informa

Vulnerability Management

Trickbot Injections Get Harder to Detect & Analyze
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
January 24, 2022
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
by Jai Vijayan, Contributing Writer
January 24, 2022
5 min read
Article
Are You Prepared to Defend Against a USB Attack?
Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.
January 24, 2022
Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.
by Benny Czarny, Founder & CEO, OPSWAT
January 24, 2022
4 min read
Article
Researchers Discover Dangerous Firmware-Level Rootkit
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
January 20, 2022
MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
by Jai Vijayan, Contributing Writer
January 20, 2022
5 min read
Article
Preparing for the Next Cybersecurity Epidemic: Deepfakes
Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.
January 19, 2022
Using blockchain, multifactor authentication, or signatures can help boost authentication security and reduce fraud.
by Elaine Lee, Principal Data Scientist, Cybergraph team, Mimecast
January 19, 2022
4 min read
Article
US Search for Vulnerabilities Drives 10x Increase in Bug Reports
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
January 18, 2022
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
by Robert Lemos, Contributing Writer
January 18, 2022
4 min read
Article
Name That Toon: Nowhere to Hide
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
January 18, 2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
by John Klossner, Cartoonist
January 18, 2022
1 min read
Article
White House Meets With Software Firms and Open Source Orgs on Security
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
January 14, 2022
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
by Robert Lemos, Contributing Writer
January 14, 2022
5 min read
Article
What's Next for Patch Management: Automation
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
January 14, 2022
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 14, 2022
5 min read
Article
Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
January 13, 2022
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.
by Jai Vijayan, Contributing Writer
January 13, 2022
5 min read
Article
Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
January 12, 2022
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.
by Dark Reading Staff, Dark Reading
January 12, 2022
3 min read
Article
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
January 12, 2022
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 12, 2022
4 min read
Article
Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
January 11, 2022
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
by Jai Vijayan, Contributing Writer
January 11, 2022
4 min read
Article
Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
January 11, 2022
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
by Robert Lemos, Contributing Writer
January 11, 2022
4 min read
Article
No Significant Intrusions Related to Log4j Flaw Yet, CISA Says
But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.
January 10, 2022
But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.
by Jai Vijayan, Contributing Writer
January 10, 2022
5 min read
Article
The Evolution of Patch Management: How and When It Got So Complicated
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
January 10, 2022
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 10, 2022
5 min read
Article