Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in July 2019
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
Business Email Compromise: Thinking Beyond Wire Transfers
News  |  7/23/2019  | 
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
News  |  7/23/2019  | 
Reward for vulnerability research climbed 83% in the past year.
CISO Pressures: Why the Role Stinks and How to Fix It
Commentary  |  7/22/2019  | 
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Slideshows  |  7/18/2019  | 
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
The 10 Essentials of Infosec Forensics
Slideshows  |  7/17/2019  | 
Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
How Attackers Infiltrate the Supply Chain & What to Do About It
Commentary  |  7/16/2019  | 
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
Is 2019 the Year of the CISO?
Commentary  |  7/16/2019  | 
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Cloud Security and Risk Mitigation
Commentary  |  7/9/2019  | 
Just because your data isn't on-premises doesn't mean you're not responsible for security.
Insider Threats: An M&A Dealmaker's Nightmare
Commentary  |  7/9/2019  | 
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Commentary  |  7/2/2019  | 
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31923
PUBLISHED: 2021-09-24
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
CVE-2021-41581
PUBLISHED: 2021-09-24
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
CVE-2021-41583
PUBLISHED: 2021-09-24
vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VP...
CVE-2021-41584
PUBLISHED: 2021-09-24
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.
CVE-2020-19949
PUBLISHED: 2021-09-23
A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.