Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Best Practices to Manage Third-Party Cyber-Risk Today
Doug Clare, Vice President, Fraud, Compliance, and Security Solutions at FICOCommentary
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
By Doug Clare Vice President, Fraud, Compliance, and Security Solutions at FICO, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Attacks Hit the Mainstream
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
By Jason Crabtree CEO & Co-Founder, QOMPLX, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Patching Poses Security Problems with Move to More Remote Work
Robert Lemos, Contributing WriterNews
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
By Robert Lemos Contributing Writer, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
How Much Downtime Can Your Company Handle?
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Why every business needs cyber resilience and quick recovery times.
By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
The Wild, Wild West(world) of Cybersecurity
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/27/2020
Comment0 comments  |  Read  |  Post a Comment
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Michael J. Covington, Vice President of Product Strategy at WanderaCommentary
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
By Michael J. Covington Vice President of Product Strategy at Wandera, 3/26/2020
Comment1 Comment  |  Read  |  Post a Comment
Do DevOps Teams Need a Company Attorney on Speed Dial?
Shahar Sperling, Chief Architect at HCL AppScanCommentary
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
By Shahar Sperling Chief Architect at HCL AppScan, 3/25/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Management Isn't Just a Numbers Game
Prateek Bhajanka, VP of Product Management, Vulnerability Management, Detection, and Response at QualysCommentary
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
By Prateek Bhajanka VP of Product Management, Vulnerability Management, Detection, and Response at Qualys, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
From Zero to Hero: CISO Edition
Mike Convertino, Chief Security Officer at Arceo.aiCommentary
It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.
By Mike Convertino Chief Security Officer at Arceo.ai, 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Are a Dangerous Fantasy
Dr. Tim Junio, co-founder and CEO of ExpanseCommentary
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
By Dr. Tim Junio co-founder and CEO of Expanse, 3/20/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Resilience Benchmarks 2020
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Here are four things that separate the leaders from the laggards when fighting cyber threats.
By Marc Wilczek Digital Strategist & COO of Link11, 3/19/2020
Comment0 comments  |  Read  |  Post a Comment
Facebook Got Tagged, but Not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Needed: A Cybersecurity Good Samaritan Law
Tom McAndrew, CEO at CoalfireCommentary
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
By Tom McAndrew CEO at Coalfire, 3/17/2020
Comment0 comments  |  Read  |  Post a Comment
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
Robert Lemos, Contributing WriterNews
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
By Robert Lemos Contributing Writer, 3/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity SoftwareCommentary
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
By Yaniv Valik VP Product, Cyber and IT Resilience, Continuity Software, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
How the Rise of IoT Is Changing the CISO Role
Phil Neray, VP of IoT & Industrial Cybersecurity at CyberXCommentary
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
By Phil Neray VP of IoT & Industrial Cybersecurity at CyberX, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Tips to Stay Secure When You Lose an Employee
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11498
PUBLISHED: 2020-04-02
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistenc...
CVE-2020-11499
PUBLISHED: 2020-04-02
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
CVE-2020-7628
PUBLISHED: 2020-04-02
install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function.
CVE-2020-7629
PUBLISHED: 2020-04-02
install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7630
PUBLISHED: 2020-04-02
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument.