Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff, Quick Hits
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
By Dark Reading Staff , 2/21/2019
Comment2 comments  |  Read  |  Post a Comment
Security Analysts Are Only Human
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/21/2019
Comment2 comments  |  Read  |  Post a Comment
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Are Fallible, Too
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/19/2019
Comment0 comments  |  Read  |  Post a Comment
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Michelle Moore, Academic Director and Adjunct Professor, University of San DiegoCommentary
These programs are now an essential strategy in keeping the digital desperados at bay.
By Michelle Moore Academic Director and Adjunct Professor, University of San Diego, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
5 Expert Tips for Complying with the New PCI Software Security Framework
Rohit Sethi, COO of Security CompassCommentary
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
By Rohit Sethi COO of Security Compass, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from a Hard-Hitting Security Review
Jaspreet Singh, founder and CEO of DruvaCommentary
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
By Jaspreet Singh founder and CEO of Druva, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Adobe Both Close More Than 70 Security Issues
Robert Lemos, Technology Journalist/Data ResearcherNews
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
By Robert Lemos , 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity and the Human Element: We're All Fallible
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/12/2019
Comment2 comments  |  Read  |  Post a Comment
Identifying, Understanding & Combating Insider Threats
Ilan Paretsky, Chief Marketing Officer of EricomCommentary
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Mitigating the Security Risks of Cloud-Native Applications
Dror Davidoff, CEO of Aqua SecurityCommentary
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
By Dror Davidoff CEO of Aqua Security, 2/5/2019
Comment0 comments  |  Read  |  Post a Comment
Taming the Wild, West World of Security Product Testing
Brian Monkman, Executive Director at NetSecOPENCommentary
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
By Brian Monkman Executive Director at NetSecOPEN, 2/5/2019
Comment2 comments  |  Read  |  Post a Comment
IoT Security's Coming of Age Is Overdue
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 2/4/2019
Comment5 comments  |  Read  |  Post a Comment
Yes, You Can Patch Stupid
Ira Winkler, CISSP, President, Secure MentemCommentary
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
By Ira Winkler CISSP, President, Secure Mentem, 1/30/2019
Comment5 comments  |  Read  |  Post a Comment
Open Source & Machine Learning: A Dynamic Duo
Andrew Fast, Chief Data Scientist and Co-Founder, Counterflow AICommentary
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
By Andrew Fast Chief Data Scientist and Co-Founder, Counterflow AI, 1/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Creating a Security Culture & Solving the Human Problem
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
By Adam Marre Information Security Operations Leader, Qualtrics, 1/29/2019
Comment3 comments  |  Read  |  Post a Comment
Credential Compromises by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/25/2019
Comment0 comments  |  Read  |  Post a Comment
The Evolution of SIEM
Chetan Mundhada, Vice President of Sales at NETMONASTERYCommentary
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
By Chetan Mundhada Vice President of Sales at NETMONASTERY, 1/23/2019
Comment0 comments  |  Read  |  Post a Comment
Think Twice Before Paying a Ransom
Jadee Hanson, CISO and VP of Information Systems at Code42Commentary
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
By Jadee Hanson CISO and VP of Information Systems at Code42, 1/23/2019
Comment2 comments  |  Read  |  Post a Comment
The Fact and Fiction of Homomorphic Encryption
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
By Ameesh Divatia Co-Founder & CEO of Baffle, 1/22/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-10078
PUBLISHED: 2019-02-23
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
CVE-2014-10079
PUBLISHED: 2019-02-23
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
CVE-2018-20785
PUBLISHED: 2019-02-23
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this d...
CVE-2019-9037
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
CVE-2019-9038
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.