Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
4 Habits of Highly Effective Security Operators
Ricardo Villadiego, Founder and CEO of LumuCommentary
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
By Ricardo Villadiego Founder and CEO of Lumu, 6/18/2021
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of TessianCommentary
Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
By Tim Sadler CEO and co-founder of Tessian, 6/17/2021
Comment0 comments  |  Read  |  Post a Comment
Mission Critical: What Really Matters in a Cybersecurity Incident
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The things you do before and during a cybersecurity incident can make or break the success of your response.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 6/17/2021
Comment0 comments  |  Read  |  Post a Comment
Security Flaw Discovered In Peloton Equipment
Dark Reading Staff, Quick Hits
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
By Dark Reading Staff , 6/16/2021
Comment0 comments  |  Read  |  Post a Comment
Andariel Group Targets South Korean Entities in New Campaign
Dark Reading Staff, Quick Hits
Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.
By Dark Reading Staff , 6/15/2021
Comment0 comments  |  Read  |  Post a Comment
How Does the Government Buy Its Cybersecurity?
Josh Ladick, President of GSA Focus, Inc.Commentary
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.
By Josh Ladick President of GSA Focus, Inc., 6/15/2021
Comment0 comments  |  Read  |  Post a Comment
Know Thy Enemy: Fighting Half-Blind Against Ransomware Won't Work
Michael Daniel, President & CEO, Cyber Threat AllianceCommentary
We lack reliable, representative, actionable data about ransomware's actual scope, scale, and impact. The Ransom Incident Response Network could change that.
By Michael Daniel President & CEO, Cyber Threat Alliance, 6/14/2021
Comment0 comments  |  Read  |  Post a Comment
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data
Jai Vijayan, Contributing WriterNews
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
By Jai Vijayan Contributing Writer, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Access Trade-offs for DevSecOps Teams
Ev Kontsevoy, CEO of TeleportCommentary
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
By Ev Kontsevoy CEO of Teleport, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
NY & Mass. Transportation Providers Targeted in Recent Attacks
Dark Reading Staff, Quick Hits
New York's Metropolitan Transportation Authority and the Steamship Authority of Massachusetts were both victims of cyberattacks.
By Dark Reading Staff , 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The True Cost of a Ransomware Attack
Tyler Hudak, Practice Lead, Incident Response, at TrustedSecCommentary
Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.
By Tyler Hudak Practice Lead, Incident Response, at TrustedSec, 6/3/2021
Comment0 comments  |  Read  |  Post a Comment
The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call
Dan Verton, Director, ThreatConnectCommentary
Why business leaders must adopt a risk-led approach to cybersecurity.
By Dan Verton Director, ThreatConnect, 6/3/2021
Comment1 Comment  |  Read  |  Post a Comment
Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in
Dark Reading Staff, Quick Hits
The plug-in under active attack has been installed on more than 17,000 websites, say researchers.
By Dark Reading Staff , 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical
Adam Darrah, Director of Intelligence, VigilanteCommentary
Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.
By Adam Darrah Director of Intelligence, Vigilante, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Processor Morphs Its Architecture to Make Hacking Really Hard
Robert Lemos, Contributing WriterNews
Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.
By Robert Lemos Contributing Writer, 6/2/2021
Comment0 comments  |  Read  |  Post a Comment
Meat Producer JBS USA Hit By Ransomware Attack
Dark Reading Staff, Quick Hits
The company says recovery from the attack may delay transactions with customers and suppliers.
By Dark Reading Staff , 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
CISO Confidence Is Rising, but Issues Remain
Marc Wilczek, Digital Strategist & COO of Link11Commentary
New research reveals how global CISOs dealt with COVID-19 and their plans for 20222023.
By Marc Wilczek Digital Strategist & COO of Link11, 6/1/2021
Comment0 comments  |  Read  |  Post a Comment
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
Dark Reading Staff, Quick Hits
A new study examines the tools and technologies driving investment and activities for security operations centers.
By Dark Reading Staff , 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
Plug-ins for Code Editors Pose Developer-Security Threat
Robert Lemos, Contributing WriterNews
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
By Robert Lemos Contributing Writer, 5/28/2021
Comment0 comments  |  Read  |  Post a Comment
Bug Bounties and the Cobra Effect
Oleg Brodt, R&D Director of Deutsche Telekom Innovation Labs, Israel, and Chief Innovation Officer for Cyber@Ben-Gurion UniversityCommentary
Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?
By Oleg Brodt R&D Director of Deutsche Telekom Innovation Labs, Israel, and Chief Innovation Officer for [email protected] University, 5/26/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.