/7/2021  | 
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
US Tech Dominance Rides on Securing Intellectual Property
Commentary  |  4/2/2021  | 
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
The Role of Visibility in Securing Cloud Applications
Commentary  |  4/1/2021  | 
Traditional data center approaches aren't built for securing modern cloud applications.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.