Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in August 2020
Testing & Automation Pay Off for NSA's DevSecOps Project
News  |  8/31/2020  | 
Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.
From Defense to Offense: Giving CISOs Their Due
Commentary  |  8/31/2020  | 
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
How CISOs Can Play a New Role in Defining the Future of Work
Commentary  |  8/27/2020  | 
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
The Fatal Flaw in Data Security
Commentary  |  8/25/2020  | 
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
Average Cost of a Data Breach in 2020: $3.86M
Commentary  |  8/24/2020  | 
When companies defend themselves against cyberattacks, time is money.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
Commentary  |  8/21/2020  | 
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
Smart-Lock Hacks Point to Larger IoT Problems
News  |  8/20/2020  | 
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
Fuzzing Services Help Push Technology into DevOps Pipeline
News  |  8/19/2020  | 
As part of a continuous testing approach, fuzzing has evolved to provide in-depth code checks for unknown vulnerabilities before deployment.
Newly Patched Alexa Flaws a Red Flag for Home Workers
News  |  8/19/2020  | 
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
Why Quality & Security Both Matter in Software
Commentary  |  8/18/2020  | 
It's time to position quality and security as equals under the metric of software integrity.
Firms Still Struggle to Prioritize Security Vulnerabilities
News  |  8/17/2020  | 
Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows.
The IT Backbone of Cybercrime
Commentary  |  8/17/2020  | 
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
News  |  8/12/2020  | 
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
How to Help Spoil the Cybercrime Economy
Commentary  |  8/11/2020  | 
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
Vulnerability Prioritization: Are You Getting It Right?
Commentary  |  8/10/2020  | 
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
IoT Security During COVID-19: What We've Learned & Where We're Going
Commentary  |  8/7/2020  | 
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
Counting for Good: Hardware Counters Un-mask Malware
News  |  8/6/2020  | 
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
SynerComm Reboots a Security Staple with 'Continuous' Pentesting
News  |  8/5/2020  | 
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
News  |  8/5/2020  | 
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
HealthScare: Prioritizing Medical AppSec Research
News  |  8/5/2020  | 
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
News  |  8/5/2020  | 
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
Retooling the SOC for a Post-COVID World
Commentary  |  8/4/2020  | 
Residual work-from-home policies will require changes to security policies, procedures, and technologies.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...
CVE-2019-10062
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
CVE-2020-23995
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.