informa
Announcements
Event
Emerging Cybersecurity Technologies: What You Need to Know - A Dark Reading March 23 Virtual Event | <GET YOUR PASS>
Event
The Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them | Jan 24 Webinar | <REGISTER NOW>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext

Vulnerability Management

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Critical RCE Lexmark Printer Bug Has Public Exploit
A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.
January 27, 2023
A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.
by Dark Reading Staff, Dark Reading
January 27, 2023
1 MIN READ
Article
Java, .NET Developers Prone to More Frequent Vulnerabilities
About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data.
January 16, 2023
About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data.
by Robert Lemos, Contributing Writer, Dark Reading
January 16, 2023
4 MIN READ
Article
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
January 09, 2023
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
by Jai Vijayan, Contributing Writer, Dark Reading
January 09, 2023
5 MIN READ
Article
JsonWebToken Security Bug Opens Servers to RCE
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.
January 09, 2023
The JsonWebToken package plays a big role in the authentication and authorization functionality for many applications.
by Nathan Eddy, Contributing Writer, Dark Reading
January 09, 2023
3 MIN READ
Article
Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.
December 23, 2022
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.
by Tara Seals, Managing Editor, News, Dark Reading
December 23, 2022
5 MIN READ
Article
Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
December 23, 2022
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
by Nathan Eddy, Contributing Writer, Dark Reading
December 23, 2022
6 MIN READ
Article
Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses
With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare.
December 22, 2022
With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare.
by Robert Lemos, Contributing Writer, Dark Reading
December 22, 2022
4 MIN READ
Article
Google WordPress Plug-in Bug Allows AWS Metadata Theft
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.
December 22, 2022
A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.
by Nathan Eddy, Contributing Writer, Dark Reading
December 22, 2022
3 MIN READ
Article
Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit
The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.
December 21, 2022
The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.
by Jai Vijayan, Contributing Writer, Dark Reading
December 21, 2022
3 MIN READ
Article
Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass
The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.
December 20, 2022
The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.
by Tara Seals, Managing Editor, News, Dark Reading
December 20, 2022
3 MIN READ
Article
Compliance Is Not Enough: How to Manage Your Customer Data
Effective customer data management helps companies avoid data breaches and the resulting cascade of issues. From validating "clean" data to centralized storage and a data governance strategy, management steps can help keep data safe.
December 16, 2022
Effective customer data management helps companies avoid data breaches and the resulting cascade of issues. From validating "clean" data to centralized storage and a data governance strategy, management steps can help keep data safe.
by Peter Bray, CEO, Fluxguard
December 16, 2022
4 MIN READ
Article
Apple Zero-Day Actively Exploited on iPhone 15
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.
December 14, 2022
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.
by Dark Reading Staff, Dark Reading
December 14, 2022
1 MIN READ
Article
Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
December 13, 2022
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
by Jai Vijayan, Contributing Writer, Dark Reading
December 13, 2022
5 MIN READ
Article
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
December 13, 2022
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
by Dark Reading Staff, Dark Reading
December 13, 2022
1 MIN READ
Article
Android Serves Up a Slew of Security Updates, 4 Critical
Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
December 07, 2022
Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
by Dark Reading Staff, Dark Reading
December 07, 2022
1 MIN READ
Article