Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
Robert Lemos, Contributing WriterNews
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
By Robert Lemos Contributing Writer, 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Spotlights Changes in Phishing Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How SD-WAN Helps Achieve Data Security and Threat Protection
Charuhas Ghatge, Senior Product and Solutions Marketing Manager at Nokia's Nuage NetworksCommentary
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
By Charuhas Ghatge Senior Product and Solutions Marketing Manager at Nokia's Nuage Networks, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How to Keep Security on Life Support After Software End-of-Life
Joan Goodchild, Contributing Writer
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
By Joan Goodchild Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Will This Be the Year of the Branded Cybercriminal?
Raveed Laeb, Product Manager at KELACommentary
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
By Raveed Laeb Product Manager at KELA, 1/13/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Tips on How to Build a Strong Security Metrics Framework
Joshua Goldfarb, Independent ConsultantCommentary
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
By Joshua Goldfarb Independent Consultant, 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
Operationalizing Threat Intelligence at Scale in the SOC
Sebastien Tricaud, Director of Security Engineering at DevoCommentary
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
By Sebastien Tricaud Director of Security Engineering at Devo, 1/9/2020
Comment0 comments  |  Read  |  Post a Comment
7 Free Tools for Better Visibility Into Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2020
Comment2 comments  |  Read  |  Post a Comment
The "Art of Cloud War" for Business-Critical Data
Greg Jensen, Senior Director of Security at Oracle CorporationCommentary
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
By Greg Jensen Senior Director of Security at Oracle Corporation, 1/8/2020
Comment0 comments  |  Read  |  Post a Comment
Client-Side JavaScript Risks & the CCPA
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
By Ido Safruti Co-founder & CTO, PerimeterX, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
2020 & Beyond: The Evolution of Cybersecurity
Daniel Kanchev, Enterprise Solutions Team Lead at SiteGroundCommentary
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
By Daniel Kanchev Enterprise Solutions Team Lead at SiteGround, 12/23/2019
Comment7 comments  |  Read  |  Post a Comment
Patch Management: How to Prioritize an Underserved Vulnerability
John Bock, Vice President of Threat Research at Optiv SecurityCommentary
Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.
By John Bock Vice President of Threat Research at Optiv Security, 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
Your First Month as a CISO: Forming an Information Security Program
Lenny Zeltser, Chief Information Security Officer at AxoniusCommentary
It's easy to get overwhelmed in your new position, but these tips and resources will help you get started.
By Lenny Zeltser Chief Information Security Officer at Axonius, 12/18/2019
Comment0 comments  |  Read  |  Post a Comment
Don't Make Security Training a 'One-and-Done'
Dennis Dillman, VP of Security Awareness at Barracuda NetworksCommentary
How to move beyond one-off campaigns and build a true security awareness program.
By Dennis Dillman VP of Security Awareness at Barracuda Networks, 12/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Why Enterprises Buy Cybersecurity 'Ferraris'
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 12/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Get Organized Like a Villain
Rob Ragan & Alex DeFreese, Principal Security Researcher & Managing Security Associate at Bishop FoxCommentary
What cybercrime group FIN7 can teach us about using agile frameworks.
By Rob Ragan & Alex DeFreese Principal Security Researcher & Managing Security Associate at Bishop Fox, 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Intel's CPU Flaws Continue to Create Problems for the Tech Community
Irfan Ahmed, Assistant Professor in the Department of Computer Science at Virginia Commonwealth UniversityCommentary
We can't wait out this problem and hope that it goes away. We must be proactive.
By Irfan Ahmed Assistant Professor in the Department of Computer Science at Virginia Commonwealth University, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Mathew Newfield, Chief Information Security Officer at UnisysCommentary
You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.
By Mathew Newfield Chief Information Security Officer at Unisys, 12/10/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.