Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Improve the Patching Process
Kacy Zurkus, Contributing Writer
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
By Kacy Zurkus Contributing Writer, 8/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Modern Technology, Modern Mistakes
Kacy Zurkus, Contributing Writer
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
By Kacy Zurkus Contributing Writer, 8/19/2019
Comment0 comments  |  Read  |  Post a Comment
New Research Finds More Struts Vulnerabilities
Dark Reading Staff, Quick Hits
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
By Dark Reading Staff , 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at AdaptivaCommentary
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
By Jim Souders Chief Executive Officer at Adaptiva, 8/15/2019
Comment2 comments  |  Read  |  Post a Comment
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.Commentary
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
By Ray Overby Co-Founder & President at Key Resources, Inc., 8/15/2019
Comment3 comments  |  Read  |  Post a Comment
7 Biggest Cloud Security Blind Spots
Ericka Chickowski, Contributing Writer
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
By Ericka Chickowski Contributing Writer, 8/15/2019
Comment0 comments  |  Read  |  Post a Comment
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Anurag Kahol, CTO, BitglassCommentary
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
By Anurag Kahol CTO, Bitglass, 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Microservices Flip App Security on Its Head
Jonathan DiVincenzo, Head of Product at Signal SciencesCommentary
With faster application deployment comes increased security considerations.
By Jonathan DiVincenzo Head of Product at Signal Sciences, 8/14/2019
Comment0 comments  |  Read  |  Post a Comment
The California Consumer Privacy Act's Hidden Surprise Has Big Legal Consequences
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
The CCPA's provision devoted to 'reasonable' cybersecurity procedures and policies could trip up your business. Get ready now.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
History Doesn't Repeat Itself in Cyberspace
Nick Jovanovic, VP, Federal, for Cloud Protection and Licensing Activity at ThalesCommentary
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
By Nick Jovanovic VP, Federal, for Cloud Protection and Licensing Activity at Thales, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
Moving on Up: Ready for Your Apps to Live in the Cloud?
Kacy Zurkus, Contributing Writer
Among the complications: traditional security tools work poorly or not at all in the cloud, and if a company screws up, the whole Internet will know.
By Kacy Zurkus Contributing Writer, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
Security Flaws Discovered in 40 Microsoft-Certified Device Drivers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/12/2019
Comment1 Comment  |  Read  |  Post a Comment
More Focus on Security as Payment Technologies Proliferate
Robert Lemos, Contributing WriterNews
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
By Robert Lemos Contributing Writer, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
6 Security Considerations for Wrangling IoT
Prabhuram Mohan, Senior Director of Engineering at WhiteHat SecurityCommentary
The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls.
By Prabhuram Mohan Senior Director of Engineering at WhiteHat Security, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
Modern-Day SOCs: People, Process & Technology
Kacy Zurkus, Contributing Writer
As businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning.
By Kacy Zurkus Contributing Writer, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
Significant Vulnerabilities Found in 6 Common Printer Brands
Robert Lemos, Contributing WriterNews
In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.
By Robert Lemos Contributing Writer, 8/9/2019
Comment0 comments  |  Read  |  Post a Comment
Slow Your Roll Before Disclosing a Security Incident
Kacy Zurkus, Contributing Writer
Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight.
By Kacy Zurkus Contributing Writer, 8/8/2019
Comment2 comments  |  Read  |  Post a Comment
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
Ericka Chickowski, Contributing WriterNews
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
By Ericka Chickowski Contributing Writer, 8/7/2019
Comment1 Comment  |  Read  |  Post a Comment
New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...