Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
7 Ways to Keep Your Remote Workforce Safe
Steve Zurier, Contributing Writer
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
By Steve Zurier Contributing Writer, 8/14/2020
Comment1 Comment  |  Read  |  Post a Comment
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Ericka Chickowski, Contributing WriterNews
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
By Ericka Chickowski Contributing Writer, 8/12/2020
Comment0 comments  |  Read  |  Post a Comment
How to Help Spoil the Cybercrime Economy
Marc Wilczek, Digital Strategist & COO of Link11Commentary
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
By Marc Wilczek Digital Strategist & COO of Link11, 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Prioritization: Are You Getting It Right?
David Habusha, VP of Product, WhiteSourceCommentary
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
By David Habusha VP of Product, WhiteSource, 8/10/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Security During COVID-19: What We've Learned & Where We're Going
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 8/7/2020
Comment0 comments  |  Read  |  Post a Comment
Counting for Good: Hardware Counters Un-mask Malware
Dark Reading Staff, News
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
SynerComm Reboots a Security Staple with 'Continuous' Pen Testing
Terry Sweeney, Contributing EditorNews
SPONSORED CONTENT: Penetration testing has evolved well beyond a couple guys you hire to try and break into your network, according to SynerComm's Brian Judd. In addition to a service that offers round-the-clock pen testing, SynerComm also provides purple team testing, effectively splitting the difference with red- and blue-team exercises.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Synopsys: Why Security-Minded Companies Are Transitioning to DevSecOps
Terry Sweeney, Contributing EditorNews
SPONSORED: For too long, developers have had to weigh the tradeoffs between software security and feature development. But as DevSecOps continues to gain momentum over application security, organizations realize that adopting security in software development needn't be a drag on productivity, says Tim Mackey from the Synopsys Cybersecurity Research Center.
By Terry Sweeney Contributing Editor, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
HealthScare: Prioritizing Medical AppSec Research
Dark Reading Staff, News
Seth Fogie, information security director at Penn Medicine, explains which healthcare app vulnerabilities really matter in the day-to-day business of providing patient care.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
How An Electronic Medical Record System Flaw Exacerbated the Opioid Crisis
Dark Reading Staff, News
Mitch Parker, CISO of Indiana University Health, explains how healthcare appsec vulnerabilities and abuse can go undetected in small medical centers -- at great cost.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Retooling the SOC for a Post-COVID World
Nilesh Dherange, CTO at GuruculCommentary
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
By Nilesh Dherange CTO at Gurucul, 8/4/2020
Comment0 comments  |  Read  |  Post a Comment
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Dr. Johannes Bauer, Principal Security Advisor at ULCommentary
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
By Dr. Johannes Bauer Principal Security Advisor at UL, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
The Future's Biggest Cybercrime Threat May Already Be Here
Steve Durbin, Managing Director of the Information Security ForumCommentary
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
By Steve Durbin Managing Director of the Information Security Forum, 7/29/2020
Comment0 comments  |  Read  |  Post a Comment
Autonomous IT: Less Reacting, More Securing
Greg Jensen, Senior Director of Security at Oracle CorporationCommentary
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
By Greg Jensen Senior Director of Security at Oracle Corporation, 7/28/2020
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Samantha Humphries, Security Strategist at ExabeamCommentary
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
By Samantha Humphries Security Strategist at Exabeam, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Ericka Chickowski, Contributing Writer
Here are the trends and topics that'll capture the limelight at this year's virtual event.
By Ericka Chickowski Contributing Writer, 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
Tanner Johnson, Senior Analyst, Connectivity & IoT, OMDIACommentary
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
By Tanner Johnson Senior Analyst, Connectivity & IoT, OMDIA, 7/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons from the Pandemic
Monica Verma, CISO and Board Member of Cloud Security Alliance NorwayCommentary
How does cybersecurity support business and society? The pandemic shows us.
By Monica Verma CISO and Board Member of Cloud Security Alliance Norway, 7/22/2020
Comment2 comments  |  Read  |  Post a Comment
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Srilekha Sankaran, Product Consultant at ManageEngineCommentary
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
By Srilekha Sankaran Product Consultant at ManageEngine, 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
What Organizations Need to Know About IoT Supply Chain Risk
Daniel dos Santos, Research Manager at Forescout TechnologiesCommentary
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
By Daniel dos Santos Research Manager at Forescout Technologies, 7/20/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.