Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in June 2019
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
NIST Issues IoT Risk Guidelines
Quick Hits  |  6/27/2019  | 
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
How to Avoid Becoming the Next Riviera Beach
Commentary  |  6/25/2019  | 
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Serverless Computing from the Inside Out
Commentary  |  6/19/2019  | 
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Commentary  |  6/18/2019  | 
It's time to reassess your open source management policies and processes.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
The CISO's Drive to Consolidation
Commentary  |  6/13/2019  | 
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
Tomorrow's Cybersecurity Analyst Is Not Who You Think
Commentary  |  6/12/2019  | 
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
How to Get the Most Benefits from Biometrics
Commentary  |  6/5/2019  | 
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38562
PUBLISHED: 2021-10-18
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2021-41611
PUBLISHED: 2021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed ...
CVE-2021-42565
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
CVE-2021-42566
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
CVE-2021-36097
PUBLISHED: 2021-10-18
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.