Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrustCommentary
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
By Kevin Alexandra Principal Solutions Engineer at BeyondTrust, 5/15/2019
Comment4 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Effective Pen Tests Follow These 7 Steps
Curtis Franklin Jr., Senior Editor at Dark Reading
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
How We Collectively Can Improve Cyber Resilience
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three steps you can take, based on Department of Homeland Security priorities.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
How to Close the Critical Cybersecurity Talent Gap
Tom Weithman, Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37Commentary
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
By Tom Weithman Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37, 5/9/2019
Comment2 comments  |  Read  |  Post a Comment
Fighting Back Against Tech-Savvy Fraudsters
Chris Ryan, Senior Fraud Solutions Consultant at ExperianCommentary
Staying a step ahead requires moving beyond the security techniques of the past.
By Chris Ryan Senior Fraud Solutions Consultant at Experian, 5/9/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Cybercrime Losses Doubled in 2018
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
The Big E-Crime Pivot
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
By Adam Meyers VP of Intelligence, CrowdStrike, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Better Behavior, Better Biometrics?
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
By Rajiv Dholakia VP Products, Nok Nok Labs, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Add a New Spin to Old Scams
Jai Vijayan, Contributing WriterNews
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
By Jai Vijayan Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Open Security Tests Gain Momentum With More Lab Partners
Robert Lemos, Contributing WriterNews
NetSecOPEN, a group of next-generation firewall vendors, has added the first university-based testing facility in its effort to move toward more open security testing.
By Robert Lemos Contributing Writer, 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
Security Depends on Careful Design
Susanto Irwan, Co-Founder and VP of Engineering at Xage SecurityCommentary
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
By Susanto Irwan Co-Founder and VP of Engineering at Xage Security, 5/2/2019
Comment0 comments  |  Read  |  Post a Comment
Why Are We Still Celebrating World Password Day?
Steve Zurier, Contributing WriterNews
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
By Steve Zurier Contributing Writer, 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Staffing the Software Security Team: Who You Gonna Call?
Steve Lipner, Executive Director, SAFECodeCommentary
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
By Steve Lipner Executive Director, SAFECode, 5/1/2019
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Threat Intelligence Firms Look to AI, but Still Require Humans
Robert Lemos, Contributing WriterNews
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.
By Robert Lemos Contributing Writer, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by reducefat2
Current Conversations This is good
In reply to: hi
Post Your Own Reply
More Conversations
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-11644
PUBLISHED: 2019-05-17
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premi...