Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
7 IoT Tips for Home Users
Steve Zurier, Contributing Writer
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
By Steve Zurier Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Mark Darby, CEO of ISMS.onlineCommentary
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
By Mark Darby CEO of ISMS.online, 6/30/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 6/29/2020
Comment5 comments  |  Read  |  Post a Comment
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Yaniv Bar-Yadan, Co-founder and CEO of Vulcan CyberCommentary
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
By Yaniv Bar-Yadan Co-founder and CEO of Vulcan Cyber, 6/26/2020
Comment6 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Better Collaboration Between Security & Development
Dan Cornell, CTO, Denim GroupCommentary
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
By Dan Cornell CTO, Denim Group, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
Seth Rosenblatt, Contributing WriterNews
Government-mandated Internet shutdowns occur far more regularly than you might expect.
By Seth Rosenblatt Contributing Writer, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach: $116M
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
By Marc Wilczek Digital Strategist & COO of Link11, 6/24/2020
Comment2 comments  |  Read  |  Post a Comment
Rethinking Enterprise Access, Post-COVID-19
Dor Knafo, Co-Founder & CEO of Axis SecurityCommentary
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
By Dor Knafo Co-Founder & CEO of Axis Security, 6/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
Ericka Chickowski, Contributing WriterNews
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
How to Wring Every Last Drop Out of Your Security Budget
Joan Goodchild, Contributing Writer
In the face of tighter budgets and lowered spending forecasts due to the pandemic, optimizing and improving the efficiency of security programs -- without sacrificing integrity -- has never been more important.
By Joan Goodchild Contributing Writer, 6/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Ran Shahor, CEO at HolistiCyberCommentary
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
By Ran Shahor CEO at HolistiCyber, 6/22/2020
Comment7 comments  |  Read  |  Post a Comment
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Ericka Chickowski, Contributing Writer
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
The Bigger the News, the Bigger the Cyber Threats
Len Shneyder, Co-Chair of the Election Special Interest Group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)Commentary
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
By Len Shneyder Co-Chair of the Election Special Interest Group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), 6/18/2020
Comment0 comments  |  Read  |  Post a Comment
Half of Firms Likely Running Vulnerable Oracle E-Business Suite
Robert Lemos, Contributing WriterNews
Two security vulnerabilities could open up companies to financial attacks and compliance violations if the software is not updated, Onapsis says.
By Robert Lemos Contributing Writer, 6/16/2020
Comment0 comments  |  Read  |  Post a Comment
7 Must-Haves for a Rockin' Red Team
Steve Zurier, Contributing Writer
Follow these tips for running red-team exercises that will deliver added insight into your operations.
By Steve Zurier Contributing Writer, 6/12/2020
Comment0 comments  |  Read  |  Post a Comment
The Hitchhiker's Guide to Web App Pen Testing
Vanessa Sauter, Security Strategy Analyst at Cobalt.ioCommentary
Time on your hands and looking to learn about web apps? Here's a list to get you started.
By Vanessa Sauter Security Strategy Analyst at Cobalt.io, 6/11/2020
Comment0 comments  |  Read  |  Post a Comment
What COVID-19 Teaches Us About Social Engineering
Arun Vishwanath, TechnologistCommentary
Unless we do something proactively, social engineering's impact is expected to keep getting worse as people's reliance on technology increases and as more of us are forced to work from home.
By Arun Vishwanath Technologist, 6/11/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.