Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Shawn Henry, CrowdStrike president of services and CSOCommentary
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
By Shawn Henry CrowdStrike president of services and CSO, 4/14/2021
Comment0 comments  |  Read  |  Post a Comment
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing WriterNews
The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
By Robert Lemos Contributing Writer, 4/14/2021
Comment0 comments  |  Read  |  Post a Comment
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Jai Vijayan, Contributing WriterNews
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
By Jai Vijayan Contributing Writer, 4/13/2021
Comment0 comments  |  Read  |  Post a Comment
New Malware Downloader Spotted in Targeted Campaigns
Jai Vijayan, Contributing WriterNews
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
By Jai Vijayan Contributing Writer, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Omdia Research Spotlight: XDR
Eric Parizo, Senior Analyst, OmdiaCommentary
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
By Eric Parizo Senior Analyst, Omdia, 4/12/2021
Comment0 comments  |  Read  |  Post a Comment
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
Charles Herring, CTO and Co-Founder, WitFooCommentary
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
By Charles Herring CTO and Co-Founder, WitFoo, 4/8/2021
Comment4 comments  |  Read  |  Post a Comment
Cring Ransomware Used in Attacks on European Industrial Firms
Dark Reading Staff, Quick Hits
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
By Dark Reading Staff , 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
Rethinking Cyberattack Response: Prevention & Preparedness
Hitesh Sheth, CEO, VectraCommentary
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
By Hitesh Sheth CEO, Vectra, 4/7/2021
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Transform Your Phishing Defenses Right Now
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 4/7/2021
Comment0 comments  |  Read  |  Post a Comment
US Tech Dominance Rides on Securing Intellectual Property
Joe Payne, President and CEO at Code42Commentary
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
By Joe Payne President and CEO at Code42, 4/2/2021
Comment0 comments  |  Read  |  Post a Comment
The Role of Visibility in Securing Cloud Applications
Praveen Patnala, Co-Founder, ValtixCommentary
Traditional data center approaches aren't built for securing modern cloud applications.
By Praveen Patnala Co-Founder, Valtix, 4/1/2021
Comment0 comments  |  Read  |  Post a Comment
Advice From Security Experts: How to Approach Security in the New Normal
Dan Dinnar, CEO, Source DefenseCommentary
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
By Dan Dinnar CEO, Source Defense, 3/31/2021
Comment0 comments  |  Read  |  Post a Comment
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
James Pleger, Manager, SpecOps, at Sumo LogicCommentary
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
By James Pleger Manager, SpecOps, at Sumo Logic, 3/31/2021
Comment0 comments  |  Read  |  Post a Comment
Watch Out for These Cyber-Risks
Ken Todd, Threat Intelligence Researcher, ThreatConnectCommentary
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
By Ken Todd Threat Intelligence Researcher, ThreatConnect, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Ghost Users Haunt Healthcare Firms
Dark Reading Staff, Quick Hits
Data security hygiene severely lacking among healthcare firms, new research shows.
By Dark Reading Staff , 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Ganesh Pai, CEO, UptycsCommentary
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
By Ganesh Pai CEO, Uptycs, 3/30/2021
Comment0 comments  |  Read  |  Post a Comment
Security Operations in the World We Live in Now
Amos Stern, CEO & Co-Founder, SiemplifyCommentary
Despite the challenges of remote work, security operations teams can position themselves well for the future.
By Amos Stern CEO & Co-Founder, Siemplify, 3/25/2021
Comment0 comments  |  Read  |  Post a Comment
How Personally Identifiable Information Can Put Your Company at Risk
Zack Schuler, Founder and CEO of NINJIOCommentary
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
By Zack Schuler Founder and CEO of NINJIO, 3/25/2021
Comment0 comments  |  Read  |  Post a Comment
How to Protect Our Critical Infrastructure From Attack
IFSEC Global, StaffNews
Just how worried should we be about a cyber or physical attack on national infrastructure? Chris Price reports on how the pandemic, the growth of remote working, and IoT are putting assets at risk.
By IFSEC Global Staff, 3/24/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20527
PUBLISHED: 2021-04-19
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
CVE-2021-27028
PUBLISHED: 2021-04-19
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files.
CVE-2021-27029
PUBLISHED: 2021-04-19
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service.
CVE-2021-27030
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVE-2021-27031
PUBLISHED: 2021-04-19
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.