Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Shadow IT, IaaS & the Security Imperative
Sanjay Kalra, Co-Founder & Chief Strategy Officer at LaceworkCommentary
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
By Sanjay Kalra Co-Founder & Chief Strategy Officer at Lacework, 1/21/2019
Comment1 Comment  |  Read  |  Post a Comment
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment5 comments  |  Read  |  Post a Comment
Simulating Lateral Attacks Through Email
Igal Gofman, Head of Security Research at XM CyberCommentary
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
By Igal Gofman Head of Security Research at XM Cyber, 1/17/2019
Comment0 comments  |  Read  |  Post a Comment
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard TechnologiesCommentary
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
By Ricardo Arroyo Senior Technical Product Manager, Watchguard Technologies, 1/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Are You Listening to Your Kill Chain?
Ben Haley, SVP Engineering at HOPZERO SecurityCommentary
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
By Ben Haley SVP Engineering at HOPZERO Security, 1/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Why Cyberattacks Are the No. 1 Risk
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
By Marc Wilczek Digital Strategist & CIO Advisor, 1/15/2019
Comment2 comments  |  Read  |  Post a Comment
6 Best Practices for Managing an Online Educational Infrastructure
Jamie Smith & Larry Schwarberg, Chief Information Officer; Chief Information Security Officer for University of PhoenixCommentary
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
By Jamie Smith & Larry Schwarberg Chief Information Officer; Chief Information Security Officer for University of Phoenix, 1/10/2019
Comment2 comments  |  Read  |  Post a Comment
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Kamal Shah, CEO at StackRoxCommentary
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
By Kamal Shah CEO at StackRox, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Your Life Is the Attack Surface: The Risks of IoT
Jason Haddix, Vice President of Researcher Growth at BugcrowdCommentary
To protect yourself, you must know where you're vulnerable and these tips can help.
By Jason Haddix Vice President of Researcher Growth at Bugcrowd, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Security Matters When It Comes to Mergers & Acquisitions
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Bruce Jackson, President and Managing Director of Air InformaticsCommentary
We need more stringent controls and government action to prevent a catastrophic disaster.
By Bruce Jackson President and Managing Director of Air Informatics, 1/7/2019
Comment2 comments  |  Read  |  Post a Comment
How Intel Has Responded to Spectre and Meltdown
Curtis Franklin Jr., Senior Editor at Dark Reading
In a newly published editorial and video, Intel details what specific actions it has taken in the wake of the discovery of the CPU vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Dark Reading Staff, Quick Hits
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
Robert Lemos, Technology Journalist/Data ResearcherNews
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
By Robert Lemos Technology Journalist/Data Researcher, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Optimize Security Spending While Reducing Risk
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Automating a DevOps-Friendly Security Policy
John De Santis, CEO, HyTrustCommentary
There can be a clash of missions between security and IT Ops teams, but automation can help.
By John De Santis CEO, HyTrust, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Phillip Maddux, Principal Application Security Researcher & Advisor at Signal SciencesCommentary
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
By Phillip Maddux Principal Application Security Researcher & Advisor at Signal Sciences, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber IntelligenceCommentary
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
By Guy Nizan CEO at Intsights Cyber Intelligence, 12/18/2018
Comment4 comments  |  Read  |  Post a Comment
Cyber Readiness Institute Launches New Program for SMBs
Steve Zurier, Freelance WriterNews
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
By Steve Zurier Freelance Writer, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RitaJJohnson
Current Conversations Exectly
In reply to: Re: Good Idea
Post Your Own Reply
Posted by sharmapriya
Current Conversations I really like your work...
In reply to: Very Nice
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6507
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6508
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6509
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6510
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2017-6922
PUBLISHED: 2019-01-22
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not pr...