Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most From Nessus
Curtis Franklin Jr., Senior Editor at Dark Reading
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testing ROI: How to Communicate the Value of Security Testing
Nabil Hannan, Managing Director at NetSPICommentary
There are many reasons to pen test, but the financial reasons tend to get ignored.
By Nabil Hannan Managing Director at NetSPI, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
By Douglas Ferguson Founder & CTO, Pharos Security, 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Considerations for Seamless CCPA Compliance
Anurag Kahol, CTO, BitglassCommentary
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
By Anurag Kahol CTO, Bitglass, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
7 IoT Tips for Home Users
Steve Zurier, Contributing Writer
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
By Steve Zurier Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
Mark Darby, CEO of ISMS.onlineCommentary
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
By Mark Darby CEO of ISMS.online, 6/30/2020
Comment2 comments  |  Read  |  Post a Comment
3 Ways to Flatten the Health Data Hacking Curve
David MacLeod, Senior Vice President, Chief Information Officer, and Enterprise CISO at WelltokCommentary
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
By David MacLeod Senior Vice President, Chief Information Officer, and Enterprise CISO at Welltok, 6/30/2020
Comment0 comments  |  Read  |  Post a Comment
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 6/29/2020
Comment5 comments  |  Read  |  Post a Comment
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Yaniv Bar-Yadan, Co-founder and CEO of Vulcan CyberCommentary
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
By Yaniv Bar-Yadan Co-founder and CEO of Vulcan Cyber, 6/26/2020
Comment6 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
Better Collaboration Between Security & Development
Dan Cornell, CTO, Denim GroupCommentary
Security and development teams must make it clear why their segment of the development life cycle is relevant to the other teams in the pipeline.
By Dan Cornell CTO, Denim Group, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
Seth Rosenblatt, Contributing WriterNews
Government-mandated Internet shutdowns occur far more regularly than you might expect.
By Seth Rosenblatt Contributing Writer, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Average Cost of a Data Breach: $116M
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
By Marc Wilczek Digital Strategist & COO of Link11, 6/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Rethinking Enterprise Access, Post-COVID-19
Dor Knafo, Co-Founder & CEO of Axis SecurityCommentary
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
By Dor Knafo Co-Founder & CEO of Axis Security, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
Ericka Chickowski, Contributing WriterNews
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
How to Wring Every Last Drop Out of Your Security Budget
Joan Goodchild, Contributing Writer
In the face of tighter budgets and lowered spending forecasts due to the pandemic, optimizing and improving the efficiency of security programs -- without sacrificing integrity -- has never been more important.
By Joan Goodchild Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by cooperradecki
Current Conversations I hope so
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.