Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Why Cyberattacks Are the No. 1 Risk
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
By Marc Wilczek Digital Strategist & CIO Advisor, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
6 Best Practices for Managing an Online Educational Infrastructure
Jamie Smith & Larry Schwarberg, Chief Information Officer; Chief Information Security Officer for University of PhoenixCommentary
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
By Jamie Smith & Larry Schwarberg Chief Information Officer; Chief Information Security Officer for University of Phoenix, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Kamal Shah, CEO at StackRoxCommentary
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
By Kamal Shah CEO at StackRox, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Your Life Is the Attack Surface: The Risks of IoT
Jason Haddix, Vice President of Researcher Growth at BugcrowdCommentary
To protect yourself, you must know where you're vulnerable and these tips can help.
By Jason Haddix Vice President of Researcher Growth at Bugcrowd, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Security Matters When It Comes to Mergers & Acquisitions
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Bruce Jackson, President and Managing Director of Air InformaticsCommentary
We need more stringent controls and government action to prevent a catastrophic disaster.
By Bruce Jackson President and Managing Director of Air Informatics, 1/7/2019
Comment2 comments  |  Read  |  Post a Comment
How Intel Has Responded to Spectre and Meltdown
Curtis Franklin Jr., Senior Editor at Dark Reading
In a newly published editorial and video, Intel details what specific actions it has taken in the wake of the discovery of the CPU vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Dark Reading Staff, Quick Hits
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
Robert Lemos, Technology Journalist/Data ResearcherNews
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
By Robert Lemos Technology Journalist/Data Researcher, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Optimize Security Spending While Reducing Risk
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Automating a DevOps-Friendly Security Policy
John De Santis, CEO, HyTrustCommentary
There can be a clash of missions between security and IT Ops teams, but automation can help.
By John De Santis CEO, HyTrust, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Phillip Maddux, Principal Application Security Researcher & Advisor at Signal SciencesCommentary
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
By Phillip Maddux Principal Application Security Researcher & Advisor at Signal Sciences, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber IntelligenceCommentary
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
By Guy Nizan CEO at Intsights Cyber Intelligence, 12/18/2018
Comment3 comments  |  Read  |  Post a Comment
Cyber Readiness Institute Launches New Program for SMBs
Steve Zurier, Freelance WriterNews
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
By Steve Zurier Freelance Writer, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment3 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by janjikiuu
Current Conversations good
In reply to: Re: Sauce?
Post Your Own Reply
More Conversations
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6261
PUBLISHED: 2019-01-16
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
CVE-2019-6262
PUBLISHED: 2019-01-16
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
CVE-2019-6263
PUBLISHED: 2019-01-16
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
CVE-2019-6264
PUBLISHED: 2019-01-16
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
CVE-2019-6443
PUBLISHED: 2019-01-16
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.