Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in August 2019
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Commentary  |  8/30/2019  | 
Three steps for relieving the pressure of picking the right tools.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
News  |  8/29/2019  | 
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
Who Gets Privileged Access & How to Enforce It
Commentary  |  8/20/2019  | 
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
5 Ways to Improve the Patching Process
Slideshows  |  8/20/2019  | 
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
New Research Finds More Struts Vulnerabilities
Quick Hits  |  8/15/2019  | 
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
The Flaw in Vulnerability Management: It's Time to Get Real
Commentary  |  8/15/2019  | 
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Commentary  |  8/15/2019  | 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
7 Biggest Cloud Security Blind Spots
Slideshows  |  8/15/2019  | 
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Commentary  |  8/14/2019  | 
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Microservices Flip App Security on Its Head
Commentary  |  8/14/2019  | 
With faster application deployment comes increased security considerations.
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
Commentary  |  8/13/2019  | 
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
History Doesn't Repeat Itself in Cyberspace
Commentary  |  8/13/2019  | 
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
Security Flaws Discovered in 40 Microsoft-Certified Device Drivers
News  |  8/12/2019  | 
Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system.
More Focus on Security as Payment Technologies Proliferate
News  |  8/12/2019  | 
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
6 Security Considerations for Wrangling IoT
Commentary  |  8/12/2019  | 
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
Significant Vulnerabilities Found in 6 Common Printer Brands
News  |  8/9/2019  | 
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
News  |  8/7/2019  | 
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep
News  |  8/6/2019  | 
The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown.
US Air Force Bug Bounty Program Nets 54 Flaws for $123,000
News  |  8/6/2019  | 
The Air Force brought together 50 vetted hackers to find the vulnerabilities in the latest bug-bounty program hosted by a branch of the US military.
When Perceived Cybersecurity Risk Outweighs Reality
Commentary  |  8/6/2019  | 
Teams need to manage perceived risks so they can focus on fighting the real fires.
Fighting Back Against Mobile Fraudsters
Commentary  |  8/5/2019  | 
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
Demystifying New FIDO Standards & Innovations
Commentary  |  8/1/2019  | 
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...