Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber IntelligenceCommentary
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
By Guy Nizan CEO at Intsights Cyber Intelligence, 12/18/2018
Comment2 comments  |  Read  |  Post a Comment
Cyber Readiness Institute Launches New Program for SMBs
Steve Zurier, Freelance WriterNews
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
By Steve Zurier Freelance Writer, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment2 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
55% of Companies Don't Offer Mandatory Security Awareness Training
Dark Reading Staff, Quick Hits
Even those that provide employee training do so sparingly, a new study finds.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Emerging Trends in Cybercrime
Derek Manky, Global Security Strategist, FortinetCommentary
Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms.
By Derek Manky Global Security Strategist, Fortinet, 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
Establishing True Trust in a Zero-Trust World
Ojas Rege, Chief Strategy Officer at MobileIronCommentary
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
By Ojas Rege Chief Strategy Officer at MobileIron, 11/29/2018
Comment0 comments  |  Read  |  Post a Comment
Data Breach Threats Bigger Than Ever
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A quarter of IT and security leaders expect a major data breach in the next year.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
7 Real-Life Dangers That Threaten Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/26/2018
Comment3 comments  |  Read  |  Post a Comment
To Stockpile or Not to Stockpile Zero-Days?
Nir Gaist, CTO and Founder of NyotronCommentary
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
By Nir Gaist CTO and Founder of Nyotron, 11/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
Steve Zurier, Freelance WriterNews
A solid response and reputation management program will go a long way in surviving a major breach.
By Steve Zurier Freelance Writer, 11/20/2018
Comment0 comments  |  Read  |  Post a Comment
7 Holiday Security Tips for Retailers
Steve Zurier, Freelance Writer
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
By Steve Zurier Freelance Writer, 11/19/2018
Comment0 comments  |  Read  |  Post a Comment
95% of Organizations Have Cultural Issues Around Cybersecurity
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
From Reactive to Proactive: Security as the Bedrock of the SDLC
Brian Rutledge, Principal Security Manager at SpanningCommentary
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
By Brian Rutledge Principal Security Manager at Spanning, 11/15/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 11/14/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
8 Security Tips to Gift Your Loved Ones For the Holidays
Steve Zurier, Freelance Writer,  12/18/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20228
PUBLISHED: 2018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
CVE-2018-20230
PUBLISHED: 2018-12-19
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-20231
PUBLISHED: 2018-12-19
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVE-2018-20227
PUBLISHED: 2018-12-19
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...