Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

News & Commentary
7x彩票网app Got Tagged, but not Hard Enough
Billee Elliott McAuliffe, Member, Lewis Rice LLCCommentary
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
By Billee Elliott McAuliffe Member, Lewis Rice LLC, 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
Needed: A Cybersecurity Good Samaritan Law
Tom McAndrew, CEO at CoalfireCommentary
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
By Tom McAndrew CEO at Coalfire, 3/17/2020
Comment0 comments  |  Read  |  Post a Comment
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
Robert Lemos, Contributing WriterNews
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
By Robert Lemos Contributing Writer, 3/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Yaniv Valik, VP Product, Cyber and IT Resilience, Continuity SoftwareCommentary
Law-abiding folks like us applauded Texas for its bravery ? but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
By Yaniv Valik VP Product, Cyber and IT Resilience, Continuity Software, 3/13/2020
Comment0 comments  |  Read  |  Post a Comment
How the Rise of IoT Is Changing the CISO Role
Phil Neray, VP of IoT & Industrial Cybersecurity at CyberXCommentary
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
By Phil Neray VP of IoT & Industrial Cybersecurity at CyberX, 3/11/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Tips to Stay Secure When You Lose an Employee
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/10/2020
Comment0 comments  |  Read  |  Post a Comment
How Network Metadata Can Transform Compromise Assessment
Ricardo Villadiego, Founder and CEO of LumuCommentary
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
By Ricardo Villadiego Founder and CEO of Lumu, 3/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
PJ Kirner, CTO & Founder, IllumioCommentary
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
By PJ Kirner CTO & Founder, Illumio, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
Threat Awareness: A Critical First Step in Detecting Adversaries
Dan Schiappa, Executive Vice President & Chief Product Officer at SophosCommentary
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
By Dan Schiappa Executive Vice President & Chief Product Officer at Sophos, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
Securing Our Elections Requires Change in Technology, People & Attitudes
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
Increasing security around our election process and systems will take a big effort from many different parties. Here's how.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/6/2020
Comment0 comments  |  Read  |  Post a Comment
6 Steps CISOs Should Take to Secure Their OT Systems
Satish Gannu, Chief Security Officer, ABBCommentary
The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.
By Satish Gannu Chief Security Officer, ABB, 3/5/2020
Comment2 comments  |  Read  |  Post a Comment
Advanced Tech Needs More Ethical Consideration & Security
Paul Ybarra, Chief Revenue Officer at Fusion Risk ManagementCommentary
Unintended consequences and risks need board-level attention and action.
By Paul Ybarra Chief Revenue Officer at Fusion Risk Management, 3/5/2020
Comment0 comments  |  Read  |  Post a Comment
EternalBlue Longevity Underscores Patching Problem
Robert Lemos, Contributing WriterNews
Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.
By Robert Lemos Contributing Writer, 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways to Strengthen Your Cyber Defenses
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
By Chris Hallenbeck CISO for the Americas at Tanium, 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Perils of Electronic Communications
Lena Smart, Chief Information Security Officer, MongoDBCommentary
7x彩票网app, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
By Lena Smart Chief Information Security Officer, MongoDB, 3/3/2020
Comment0 comments  |  Read  |  Post a Comment
The Cybercrime Pandemic Keeps Spreading
Marc Wilczek, Digital Strategist & COO of Link11Commentary
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.
By Marc Wilczek Digital Strategist & COO of Link11, 3/3/2020
Comment0 comments  |  Read  |  Post a Comment
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Srinivas Mukkamala, Co-founder & CEO, RiskSenseCommentary
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
By Srinivas Mukkamala Co-founder & CEO, RiskSense, 2/27/2020
Comment3 comments  |  Read  |  Post a Comment
What Your Company Needs to Know About Hardware Supply Chain Security
Daniel Wood, Associate Vice President of Consulting, Bishop FoxCommentary
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
By Daniel Wood Associate Vice President of Consulting, Bishop Fox, 2/27/2020
Comment0 comments  |  Read  |  Post a Comment
Open Cybersecurity Alliance Releases New Language for Security Integration
Dark Reading Staff, Quick Hits
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
By Dark Reading Staff , 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
Ensure Your Cloud Security Is as Modern as Your Business
Nicolas (Nico) Fischbach, Global CTO at ForcepointCommentary
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
By Nicolas (Nico) Fischbach Global CTO at Forcepoint, 2/25/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Matt Middleton-Leal Netwrix
Current Conversations Many thanks!
In reply to: Re: reading
Post Your Own Reply
More Conversations
Many Ransomware Attacks Can be Stopped Before They Begin
Jai Vijayan, Contributing Writer,  3/17/2020
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Dr. Salvatore Stolfo, Founder & CTO, Allure Security,  3/17/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as ...

PUBLISHED: 2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as sh...

PUBLISHED: 2020-03-18
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, whi...

PUBLISHED: 2020-03-18
The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in verisons prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

PUBLISHED: 2020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissi...
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app