Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
How Bad Teachers Ruin Good Machine Learning
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
By Sara Peters Senior Editor at Dark Reading, 8/18/2017
Comment0 comments  |  Read  |  Post a Comment
DoJ Launches Framework for Vulnerability Disclosure Programs
Dark Reading Staff, Quick Hits
The Department of Justice releases a set of guidelines to help businesses create programs for releasing vulnerabilities.
By Dark Reading Staff , 8/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Facebook Offers $1 Million for New Security Defenses
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Using DevOps to Move Faster than Attackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud AV Can Serve as an Avenue for Exfiltration
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
New SQL Injection Tool Makes Attacks Possible from a Smartphone
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers at Preempt uncovered two critical vulnerabilities in the Windows NTLM security protocols, one of which Microsoft patched today.
By Kelly Sheridan Associate Editor, Dark Reading, 7/11/2017
Comment2 comments  |  Read  |  Post a Comment
How Code Vulnerabilities Can Lead to Bad Accidents
Jeff Williams, CTO, Contrast SecurityCommentary
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
By Jeff Williams CTO, Contrast Security, 7/10/2017
Comment0 comments  |  Read  |  Post a Comment
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Dark Reading Staff, Quick Hits
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
By Dark Reading Staff , 6/27/2017
Comment1 Comment  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Major Websites Vulnerable to their Own Back-End Servers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Survey: 58% of Security and Development Teams Play Nice
Dark Reading Staff, Quick Hits
Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.
By Dark Reading Staff , 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Security & Development: Better Together
Brent Midwood, Director of Product Management, AttackIQCommentary
How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed.
By Brent Midwood Director of Product Management, AttackIQ, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
DNS Is Still the Achilles Heel of the Internet
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Domain Name Services is too important to do without, so we better make sure its reliable and incorruptible
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
Going Beyond Checkbox Security
InformationWeek Staff, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By InformationWeek Staff , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Lifecycle Management
Dark Reading, CommentaryVideo
Principal Sales Engineer for LogRhythm Chris Martin stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Out of the Box Network Security Solutions
InformationWeek Staff, CommentaryVideo
Portnox CEO Ofer Amitai stops by the InformationWeek News Desk
By InformationWeek Staff , 5/23/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.