Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of ClearswiftCommentary
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
By Guy Bunker CTO of Clearswift, 4/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
By Darren Anstee Chief Technology Officer at Arbor Networks, 4/19/2019
Comment3 comments  |  Read  |  Post a Comment
Third-Party Cyber-Risk by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Automation Paradox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019
Comment1 Comment  |  Read  |  Post a Comment
How to Raise the Level of AppSec Competency in Your Organization
Sammy Migues, Principal Scientist, SynopsysCommentary
Improving processes won't happen overnight, but it's not complicated either.
By Sammy Migues Principal Scientist, Synopsys, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Selecting the Right Strategy to Reduce Vulnerability Risk
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Benefiting from Data Privacy Investments
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
New Attacks (and Old Attacks Made New)
Derek Manky, Global Security Strategist, FortinetCommentary
Although new attacks might get the most attention, don't assume old ones have gone away.
By Derek Manky Global Security Strategist, Fortinet, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
The Single Cybersecurity Question Every CISO Should Ask
Arif Kareem, CEO, ExtraHopCommentary
The answer can lead to a scalable enterprise security solution for years to come.
By Arif Kareem CEO, ExtraHop, 4/15/2019
Comment1 Comment  |  Read  |  Post a Comment
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Dark Reading Staff, Quick Hits
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Cloudy with a Chance of Security Breach
Ronan David, Chief Marketing Officer and Vice President of Business Development for EfficientIPCommentary
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
By Ronan David Chief Marketing Officer and Vice President of Business Development for EfficientIP, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
In Security, All Logs Are Not Created Equal
Joe Partlow, Chief Technology Officer, ReliaQuestCommentary
Prioritizing key log sources goes a long way toward effective incident response.
By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
Merging Companies, Merging Clouds
Scott Totman, VP of Engineering, DivvyCloudCommentary
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
By Scott Totman VP of Engineering, DivvyCloud, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
Matt Honea, Director of Cyber, Guidewire SoftwareCommentary
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
By Matt Honea Director of Cyber, Guidewire Software, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
A New Approach to Application Security Testing
Manish Gupta, CEO of ShiftLeftCommentary
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
By Manish Gupta CEO of ShiftLeft, 4/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Stop Mocking & Start Enabling Emerging Technologies
Rick Holland, Chief Information Security Officer and Vice President of  Strategy at Digital ShadowsCommentary
Mocking new technology isn't productive and can lead to career disadvantage.
By Rick Holland Chief Information Security Officer and Vice President of Strategy at Digital Shadows, 4/9/2019
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Technology Journalist/Data ResearcherNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Ignore the Insider Threat at Your Peril
Bryan Sartin, Executive Director, Global Security Services, at VerizonCommentary
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
By Bryan Sartin Executive Director, Global Security Services, at Verizon, 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Third Parties in Spotlight as More Facebook Data Leaks
Robert Lemos, Technology Journalist/Data ResearcherNews
Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.
By Robert Lemos , 4/4/2019
Comment1 Comment  |  Read  |  Post a Comment
3 Lessons Security Leaders Can Learn from Theranos
Chad Loeven, President of VMRay Inc.Commentary
Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."
By Chad Loeven President of VMRay Inc., 4/4/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by brucewinters
Current Conversations What is the question?  :-)
In reply to: One Question?
Post Your Own Reply
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.