Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
Terry Sweeney, Contributing EditorNews
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
HealthScare: Prioritizing Medical AppSec Research
Dark Reading Staff, News
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Dr. Johannes Bauer, Principal Security Advisor at ULCommentary
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
By Dr. Johannes Bauer Principal Security Advisor at UL, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
The Future's Biggest Cybercrime Threat May Already Be Here
Steve Durbin, Managing Director of the Information Security ForumCommentary
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
By Steve Durbin Managing Director of the Information Security Forum, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
Autonomous IT: Less Reacting, More Securing
Greg Jensen, Senior Director of Security at Oracle CorporationCommentary
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
By Greg Jensen Senior Director of Security at Oracle Corporation, 7/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Samantha Humphries, Security Strategist at ExabeamCommentary
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
By Samantha Humphries Security Strategist at Exabeam, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Ericka Chickowski, Contributing Writer
Here are the trends and topics that'll capture the limelight at this year's virtual event.
By Ericka Chickowski Contributing Writer, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Tanner Johnson, Senior Analyst, Connectivity & IoT, OMDIACommentary
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
By Tanner Johnson Senior Analyst, Connectivity & IoT, OMDIA, 7/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons from the Pandemic
Monica Verma, CISO and Board Member of Cloud Security Alliance NorwayCommentary
How does cybersecurity support business and society? The pandemic shows us.
By Monica Verma CISO and Board Member of Cloud Security Alliance Norway, 7/22/2020
Comment2 comments  |  Read  |  Post a Comment
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Srilekha Sankaran, Product Consultant at ManageEngineCommentary
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
By Srilekha Sankaran Product Consultant at ManageEngine, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
What Organizations Need to Know About IoT Supply Chain Risk
Daniel dos Santos, Research Manager at Forescout TechnologiesCommentary
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
By Daniel dos Santos Research Manager at Forescout Technologies, 7/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
Natali Tshuva, Co-Founder & CEO of SternumCommentary
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
By Natali Tshuva Co-Founder & CEO of Sternum, 7/16/2020
Comment0 comments  |  Read  |  Post a Comment
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Jan Youngren, Cybersecurity Expert, VPNpro.comCommentary
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
By Jan Youngren Cybersecurity Expert, VPNpro.com, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most from Nessus
Curtis Franklin Jr., Senior Editor at Dark Reading
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.