Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Why DPOs and CISOs Must Work Closely Together
Rajesh Ganesan, Vice President at ManageEngineCommentary
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
By Rajesh Ganesan Vice President at ManageEngine, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Data Awareness Is Key to Data Security
Moti Gindi, Corporate Vice President, Microsoft Defender Advanced Threat ProtectionCommentary
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.
By Moti Gindi Corporate Vice President, Microsoft Defender Advanced Threat Protection, 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
Robert Lemos, Contributing WriterNews
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
By Robert Lemos Contributing Writer, 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Spotlights Changes in Phishing Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How SD-WAN Helps Achieve Data Security and Threat Protection
Charuhas Ghatge, Senior Product and Solutions Marketing Manager at Nokia's Nuage NetworksCommentary
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
By Charuhas Ghatge Senior Product and Solutions Marketing Manager at Nokia's Nuage Networks, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How to Keep Security on Life Support After Software End-of-Life
Joan Goodchild, Contributing Writer
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
By Joan Goodchild Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Will This Be the Year of the Branded Cybercriminal?
Raveed Laeb, Product Manager at KELACommentary
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
By Raveed Laeb Product Manager at KELA, 1/13/2020
Comment2 comments  |  Read  |  Post a Comment
5 Tips on How to Build a Strong Security Metrics Framework
Joshua Goldfarb, Independent ConsultantCommentary
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
By Joshua Goldfarb Independent Consultant, 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
Operationalizing Threat Intelligence at Scale in the SOC
Sebastien Tricaud, Director of Security Engineering at DevoCommentary
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
By Sebastien Tricaud Director of Security Engineering at Devo, 1/9/2020
Comment0 comments  |  Read  |  Post a Comment
7 Free Tools for Better Visibility Into Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2020
Comment3 comments  |  Read  |  Post a Comment
The "Art of Cloud War" for Business-Critical Data
Greg Jensen, Senior Director of Security at Oracle CorporationCommentary
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
By Greg Jensen Senior Director of Security at Oracle Corporation, 1/8/2020
Comment0 comments  |  Read  |  Post a Comment
Client-Side JavaScript Risks & the CCPA
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
By Ido Safruti Co-founder & CTO, PerimeterX, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
2020 & Beyond: The Evolution of Cybersecurity
Daniel Kanchev, Enterprise Solutions Team Lead at SiteGroundCommentary
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
By Daniel Kanchev Enterprise Solutions Team Lead at SiteGround, 12/23/2019
Comment7 comments  |  Read  |  Post a Comment
Patch Management: How to Prioritize an Underserved Vulnerability
John Bock, Vice President of Threat Research at Optiv SecurityCommentary
Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.
By John Bock Vice President of Threat Research at Optiv Security, 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
Your First Month as a CISO: Forming an Information Security Program
Lenny Zeltser, Chief Information Security Officer at AxoniusCommentary
It's easy to get overwhelmed in your new position, but these tips and resources will help you get started.
By Lenny Zeltser Chief Information Security Officer at Axonius, 12/18/2019
Comment0 comments  |  Read  |  Post a Comment
Don't Make Security Training a 'One-and-Done'
Dennis Dillman, VP of Security Awareness at Barracuda NetworksCommentary
How to move beyond one-off campaigns and build a true security awareness program.
By Dennis Dillman VP of Security Awareness at Barracuda Networks, 12/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Why Enterprises Buy Cybersecurity 'Ferraris'
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 12/16/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark Reading,  1/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5647
PUBLISHED: 2020-01-22
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue af...
CVE-2011-3612
PUBLISHED: 2020-01-22
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
CVE-2011-3613
PUBLISHED: 2020-01-22
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
CVE-2011-3614
PUBLISHED: 2020-01-22
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVE-2011-3621
PUBLISHED: 2020-01-22
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.