Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Tips for a Bulletproof War Room Strategy
Lee Chieffalo, Technical Director of Cybersecurity Operations at ViasatCommentary
The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets.
By Lee Chieffalo Technical Director of Cybersecurity Operations at Viasat, 1/20/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Launch 'Enforcement Mode' for Zerologon Flaw
Dark Reading Staff, Quick Hits
Enforcement mode for the Netlogon Domain Controller will be enabled by default with the Feb. 9 security update.
By Dark Reading Staff , 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
The Most Pressing Concerns Facing CISOs Today
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.
By John Worrall Chief Executive Officer at ZeroNorth, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
A Security Practitioner's Guide to Encrypted DNS
Jamie Brim, Corelight Security ResearcherCommentary
Best practices for a shifting visibility landscape.
By Jamie Brim Corelight Security Researcher, 1/19/2021
Comment0 comments  |  Read  |  Post a Comment
Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?
IFSEC Global, StaffNews
It's a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?
By James Willison, founder of Unified Security Ltd , 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021
Comment1 Comment  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
Always be skeptical and double check credentials.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/7/2021
Comment0 comments  |  Read  |  Post a Comment
Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor
Joel Wallenstrom, CEO & President, WickrCommentary
A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.
By Joel Wallenstrom CEO & President, Wickr, 12/30/2020
Comment0 comments  |  Read  |  Post a Comment
Defending the COVID-19 Vaccine Supply Chain
Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-ForceCommentary
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
By Nick Rossmann Global Threat Intelligence Lead, IBM Security X-Force, 12/28/2020
Comment0 comments  |  Read  |  Post a Comment
Quarterbacking Vulnerability Remediation
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan CyberCommentary
It's time that security got out of the armchair and out on the field.
By Tal Morgenstern Co-Founder & Chief Product Officer, Vulcan Cyber, 12/24/2020
Comment0 comments  |  Read  |  Post a Comment
Enterprise IoT Security Is a Supply Chain Problem
Dan Cornell, CTO, Denim GroupCommentary
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
By Dan Cornell CTO, Denim Group, 12/23/2020
Comment0 comments  |  Read  |  Post a Comment
Security as Code: How Repeatable Policy-Driven Deployment Improves Security
Dan Hubbard, CEO at LaceworkCommentary
The SaC approach lets users codify and enforce a secure state of application configuration deployment that limits risk.
By Dan Hubbard CEO at Lacework, 12/22/2020
Comment0 comments  |  Read  |  Post a Comment
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Eric Noonan, CEO, CyberSheathCommentary
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
By Eric Noonan CEO, CyberSheath, 12/21/2020
Comment3 comments  |  Read  |  Post a Comment
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 12/18/2020
Comment0 comments  |  Read  |  Post a Comment
Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond
IFSEC Global, StaffNews
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.
By IFSEC Global Staff, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
VPNs, MFA & the Realities of Remote Work
Petar Besalev, Senior Vice President of Cybersecurity & Privacy Services at A-LIGNCommentary
The work-from-home-era is accelerating cloud-native service adoption.
By Petar Besalev Senior Vice President of Cybersecurity & Privacy Services at A-LIGN, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
Senior Managers Twice as Likely to Share Work Devices With Outsiders
Steve Zurier, Contributing WriterNews
New survey finds top C-suite managers are much shakier on security than their junior counterparts.
By Steve Zurier Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1067
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
CVE-2021-1068
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.
CVE-2021-1069
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
CVE-2020-26252
PUBLISHED: 2021-01-20
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...
CVE-2020-26278
PUBLISHED: 2021-01-20
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...