informa
/
Announcements
Event
Using Zero Trust to Protect Remote and Home Workers | Oct 6 Webinar | <REGISTER NOW>
Event
Managing Security In a Hybrid Cloud Environment | Sept 27 Webinar | <REGISTER NOW>
Event
Understanding Cyber Attackers - A Dark Reading November 17 Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext

Vulnerability Management

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
September 30, 2022
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
by Tara Seals, Managing Editor, News, Dark Reading
September 30, 2022
3 MIN READ
Article
Dangerous New Attack Technique Compromising VMware ESXi Hypervisors
China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.
September 29, 2022
China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.
by Jai Vijayan, Contributing Writer, Dark Reading
September 29, 2022
5 MIN READ
Article
XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data
Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.
September 29, 2022
Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.
by Becky Bracken, Editor, Dark Reading
September 29, 2022
1 MIN READ
Article
Google Quashes 5 High-Severity Bugs With Chrome 106 Update
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
September 28, 2022
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
by Dark Reading Staff, Dark Reading
September 28, 2022
1 MIN READ
Article
Most Attackers Need Less Than 10 Hours to Find Weaknesses
Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
September 28, 2022
Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
by Robert Lemos, Contributing Writer, Dark Reading
September 28, 2022
4 MIN READ
Article
4 Data Security Best Practices You Should Know
There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.
September 27, 2022
There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.
by Ben Herzberg, Chief Scientist, Satori
September 27, 2022
5 MIN READ
Article
Should Hacking Have a Code of Conduct?
For white hats who play by the rules, here are several ethical tenets to consider.
September 26, 2022
For white hats who play by the rules, here are several ethical tenets to consider.
by Haris Pylarions, Founder and CEO, Hack The Box
September 26, 2022
4 MIN READ
Article
CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
September 23, 2022
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
by Dark Reading Staff, Dark Reading
September 23, 2022
1 MIN READ
Article
15-Year-Old Python Flaw Slithers into Software Worldwide
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.
September 21, 2022
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.
by Elizabeth Montalbano, Contributor, Dark Reading
September 21, 2022
6 MIN READ
Article
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
September 16, 2022
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
by Jai Vijayan, Contributing Writer, Dark Reading
September 16, 2022
5 MIN READ
Article
Business Application Compromise & the Evolving Art of Social Engineering
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.
September 16, 2022
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.
by Jonathan Hencinski, Vice President of Security Operations, Expel
September 16, 2022
4 MIN READ
Article
Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.
September 15, 2022
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.
by Dark Reading Staff, Dark Reading
September 15, 2022
1 MIN READ
Article
5 Best Practices for Building Your Data Loss Prevention Strategy
The entire security team should share in the responsibility to secure sensitive data.
September 15, 2022
The entire security team should share in the responsibility to secure sensitive data.
by Richard Kanadjian, Encrypted USB Business Manager, Kingston Technology
September 15, 2022
4 MIN READ
Article
White House Guidance Recommends SBOMs for Federal Agencies
New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.
September 14, 2022
New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.
by Dark Reading Staff, Dark Reading
September 14, 2022
1 MIN READ
Article
TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.
September 14, 2022
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.
by Jai Vijayan, Contributing Writer, Dark Reading
September 14, 2022
3 MIN READ
Article