Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Jai Vijayan, Contributing Writer
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Calculating the Value of Security
Jason Sandys, Microsoft Enterprise Mobility MVP and Senior Consultant at Coretech AllianceCommentary
What will it take to align staff and budget to protect the organization?
By Jason Sandys Microsoft Enterprise Mobility MVP and Senior Consultant at Coretech Alliance, 7/18/2019
Comment1 Comment  |  Read  |  Post a Comment
For Real Security, Don't Let Failure Be Your Measure of Success
Zane Lackey, Co-Founder and CSO of Signal SciencesCommentary
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
By Zane Lackey Co-Founder and CSO of Signal Sciences, 7/17/2019
Comment1 Comment  |  Read  |  Post a Comment
The 10 Essentials of Infosec Forensics
Terry Sweeney, Contributing Editor
Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
By Terry Sweeney Contributing Editor, 7/17/2019
Comment0 comments  |  Read  |  Post a Comment
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArkCommentary
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
By Shay Nahari Head of Red-Team Services at CyberArk, 7/16/2019
Comment3 comments  |  Read  |  Post a Comment
Is 2019 the Year of the CISO?
Terry Ray, Chief Technology Officer, ImpervaCommentary
The case for bringing the CISO to the C-suite's risk and business-strategy table.
By Terry Ray Chief Technology Officer, Imperva, 7/16/2019
Comment0 comments  |  Read  |  Post a Comment
Is Machine Learning the Future of Cloud-Native Security?
Pawan Shankar, Senior Security Product Marketing Manager at SysdigCommentary
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
By Pawan Shankar Senior Security Product Marketing Manager at Sysdig, 7/15/2019
Comment0 comments  |  Read  |  Post a Comment
Most Organizations Lack Cyber Resilience
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/11/2019
Comment0 comments  |  Read  |  Post a Comment
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, ProtegoCommentary
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
By Hillel Solow CTO and Co-founder, Protego, 7/11/2019
Comment4 comments  |  Read  |  Post a Comment
Why You Need a Global View of IT Assets
Pablo Quiroga, Director of Product Management at QualysCommentary
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
By Pablo Quiroga Director of Product Management at Qualys, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security and Risk Mitigation
Derrick Johnson, National Practice Director for Secure Infrastructure Services at AT&T Cybersecurity ConsultingCommentary
Just because your data isn't on-premises doesn't mean you're not responsible for security.
By Derrick Johnson National Practice Director for Secure Infrastructure Services at AT&T Cybersecurity Consulting, 7/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Insider Threats: An M&A Dealmaker's Nightmare
Joe Payne, President and CEO at Code42Commentary
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
By Joe Payne President and CEO at Code42, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Smash-and-Grab Crime Threatens Enterprise Security
Nicko van Someren, Ph.D., Chief Technology Officer at AbsoluteCommentary
Getting your company smartphone or laptop stolen from your car isn't just a hassle; it can have large regulatory ramifications, too. Visibility is the answer.
By Nicko van Someren, Ph.D. Chief Technology Officer at Absolute, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Why Your GDPR Implementation Plan Needs CISOs & 'Legal Engineers' to Work Together
Sophie Stalla-Bourdillon, Senior Privacy Counsel and Legal Engineer, ImmutaCommentary
Lawyers must step into the shoes of technical roles and craft legal guidance that can be easily put into use.
By Sophie Stalla-Bourdillon Senior Privacy Counsel and Legal Engineer, Immuta, 7/5/2019
Comment0 comments  |  Read  |  Post a Comment
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
By Chester Wisniewski Principal Research Scientist, Sophos, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Matthew Karnas, Cybersecurity & Risk Practice Lead at SilaCommentary
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
By Matthew Karnas Cybersecurity & Risk Practice Lead at Sila, 6/28/2019
Comment3 comments  |  Read  |  Post a Comment
NIST Issues IoT Risk Guidelines
Dark Reading Staff, Quick Hits
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
By Dark Reading Staff , 6/27/2019
Comment3 comments  |  Read  |  Post a Comment
How to Avoid Becoming the Next Riviera Beach
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 6/25/2019
Comment1 Comment  |  Read  |  Post a Comment
The Rise of Silence and the Fall of Coinhive
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet--Office of CISOCommentary
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
By Derek Manky Chief, Security Insights & Global Threat Alliances at Fortinet--Office of CISO, 6/25/2019
Comment0 comments  |  Read  |  Post a Comment
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
John Kindervag, Field CTO at Palo Alto NetworksCommentary
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
By John Kindervag Field CTO at Palo Alto Networks, 6/24/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVE-2019-9228
PUBLISHED: 2019-07-19
** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot e...
CVE-2019-12725
PUBLISHED: 2019-07-19
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
CVE-2019-11989
PUBLISHED: 2019-07-19
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, ...