Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Are Fallible, Too
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/19/2019
Comment0 comments  |  Read  |  Post a Comment
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
Michelle Moore, Academic Director and Adjunct Professor, University of San DiegoCommentary
These programs are now an essential strategy in keeping the digital desperados at bay.
By Michelle Moore Academic Director and Adjunct Professor, University of San Diego, 2/15/2019
Comment0 comments  |  Read  |  Post a Comment
5 Expert Tips for Complying with the New PCI Software Security Framework
Rohit Sethi, COO of Security CompassCommentary
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
By Rohit Sethi COO of Security Compass, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from a Hard-Hitting Security Review
Jaspreet Singh, founder and CEO of DruvaCommentary
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
By Jaspreet Singh founder and CEO of Druva, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Adobe Both Close More Than 70 Security Issues
Robert Lemos, Technology Journalist/Data ResearcherNews
With their regularly scheduled Patch Tuesday updates, both companies issued fixes for scores of vulnerabilities in their widely used software.
By Robert Lemos , 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity and the Human Element: We're All Fallible
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 2/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Identifying, Understanding & Combating Insider Threats
Ilan Paretsky, Chief Marketing Officer of EricomCommentary
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
By Ilan Paretsky Chief Marketing Officer of Ericom, 2/12/2019
Comment0 comments  |  Read  |  Post a Comment
Mitigating the Security Risks of Cloud-Native Applications
Dror Davidoff, CEO of Aqua SecurityCommentary
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
By Dror Davidoff CEO of Aqua Security, 2/5/2019
Comment0 comments  |  Read  |  Post a Comment
Taming the Wild, West World of Security Product Testing
Brian Monkman, Executive Director at NetSecOPENCommentary
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
By Brian Monkman Executive Director at NetSecOPEN, 2/5/2019
Comment2 comments  |  Read  |  Post a Comment
IoT Security's Coming of Age Is Overdue
Saumitra Das, CTO and Co-Founder of Blue HexagonCommentary
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
By Saumitra Das CTO and Co-Founder of Blue Hexagon, 2/4/2019
Comment5 comments  |  Read  |  Post a Comment
Yes, You Can Patch Stupid
Ira Winkler, CISSP, President, Secure MentemCommentary
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
By Ira Winkler CISSP, President, Secure Mentem, 1/30/2019
Comment5 comments  |  Read  |  Post a Comment
Open Source & Machine Learning: A Dynamic Duo
Andrew Fast, Chief Data Scientist and Co-Founder, Counterflow AICommentary
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
By Andrew Fast Chief Data Scientist and Co-Founder, Counterflow AI, 1/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Creating a Security Culture & Solving the Human Problem
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
By Adam Marre Information Security Operations Leader, Qualtrics, 1/29/2019
Comment3 comments  |  Read  |  Post a Comment
Credential Compromises by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/25/2019
Comment0 comments  |  Read  |  Post a Comment
The Evolution of SIEM
Chetan Mundhada, Vice President of Sales at NETMONASTERYCommentary
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
By Chetan Mundhada Vice President of Sales at NETMONASTERY, 1/23/2019
Comment0 comments  |  Read  |  Post a Comment
Think Twice Before Paying a Ransom
Jadee Hanson, CISO and VP of Information Systems at Code42Commentary
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
By Jadee Hanson CISO and VP of Information Systems at Code42, 1/23/2019
Comment2 comments  |  Read  |  Post a Comment
The Fact and Fiction of Homomorphic Encryption
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
By Ameesh Divatia Co-Founder & CEO of Baffle, 1/22/2019
Comment0 comments  |  Read  |  Post a Comment
Shadow IT, IaaS & the Security Imperative
Sanjay Kalra, Co-Founder & Chief Strategy Officer at LaceworkCommentary
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
By Sanjay Kalra Co-Founder & Chief Strategy Officer at Lacework, 1/21/2019
Comment1 Comment  |  Read  |  Post a Comment
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2019-10030
PUBLISHED: 2019-02-20
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.