var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment2 comments  |  Read  |  Post a Comment
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at KaseyaCommentary
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better.
By Mike Puglia Chief Strategy Officer at Kaseya, 2/13/2020
Comment3 comments  |  Read  |  Post a Comment
Stop Defending Everything
Kevin Kurzawa, Senior Information Security AuditorCommentary
Instead, try prioritizing with the aid of a thorough asset inventory.
By Kevin Kurzawa Senior Information Security Auditor, 2/12/2020
Comment3 comments  |  Read  |  Post a Comment
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, NetwrixCommentary
Make these mistakes and invaders might linger in your systems for years.
By Matt Middleton-Leal General Manager and Chief Security Strategist, Netwrix, 2/12/2020
Comment2 comments  |  Read  |  Post a Comment
Why Ransomware Will Soon Target the Cloud
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 2/11/2020
Comment0 comments  |  Read  |  Post a Comment
6 Factors That Raise The Stakes For IoT Security
Ericka Chickowski, Contributing Writer
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
By Ericka Chickowski Contributing Writer, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Day in the Life of a Bot
Steve Winterfeld, Advisory CISO at AkamaiCommentary
A typical workday for a bot, from its own point of view.
By Steve Winterfeld Advisory CISO at Akamai, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
Fleming Shi, Chief Technical Officer at Barracuda NetworksCommentary
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
By Fleming Shi Chief Technical Officer at Barracuda Networks, 2/4/2020
Comment3 comments  |  Read  |  Post a Comment
Embracing a Prevention Mindset to Protect Critical Infrastructure
Benny Czarny, Founder & CEO of OPSWATCommentary
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
By Benny Czarny Founder & CEO of OPSWAT, 1/31/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Containers with Zero Trust
Peter Smith, Founder & Chief Executive Officer, Edgewise NetworksCommentary
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
By Peter Smith Founder & Chief Executive Officer, Edgewise Networks, 1/29/2020
Comment0 comments  |  Read  |  Post a Comment
Why DPOs and CISOs Must Work Closely Together
Rajesh Ganesan, Vice President at ManageEngineCommentary
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
By Rajesh Ganesan Vice President at ManageEngine, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Data Awareness Is Key to Data Security
Moti Gindi, Corporate Vice President, Microsoft Defender Advanced Threat ProtectionCommentary
Traditional data-leak prevention is not enough for businesses facing today's dynamic threat landscape.
By Moti Gindi Corporate Vice President, Microsoft Defender Advanced Threat Protection, 1/21/2020
Comment0 comments  |  Read  |  Post a Comment
Massive Oracle Patch Reverses Company's Trend Toward Fewer Flaws
Robert Lemos, Contributing WriterNews
Following a year that saw the fewest number of vulnerabilities reported since 2015, Oracle's latest quarterly patch fixes nearly 200 new vulnerabilities.
By Robert Lemos Contributing Writer, 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: 7x彩票网app Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
New Report Spotlights Changes in Phishing Techniques
Kelly Sheridan, Staff Editor, Dark ReadingNews
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How SD-WAN Helps Achieve Data Security and Threat Protection
Charuhas Ghatge, Senior Product and Solutions Marketing Manager at Nokia's Nuage NetworksCommentary
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
By Charuhas Ghatge Senior Product and Solutions Marketing Manager at Nokia's Nuage Networks, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How to Keep Security on Life Support After Software End-of-Life
Joan Goodchild, Contributing Writer
It's the end of support this week for Windows 7 and Server 2008. But what if you truly can't migrate off software, even after security updates stop coming?
By Joan Goodchild Contributing Writer, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Will This Be the Year of the Branded Cybercriminal?
Raveed Laeb, Product Manager at KELACommentary
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
By Raveed Laeb Product Manager at KELA, 1/13/2020
Comment2 comments  |  Read  |  Post a Comment
5 Tips on How to Build a Strong Security Metrics Framework
Joshua 7x彩票网appfarb, Independent ConsultantCommentary
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
By Joshua 7x彩票网appfarb Independent Consultant, 1/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
Posted by Techgmyth
Current Conversations
In reply to: ">Regarding Business Security Tips by
Post Your Own Reply
Posted by Techgmyth
Current Conversations
In reply to: ">Regarding the cyber attack by
Post Your Own Reply
Posted by chirurgieesthetiqutunisie
Current Conversations wonderful article
In reply to: reading
Post Your Own Reply
More Conversations
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-02-18
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.

PUBLISHED: 2020-02-18
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.

PUBLISHED: 2020-02-18
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.

PUBLISHED: 2020-02-18
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.

PUBLISHED: 2020-02-18
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app