Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security CompassCommentary
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
By Rohit Sethi COO of Security Compass, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/15/2018
Comment3 comments  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
What Meltdown and Spectre Mean for Mobile Device Security
JT Keating, Vice President of Product Strategy at ZimperiumCommentary
Here are four tips to keep your mobile users safe from similar attacks.
By JT Keating Vice President of Product Strategy at Zimperium, 4/30/2018
Comment4 comments  |  Read  |  Post a Comment
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment1 Comment  |  Read  |  Post a Comment
New Email Campaign Employs Malicious URLs
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
Study Finds Petabytes of Sensitive Data Open to the Internet
Dark Reading Staff, Quick Hits
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
By Dark Reading Staff , 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
New DARPA Contract Looks to Avoid Another 'Meltdown'
Dark Reading Staff, Quick Hits
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
By Dark Reading Staff , 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Panera Bread Leaves Millions of Customer Records Exposed Online
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2018
Comment1 Comment  |  Read  |  Post a Comment
780 Days in the Life of a Computer Worm
Javvad Malik, Security Advocate at AlienVaultCommentary
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
By Javvad Malik Security Advocate at AlienVault, 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
The Overlooked Problem of 'N-Day' Vulnerabilities
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
By Ang Cui Founder & CEO, Red Balloon Security, 3/26/2018
Comment0 comments  |  Read  |  Post a Comment
Is Application Security Dead?
Tyler Shields,  VP of Portfolio Strategy at CA TechnologiesCommentary
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
By Tyler Shields VP of Portfolio Strategy at CA Technologies, 3/22/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Curtis Franklin Jr., Senior Editor at Dark Reading
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/20/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.