Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
9 Principles to Simplify Security
Menny Barzilay, CEO at Cytactic & Founder of the THINK:CYBER NewsletterCommentary
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
By Menny Barzilay CEO at Cytactic & Founder of the THINK:CYBER Newsletter, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Andrew Morrison, Principal, Cyber Risk Services, at DeloitteCommentary
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
By Andrew Morrison Principal, Cyber Risk Services, at Deloitte, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
Accounting Scams Continue to Bilk Businesses
Robert Lemos, Contributing WriterNews
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows most often via e-mail continue to enable big paydays.
By Robert Lemos Contributing Writer, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
Social Media: Corporate Cyber Espionage's Channel of Choice
Otavio Freire, CTO & President, SafeGuard CyberCommentary
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
By Otavio Freire CTO & President, SafeGuard Cyber, 11/6/2019
Comment0 comments  |  Read  |  Post a Comment
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda NetworksCommentary
Phishing and ransomware top the list of security risks that organizations are not fully prepared to deal with.
By Mike Flouton Vice President of Email Security at Barracuda Networks, 11/5/2019
Comment1 Comment  |  Read  |  Post a Comment
Enterprise Web Security: Risky Business
Rui Ribeiro, CEO & Co-Founder at JscramblerCommentary
Web development is at much more risk than commonly perceived. As attackers eye the enterprise, third-party code provides an easy way in.
By Rui Ribeiro CEO & Co-Founder at Jscrambler, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 11/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Holiday Security Tips for Retailers
Steve Zurier, Contributing Writer
Here's how retailers can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
By Steve Zurier Contributing Writer, 11/1/2019
Comment1 Comment  |  Read  |  Post a Comment
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Dr. Steve Marsh, Vice President at Nucleus CyberCommentary
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
By Dr. Steve Marsh Vice President at Nucleus Cyber, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
8 Trends in Vulnerability and Patch Management
Jai Vijayan, Contributing Writer
Unpatched flaws continue to be a major security issue for many organizations.
By Jai Vijayan Contributing Writer, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cloud-Native Applications Need Cloud-Native Security
Trevor Pott, Product Marketing Director at Juniper NetworksCommentary
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
By Trevor Pott Product Marketing Director at Juniper Networks, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
Why Organizations Must Quantify Cyber-Risk in Business Terms
Robert Huber, Chief Security Officer at TenableCommentary
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
By Robert Huber Chief Security Officer at Tenable, 10/24/2019
Comment6 comments  |  Read  |  Post a Comment
Planning a Zero-Trust Initiative? Here's How to Prioritize
James Carder, CISO & VP, LogRhythm Labs, LogRhythm, Inc.Commentary
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
By James Carder CISO & VP, LogRhythm Labs, LogRhythm, Inc., 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
James Plouffe, Lead Architect at MobileIronCommentary
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
By James Plouffe Lead Architect at MobileIron, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Federal CIOs Zero In on Zero Trust
William Peteroy, Chief Technology Officer, Security, at GigamonCommentary
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
By William Peteroy Chief Technology Officer, Security, at Gigamon, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.