Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment1 Comment  |  Read  |  Post a Comment
New Email Campaign Employs Malicious URLs
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
Study Finds Petabytes of Sensitive Data Open to the Internet
Dark Reading Staff, Quick Hits
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
By Dark Reading Staff , 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
New DARPA Contract Looks to Avoid Another 'Meltdown'
Dark Reading Staff, Quick Hits
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
By Dark Reading Staff , 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Panera Bread Leaves Millions of Customer Records Exposed Online
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2018
Comment1 Comment  |  Read  |  Post a Comment
780 Days in the Life of a Computer Worm
Javvad Malik, Security Advocate at AlienVaultCommentary
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
By Javvad Malik Security Advocate at AlienVault, 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
The Overlooked Problem of 'N-Day' Vulnerabilities
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
By Ang Cui Founder & CEO, Red Balloon Security, 3/26/2018
Comment0 comments  |  Read  |  Post a Comment
Is Application Security Dead?
Tyler Shields,  VP of Marketing, Strategy & Partnerships,  Signal SciencesCommentary
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
By Tyler Shields VP of Marketing, Strategy & Partnerships, Signal Sciences, 3/22/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Curtis Franklin Jr., Senior Editor at Dark Reading
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Segmentation: The Neglected (Yet Essential) Control
John Moynihan, President, Minuteman GovernanceCommentary
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
By John Moynihan President, Minuteman Governance, 3/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Electric Utility Hit with Record Fine for Vulnerabilities
Dark Reading Staff, Quick Hits
An unnamed power company has consented to a record fine for leaving critical records exposed.
By Dark Reading Staff , 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
What's the C-Suite Doing About Mobile Security?
Anne Bonaparte, CEO of AppthorityCommentary
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
By Anne Bonaparte CEO of Appthority, 3/13/2018
Comment0 comments  |  Read  |  Post a Comment
Malware 'Cocktails' Raise Attack Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/13/2018
Comment0 comments  |  Read  |  Post a Comment
7 University-Connected Cyber Ranges to Know Now
Curtis Franklin Jr., Senior Editor at Dark Reading
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/9/2018
Comment1 Comment  |  Read  |  Post a Comment
CERT.org Goes Away, Panic Ensues
Dark Reading Staff, Quick Hits
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
By Dark Reading Staff , 3/5/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.