Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Vulnerability Management posted in September 2016
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
An Open-Source Security Maturity Model
An Open-Source Security Maturity Model
Dark Reading Videos  |  9/23/2016  | 
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
Biometric Skimmers Pose Emerging Threat To ATMs
News  |  9/22/2016  | 
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
National Health ISAC Calls For Collaborative Vuln Disclosure
News  |  9/21/2016  | 
St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
How Windows 10 Stops Script-Based Attacks On The Fly
How Windows 10 Stops Script-Based Attacks On The Fly
Dark Reading Videos  |  9/21/2016  | 
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
The Future Of AI-Based Cybersecurity: It's Here Now
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Videos  |  9/19/2016  | 
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security
News  |  9/16/2016  | 
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices.
Data Loss Risks Rise In The Age Of Collaboration
News  |  9/15/2016  | 
Most organizations believe they have lost sensitive information due to external file sharing and third-party collaboration.
Portrait Of A Bug Bounty Hacker
News  |  9/13/2016  | 
Bounty programs attract young, self-taught hackers who primarily depend on it as a lucrative side gig.
PCI Security Update Targets PIN System Vendors
News  |  9/12/2016  | 
New requirements cover physical and logical security controls.
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims
News  |  9/8/2016  | 
Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users' accounts.
The Shifting Mindset Of Financial Services CSOs
Commentary  |  9/8/2016  | 
Theyre getting more realistic and developing strategies to close security gaps.
Network Management Systems Vulnerable To SNMP Attacks
News  |  9/7/2016  | 
Products from many vendors vulnerable to XSS attacks because of basic input validation errors, Rapid7 says in report.
Cryptographic Key Reuse Remains Widespread In Embedded Products
News  |  9/6/2016  | 
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
8 Security Categories Healthcare Providers Need to Improve On
Slideshows  |  9/6/2016  | 
A new survey by HIMSS finds that many providers dont even cover the basics of IT security.
Yelp Offers Up To $15K Per Bug Via New Bounty Program
News  |  9/6/2016  | 
Reviews site building off previous success with private bug bounty program to launch new public program.
Apple Issues Patches To Fix Trident Flaws In OS X El Capitan, Yosemite
News  |  9/2/2016  | 
Same zero-day flaws had been patched earlier in iOS as well


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...
CVE-2019-10062
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
CVE-2020-23995
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.