Vulnerabilities / Threats // Vulnerability Management
News & Commentary
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Major Websites Vulnerable to their Own Back-End Servers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Survey: 58% of Security and Development Teams Play Nice
Dark Reading Staff, Quick Hits
Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.
By Dark Reading Staff , 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Security & Development: Better Together
Brent Midwood, Director of Product Management, AttackIQCommentary
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
By Brent Midwood Director of Product Management, AttackIQ, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
DNS Is Still the Achilles Heel of the Internet
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Domain Name Services is too important to do without, so we better make sure its reliable and incorruptible
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
Going Beyond Checkbox Security
Dark Reading, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Lifecycle Management
Dark Reading, CommentaryVideo
Principal Sales Engineer for LogRhythm Chris Martin stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Out of the Box Network Security Solutions
Dark Reading, CommentaryVideo
Portnox CEO Ofer Amitai stops by the InformationWeek News Desk
By Dark Reading , 5/23/2017
Comment0 comments  |  Read  |  Post a Comment
Using Artificial Intelligence for Threat Prevention
Dark Reading, CommentaryVideo
Cylance director of sales engineering Rich Thompson stops by the InformationWeek News Desk to share how the company uses artificial intelligence to identify unknown threats and stop the execution of an attack.
By Dark Reading , 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Releases Emergency Patch For RCE Vuln
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Flaw in Microsoft Malware Protection Engine called 'crazy bad' by researchers who discovered it.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/9/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Mike D. Kail, Chief Innovation Officer, CybricCommentary
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
By Mike D. Kail Chief Innovation Officer, Cybric, 4/12/2017
Comment0 comments  |  Read  |  Post a Comment
How Innovative Companies Lock Down Data
Justin Somaini, Chief Security Officer, SAPCommentary
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
By Justin Somaini , 4/12/2017
Comment0 comments  |  Read  |  Post a Comment
Forget the Tax Man: Time for a DNS Security Audit
Ericka Chickowski, Contributing Writer, Dark Reading
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/11/2017
Comment0 comments  |  Read  |  Post a Comment
FCC Privacy Rule Repeal Will Have Widespread Security Implications
Jai Vijayan, Freelance writerNews
Concerns over the action are sending VPN sales soaring, some vendors say.
By Jai Vijayan Freelance writer, 4/4/2017
Comment0 comments  |  Read  |  Post a Comment
Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0
Dark Reading Staff, Quick Hits
Microsoft recommends upgrade to latest operating system for more protection.
By Dark Reading Staff , 3/30/2017
Comment1 Comment  |  Read  |  Post a Comment
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Ericka Chickowski, Contributing Writer, Dark Reading
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2017
Comment4 comments  |  Read  |  Post a Comment
Cisco Issues Advisory on Flaw in Hundreds of Switches
Dark Reading Staff, Quick Hits
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.