Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Losses Up 50%, Exceeding $1.8B
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
By Marc Wilczek Digital Strategist & COO of Link11, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of RevocentCommentary
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
By Mike Cooper Founder & CEO of Revocent, 10/15/2020
Comment3 comments  |  Read  |  Post a Comment
The Ruthless Cyber Chaos of Business Recovery
Emil Sayegh, CEO and President, NtiretyCommentary
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
By Emil Sayegh CEO and President, Ntirety, 10/15/2020
Comment0 comments  |  Read  |  Post a Comment
Assuring Business Continuity by Reducing Malware Dwell Time
Brendan O'Flaherty, Chief Executive Officer at cPacket NetworksCommentary
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
By Brendan O'Flaherty Chief Executive Officer at cPacket Networks, 10/14/2020
Comment0 comments  |  Read  |  Post a Comment
Online Voting Is Coming, but How Secure Will It Be?
Brad Brooks, CEO of OneLoginCommentary
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
By Brad Brooks CEO of OneLogin, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
A 7-Step Cybersecurity Plan for Healthcare Organizations
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
By Steve Zurier Contributing Writer, 10/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Apple Pays Bug Bounty to Enterprise Network Researchers
Dark Reading Staff, Quick Hits
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Kurt John, Chief Cybersecurity Officer, Siemens USACommentary
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
By Kurt John Chief Cybersecurity Officer, Siemens USA, 10/8/2020
Comment0 comments  |  Read  |  Post a Comment
The New War Room: Cybersecurity in the Modern Era
Satya Gupta, Executive Co-Founder & CTO, VirsecCommentary
The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.
By Satya Gupta Executive Co-Founder & CTO, Virsec, 10/7/2020
Comment0 comments  |  Read  |  Post a Comment
10 Years Since Stuxnet: Is Your Operational Technology Safe?
Mike Dow, Senior Product Manager, IoT Security, at Silicon LabsCommentary
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.
By Mike Dow Senior Product Manager, IoT Security, at Silicon Labs, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
Do's and Don'ts for School Cybersecurity Awareness
Zack Schuler, Founder and CEO of NINJIOCommentary
Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.
By Zack Schuler Founder and CEO of NINJIO, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Aviv Grafi, CEO & Founder, VotiroCommentary
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.
By Aviv Grafi CEO & Founder, Votiro, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking: The Unseen Threat
Matt Honea, Senior Director, Cybersecurity, Guidewire SoftwareCommentary
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.
By Matt Honea Senior Director, Cybersecurity, Guidewire Software, 10/1/2020
Comment1 Comment  |  Read  |  Post a Comment
A Guide to the NIST Cybersecurity Framework
IFSEC Global, StaffNews
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
By By Julian Hall, Freelance Journalist and Copywriter, Textual Healing , 9/30/2020
Comment0 comments  |  Read  |  Post a Comment
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Dan Hubbard, CEO at LaceworkCommentary
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
By Dan Hubbard CEO at Lacework, 9/29/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Brad Brooks
Current Conversations Thanks for your thoughts
In reply to: Thank you
Post Your Own Reply
More Conversations
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.