Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in August 2018
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
Building Security into the DevOps Pipeline
Building Security into the DevOps Pipeline
Dark Reading Videos  |  8/17/2018  | 
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
Simplifying Defense Across the MITRE ATT&CK Matrix
Simplifying Defense Across the MITRE ATT&CK Matrix
Dark Reading Videos  |  8/17/2018  | 
Endgames Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK matrix.
New PHP Exploit Chain Highlights Dangers of Deserialization
News  |  8/15/2018  | 
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
10 Threats Lurking on the Dark Web
Slideshows  |  8/8/2018  | 
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
US-CERT Warns of New Linux Kernel Vulnerability
Quick Hits  |  8/7/2018  | 
Patches now available to prevent DoS attack on Linux systems.
Is SMS 2FA Enough Login Protection?
News  |  8/3/2018  | 
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
Power Grid Security: How Safe Are We?
Commentary  |  8/2/2018  | 
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
6 Ways DevOps Can Supercharge Security
Slideshows  |  8/2/2018  | 
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
5 Steps to Fight Unauthorized Cryptomining
Commentary  |  8/1/2018  | 
This compromise feels like a mere annoyance, but it can open the door to real trouble.


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.