Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in June 2019
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
NIST Issues IoT Risk Guidelines
Quick Hits  |  6/27/2019  | 
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
How to Avoid Becoming the Next Riviera Beach
Commentary  |  6/25/2019  | 
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Serverless Computing from the Inside Out
Commentary  |  6/19/2019  | 
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Commentary  |  6/18/2019  | 
It's time to reassess your open source management policies and processes.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
The CISO's Drive to Consolidation
Commentary  |  6/13/2019  | 
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
Tomorrow's Cybersecurity Analyst Is Not Who You Think
Commentary  |  6/12/2019  | 
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
How to Get the Most Benefits from Biometrics
Commentary  |  6/5/2019  | 
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32066
PUBLISHED: 2021-08-01
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the c...
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.