Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Liviu Arsene, Global Cybersecurity Researcher at BitdefenderCommentary
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
By Liviu Arsene Global Cybersecurity Researcher at Bitdefender, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Michael Piccalo, Director, OT/ICS Systems Engineering, Forescout TechnologiesCommentary
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
By Michael Piccalo Director, OT/ICS Systems Engineering, Forescout Technologies, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, KrollCommentary
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
By Alan Brill Senior Managing Director, Cyber Risk Practice, Kroll, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment1 Comment  |  Read  |  Post a Comment
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Nahla Davies, Tech Writer and CoderCommentary
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
By Nahla Davies Tech Writer and Coder, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Trickbot, Phishing, Ransomware & Elections
Adam Caudill, Principal Security Engineer at 1PasswordCommentary
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
By Adam Caudill Principal Security Engineer at 1Password, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A New Risk Vector: The Enterprise of Things
Greg Clark, CEO, Forescout Technologies Inc.Commentary
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
By Greg Clark CEO, Forescout Technologies Inc., 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Losses Up 50%, Exceeding $1.8B
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
By Marc Wilczek Digital Strategist & COO of Link11, 10/16/2020
Comment0 comments  |  Read  |  Post a Comment
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of RevocentCommentary
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
By Mike Cooper Founder & CEO of Revocent, 10/15/2020
Comment1 Comment  |  Read  |  Post a Comment
The Ruthless Cyber Chaos of Business Recovery
Emil Sayegh, CEO and President, NtiretyCommentary
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
By Emil Sayegh CEO and President, Ntirety, 10/15/2020
Comment0 comments  |  Read  |  Post a Comment
Assuring Business Continuity by Reducing Malware Dwell Time
Brendan O'Flaherty, Chief Executive Officer at cPacket NetworksCommentary
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
By Brendan O'Flaherty Chief Executive Officer at cPacket Networks, 10/14/2020
Comment0 comments  |  Read  |  Post a Comment
Online Voting Is Coming, but How Secure Will It Be?
Brad Brooks, CEO of OneLoginCommentary
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
By Brad Brooks CEO of OneLogin, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
A 7-Step Cybersecurity Plan for Healthcare Organizations
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
By Steve Zurier Contributing Writer, 10/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Apple Pays Bug Bounty to Enterprise Network Researchers
Dark Reading Staff, Quick Hits
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
By Dark Reading Staff , 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Kurt John, Chief Cybersecurity Officer, Siemens USACommentary
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
By Kurt John Chief Cybersecurity Officer, Siemens USA, 10/8/2020
Comment0 comments  |  Read  |  Post a Comment
The New War Room: Cybersecurity in the Modern Era
Satya Gupta, Executive Co-Founder & CTO, VirsecCommentary
The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.
By Satya Gupta Executive Co-Founder & CTO, Virsec, 10/7/2020
Comment0 comments  |  Read  |  Post a Comment
10 Years Since Stuxnet: Is Your Operational Technology Safe?
Mike Dow, Senior Product Manager, IoT Security, at Silicon LabsCommentary
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.
By Mike Dow Senior Product Manager, IoT Security, at Silicon Labs, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
Do's and Don'ts for School Cybersecurity Awareness
Zack Schuler, Founder and CEO of NINJIOCommentary
Remote learning has introduced an array of new cyberthreats to American families and schools, but this can be an educational moment for all involved.
By Zack Schuler Founder and CEO of NINJIO, 10/6/2020
Comment0 comments  |  Read  |  Post a Comment
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
Aviv Grafi, CEO & Founder, VotiroCommentary
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.
By Aviv Grafi CEO & Founder, Votiro, 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking: The Unseen Threat
Matt Honea, Senior Director, Cybersecurity, Guidewire SoftwareCommentary
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.
By Matt Honea Senior Director, Cybersecurity, Guidewire Software, 10/1/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Brad Brooks
Current Conversations Thanks for your thoughts
In reply to: Thank you
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.