Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Kevin Gosschalk, CEO of Arkose LabsCommentary
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
By Kevin Gosschalk CEO of Arkose Labs, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Close the Gap Between Cyber-Risk and Business Risk
Brian Contos, CISO & VP of Techology Innovation at VerodinCommentary
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
By By Brian Contos, CISO, Verodin , 10/11/2019
Comment0 comments  |  Read  |  Post a Comment
Network Security Must Transition into the Cloud Era
John Grady, Analyst at Enterprise Strategy GroupCommentary
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
By John Grady Analyst at Enterprise Strategy Group, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
How the Software-Defined Perimeter Is Redefining Access Control
Gilad Steinberg, Founder & CTO at Odo SecurityCommentary
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
By Gilad Steinberg Founder & CTO at Odo Security, 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis CybersecurityCommentary
As in any battle, understanding and exploiting the terrain often dictates the outcome.
By Craig Harber Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Ilan Abadi, VP and Global CISO, Teva Pharmaceutical IndustriesCommentary
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
By Ilan Abadi VP and Global CISO, Teva Pharmaceutical Industries, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Common Pitfalls of Security Monitoring
Aaron Sierra, Senior Security Architect at AlagenCommentary
We need technology, but we cant forget the importance of humans working methodically to make it effective.
By Aaron Sierra Senior Security Architect at Alagen, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Controlling Data Leakage in Cloud Test-Dev Environments
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
By Ameesh Divatia Co-Founder & CEO of Baffle, 10/2/2019
Comment0 comments  |  Read  |  Post a Comment
'Harvesting Attacks' & the Quantum Revolution
John Prisco, CEO of Quantum XChangeCommentary
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
By John Prisco CEO of Quantum XChange, 9/30/2019
Comment0 comments  |  Read  |  Post a Comment
Apple Patches Multiple Vulnerabilities Across Platforms
Dark Reading Staff, Quick Hits
Updates address two separate issues in Apple's desktop and mobile operating systems.
By Dark Reading Staff , 9/27/2019
Comment0 comments  |  Read  |  Post a Comment
Is Your Organization Suffering from Security Tool Sprawl?
Himanshu Verma, Director of Business Development at WatchGuard TechnologiesCommentary
Most companies have too many tools, causing increased costs and security issues.
By Himanshu Verma Director of Business Development at WatchGuard Technologies, 9/27/2019
Comment0 comments  |  Read  |  Post a Comment
Why You Need to Think About API Security
Erez Yalon, Director of Security Research at CheckmarxCommentary
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
By Erez Yalon Director of Security Research at Checkmarx, 9/26/2019
Comment0 comments  |  Read  |  Post a Comment
4 Cybersecurity Best Practices for Electrical Engineers
Kayne McGladrey, Director of Security & IT at Pensar DevelopmentCommentary
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
By Kayne McGladrey Director of Security & IT at Pensar Development, 9/24/2019
Comment0 comments  |  Read  |  Post a Comment
A Safer IoT Future Must Be a Joint Effort
Sivan Rauscher, CEO & Co-Founder, SAM Seamless NetworkCommentary
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
By Sivan Rauscher CEO & Co-Founder, SAM Seamless Network, 9/20/2019
Comment0 comments  |  Read  |  Post a Comment
How Ransomware Criminals Turn Friends into Enemies
Chester Wisniewski, Principal Research Scientist, SophosCommentary
Managed service providers are the latest pawns in ransomware's game of chess.
By Chester Wisniewski Principal Research Scientist, Sophos, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
5 Common Cloud Configuration Mistakes
Peter Smith, Founder & Chief Executive Officer, Edgewise NetworksCommentary
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.