Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Vulnerability Management
Page 1 / 2   >   >>
Attackers' Costs Increasing as Businesses Focus on Security
News  |  11/15/2019  | 
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.
DevSecOps: The Answer to the Cloud Security Skills Gap
Commentary  |  11/15/2019  | 
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
How Does Your Cyber Resilience Measure Up?
Commentary  |  11/14/2019  | 
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Cybersecurity: An Organizationwide Responsibility
Commentary  |  11/13/2019  | 
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
Breaches Are Inevitable, So Embrace the Chaos
Commentary  |  11/13/2019  | 
Avoid sinking security with principles of shipbuilding known since the 15th century.
Unreasonable Security Best Practices vs. Good Risk Management
Commentary  |  11/13/2019  | 
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
The Myths of Multifactor Authentication
Commentary  |  11/12/2019  | 
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
Why Cyber-Risk Is a C-Suite Issue
Commentary  |  11/12/2019  | 
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
9 Principles to Simplify Security
Commentary  |  11/8/2019  | 
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Commentary  |  11/7/2019  | 
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
Accounting Scams Continue to Bilk Businesses
News  |  11/6/2019  | 
Yes, ransomware is plaguing businesses and government organizations, but impersonators inserting themselves into financial workflows most often via e-mail continue to enable big paydays.
Social Media: Corporate Cyber Espionage's Channel of Choice
Commentary  |  11/6/2019  | 
Proactive defense and automation can help your company deal with scale and prioritize risks in order to more efficiently fight cyber espionage.
The State of Email Security and Protection
Commentary  |  11/5/2019  | 
Phishing and ransomware top the list of security risks that organizations are not fully prepared to deal with.
Enterprise Web Security: Risky Business
Commentary  |  11/5/2019  | 
Web development is at much more risk than commonly perceived. As attackers eye the enterprise, third-party code provides an easy way in.
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Commentary  |  11/4/2019  | 
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
8 Trends in Vulnerability and Patch Management
Slideshows  |  10/30/2019  | 
Unpatched flaws continue to be a major security issue for many organizations.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
Why Organizations Must Quantify Cyber-Risk in Business Terms
Commentary  |  10/24/2019  | 
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Commentary  |  10/14/2019  | 
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Commentary  |  10/8/2019  | 
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Cybercrime: AI's Growing Threat
Commentary  |  10/4/2019  | 
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
Common Pitfalls of Security Monitoring
Commentary  |  10/3/2019  | 
We need technology, but we cant forget the importance of humans working methodically to make it effective.
Controlling Data Leakage in Cloud Test-Dev Environments
Commentary  |  10/2/2019  | 
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
5 Common Cloud Configuration Mistakes
Commentary  |  9/17/2019  | 
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
The Fight Against Synthetic Identity Fraud
Commentary  |  9/12/2019  | 
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Data Is the New Copper
Commentary  |  9/10/2019  | 
Data breaches fuel a complex cybercriminal ecosystem, similar to copper thefts after the financial crisis.
AI Is Everywhere, but Don't Ignore the Basics
Commentary  |  9/10/2019  | 
Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.
From Spyware to Ninja Cable
Commentary  |  9/9/2019  | 
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
Page 1 / 2   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.