Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Success Enablers or Silent Killers?
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
By Douglas Ferguson Founder & CTO, Pharos Security, 12/6/2019
Comment0 comments  |  Read  |  Post a Comment
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 12/5/2019
Comment0 comments  |  Read  |  Post a Comment
Application & Infrastructure Risk Management: You've Been Doing It Backward
John Worrall, Chief Executive Officer at ZeroNorthCommentary
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
By John Worrall Chief Executive Officer at ZeroNorth, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
What Security Leaders Can Learn from Marketing
Christopher Kenessey, Chief Executive Officer at NetMotion SoftwareCommentary
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
By Christopher Kenessey Chief Executive Officer at NetMotion Software, 12/3/2019
Comment0 comments  |  Read  |  Post a Comment
How to Get Prepared for Privacy Legislation
Tony Anscombe, Global Security Evangelist & Industry Partnership Ambassador at ESETCommentary
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
By Tony Anscombe Global Security Evangelist & Industry Partnership Ambassador at ESET, 11/27/2019
Comment9 comments  |  Read  |  Post a Comment
Practical Principles for Security Metrics
Nik Whitfield, Computer Scientist & Security Technology EntrepreneurCommentary
A proactive approach to cybersecurity requires the right tools, not more tools.
By Nik Whitfield Computer Scientist & Security Technology Entrepreneur, 11/27/2019
Comment0 comments  |  Read  |  Post a Comment
DDoS: An Underestimated Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/26/2019
Comment6 comments  |  Read  |  Post a Comment
Time to Warn Users About Black Friday & Cyber Monday Scams
Michael Landewe, Chief Privacy Officer at AvananCommentary
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
By Michael Landewe Chief Privacy Officer at Avanan, 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Avidan Avraham, Security Researcher at Cato NetworksCommentary
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
By Avidan Avraham Security Researcher at Cato Networks, 11/22/2019
Comment0 comments  |  Read  |  Post a Comment
3 Fundamentals for Better Security and IT Management
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
By Chris Hallenbeck CISO for the Americas at Tanium, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 11/19/2019
Comment4 comments  |  Read  |  Post a Comment
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Kevin von Keyserling & JD Kilgallin, Co-Founder & Chief Strategy officer; Senior Integration Engineer at KeyfactorCommentary
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
By Kevin von Keyserling & JD Kilgallin Co-Founder & Chief Strategy officer; Senior Integration Engineer at Keyfactor, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing WriterNews
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.
By Robert Lemos Contributing Writer, 11/15/2019
Comment1 Comment  |  Read  |  Post a Comment
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
By Lamont Orange Chief Information Security Officer at Netskope, 11/15/2019
Comment3 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Avoid sinking security with principles of shipbuilding known since the 15th century.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLensCommentary
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
By Jack Freund Director, Risk Science at RiskLens, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
The Myths of Multifactor Authentication
Franois Amigorena, Founder & CEO, IS DecisionsCommentary
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
By Franois Amigorena Founder & CEO, IS Decisions, 11/12/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...