Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Segmentation: The Neglected (Yet Essential) Control
John Moynihan, President, Minuteman GovernanceCommentary
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
By John Moynihan President, Minuteman Governance, 3/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Electric Utility Hit with Record Fine for Vulnerabilities
Dark Reading Staff, Quick Hits
An unnamed power company has consented to a record fine for leaving critical records exposed.
By Dark Reading Staff , 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Executive Editor, Technical ContentNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Executive Editor, Technical Content, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
What's the C-Suite Doing About Mobile Security?
Anne Bonaparte, CEO of AppthorityCommentary
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
By Anne Bonaparte CEO of Appthority, 3/13/2018
Comment0 comments  |  Read  |  Post a Comment
Malware 'Cocktails' Raise Attack Risk
Curtis Franklin Jr., Executive Editor, Technical ContentNews
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
By Curtis Franklin Jr. Executive Editor, Technical Content, 3/13/2018
Comment0 comments  |  Read  |  Post a Comment
7 University-Connected Cyber Ranges to Know Now
Curtis Franklin Jr., Executive Editor, Technical Content
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
By Curtis Franklin Jr. Executive Editor, Technical Content, 3/9/2018
Comment0 comments  |  Read  |  Post a Comment Goes Away, Panic Ensues
Dark Reading Staff, Quick Hits
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
By Dark Reading Staff , 3/5/2018
Comment0 comments  |  Read  |  Post a Comment
Why Cryptocurrencies Are Dangerous for Enterprises
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 2/28/2018
Comment1 Comment  |  Read  |  Post a Comment
Anatomy of an Attack on the Industrial IoT
Eddie Habibi, Founder & CEO of PAS GlobalCommentary
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
By Eddie Habibi Founder & CEO of PAS Global, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Broke Records Yet Again in 2017
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Meanwhile, organizations still struggle to manage remediation.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Issues New Patch for Critical ASA Vulnerability
Dark Reading Staff, Quick Hits
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
By Dark Reading Staff , 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Dark Reading Staff, Quick Hits
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
By Dark Reading Staff , 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Bill Horne, VP & GM, Intertrust Secure Systems, Intertrust TechnologiesCommentary
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
By Bill Horne VP & GM, Intertrust Secure Systems, Intertrust Technologies, 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Richard Ford, Chief Scientist, ForcepointCommentary
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
By Richard Ford Chief Scientist, Forcepoint, 1/25/2018
Comment10 comments  |  Read  |  Post a Comment
9 Steps to More-Effective Organizational Security
Tim Bandos, Senior Director of Cybersecurity at Digital GuardianCommentary
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
By Tim Bandos Senior Director of Cybersecurity at Digital Guardian, 1/22/2018
Comment0 comments  |  Read  |  Post a Comment
Doh!!! The 10 Most Overlooked Security Tasks
Steve Zurier, Freelance Writer
Heres a list of gotchas that often slip past overburdened security pros.
By Steve Zurier Freelance Writer, 1/16/2018
Comment2 comments  |  Read  |  Post a Comment
'Back to Basics' Might Be Your Best Security Weapon
Lee Waskevich, Vice President, Security Solutions at ePlus TechnologyCommentary
A company's ability to successfully reduce risk starts with building a solid security foundation.
By Lee Waskevich Vice President, Security Solutions at ePlus Technology, 1/10/2018
Comment6 comments  |  Read  |  Post a Comment
CISOs' Cyber War: How Did We Get Here?
Jack Miller, Chief Information Security Officer of SlashNextCommentary
We're fighting the good fight -- but, ultimately, losing the war.
By Jack Miller Chief Information Security Officer of SlashNext, 1/9/2018
Comment3 comments  |  Read  |  Post a Comment
Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
Information security and IT need to team up to make patch management more efficient and effective. Here's how and why.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 1/8/2018
Comment2 comments  |  Read  |  Post a Comment
The Nightmare Before Christmas: Security Flaws Inside our Computers
Andrew Mayo, Senior Systems Architect, 1ECommentary
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
By Andrew Mayo Senior Systems Architect, 1E, 1/5/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.