Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Charles Herring, CTO and Co-Founder, WitFooCommentary
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
By Charles Herring CTO and Co-Founder, WitFoo, 4/8/2021
Comment4 comments  |  Read  |  Post a Comment
Cring Ransomware Used in Attacks on European Industrial Firms
Dark Reading Staff, Quick Hits
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
By Dark Reading Staff , 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking Cyberattack Response: Prevention & Preparedness
Hitesh Sheth, CEO, VectraCommentary
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
By Hitesh Sheth CEO, Vectra, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Transform Your Phishing Defenses Right Now
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
US Tech Dominance Rides on Securing Intellectual Property
Joe Payne, President and CEO at Code42Commentary
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
By Joe Payne President and CEO at Code42, 4/2/2021
Comment0 comments  |  Read  |  Post a Comment
The Role of Visibility in Securing Cloud Applications
Praveen Patnala, Co-Founder, ValtixCommentary
Traditional data center approaches aren't built for securing modern cloud applications.
By Praveen Patnala Co-Founder, Valtix, 4/1/2021
Comment0 comments  |  Read  |  Post a Comment
Advice From Security Experts: How to Approach Security in the New Normal
Dan Dinnar, CEO, Source DefenseCommentary
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
By Dan Dinnar CEO, Source Defense, 3/31/2021
Comment0 comments  |  Read  |  Post a Comment
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
James Pleger, Manager, SpecOps, at Sumo LogicCommentary
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
By James Pleger Manager, SpecOps, at Sumo Logic, 3/31/2021
Comment0 comments  |  Read  |  Post a Comment
Watch Out for These Cyber-Risks
Ken Todd, Threat Intelligence Researcher, ThreatConnectCommentary
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
By Ken Todd Threat Intelligence Researcher, ThreatConnect, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Ghost Users Haunt Healthcare Firms
Dark Reading Staff, Quick Hits
Data security hygiene severely lacking among healthcare firms, new research shows.
By Dark Reading Staff , 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Ganesh Pai, CEO, UptycsCommentary
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
By Ganesh Pai CEO, Uptycs, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Security Operations in the World We Live in Now
Amos Stern, CEO & Co-Founder, SiemplifyCommentary
Despite the challenges of remote work, security operations teams can position themselves well for the future.
By Amos Stern CEO & Co-Founder, Siemplify, 3/25/2021
Comment0 comments  |  Read  |  Post a Comment
How Personally Identifiable Information Can Put Your Company at Risk
Zack Schuler, Founder and CEO of NINJIOCommentary
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
By Zack Schuler Founder and CEO of NINJIO, 3/25/2021
Comment0 comments  |  Read  |  Post a Comment
How to Protect Our Critical Infrastructure From Attack
IFSEC Global, StaffNews
Just how worried should we be about a cyber or physical attack on national infrastructure? Chris Price reports on how the pandemic, the growth of remote working, and IoT are putting assets at risk.
By IFSEC Global Staff, 3/24/2021
Comment0 comments  |  Read  |  Post a Comment
Data Protection Is a Group Effort
Rajesh Ganesan, Vice President at ManageEngineCommentary
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
By Rajesh Ganesan Vice President at ManageEngine, 3/23/2021
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover Two Dozen Malicious Chrome Extensions
Jai Vijayan, Contributing WriterNews
Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.
By Jai Vijayan Contributing Writer, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
On the Road to Good Cloud Security: Are We There Yet?
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
By Paula Musich Research Director, Enterprise Management Associates, 3/22/2021
Comment0 comments  |  Read  |  Post a Comment
Beware the Package Typosquatting Supply Chain Attack
Kim Lewandowski & Bentz Tozer, Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-TelCommentary
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
By Kim Lewandowski & Bentz Tozer Product Manager, Google Security / Senior Member of Technical Staff, Cyber Practice, In-Q-Tel, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Neil Daswani, Author of Commentary
Address these six technical root causes of breaches in order to keep your company safer.
By Neil Daswani Author of "Big Breaches: Cybersecurity Lessons for Everyone", 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.