Dark Reading
Protect The Business - Enable Access
All News
BeyondTrust Buys eEye
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
The FBI says attackers are trying to trick users into installing malware with promises of software updates
Linux Users Beware: Patch New Samba Flaw 'Immediately'
Samba bug could spur targeted attacks or a worm -- but not all affected systems will get patched
Massive Mac Trojan Attack Still Under Way
New, free Flashback Trojan detection and removal tool available from Kaspersky Lab; snapshot of bot counts dropping
Big Mac Botnet Mostly Made Up Of U.S. Machines
Major 'wake-up call' for Mac users as Apple OS X Java flaw exploit spreads
Lesson From Pwn2Own: Focus On Exploitability
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
Command Injection Attacks, Automated Password Guessing On The Rise
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Choosing The Right Vulnerability Scanner For Your Organization
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Simple Settings That Could Curtail Some Attacks
Free tool created by eEye Digital Security checks health of key configurations that can reduce risk
The End Of Vulnerabilities?
On a global scale, bugs are never going away, but in specific products, early evidence reveals that companies are having success in weeding out flaws
Microsoft Flaw Demonstrates Dangers Of Remote Desktop Access
Fear is that attackers will soon come up with exploits for targeted attacks, worms
How To Use Google To Find Vulnerabilities In Your IT Environment
The bad guys use search engines to seek out weak spots. Here's how to beat them to the punch
Doman Generation Algorithms Quietly On The Rise, Researcher Says
Thought to be dead, DGAs are increasingly being used for botnet command and control, Damballa says
Rogue AV Campaign Infects More Than 200,000 Web Pages
Websense has detected a massive infection campaign targeting users with rogue antivirus
Microsoft Studies 10 Years Of Malware And Threats
Special report maps malware evolution, and how the least-infected regions keep botnets, other threats at bay
Chrome Shines Bright In Controversial Security Fight
The major browsers have all made solid strides in security in the past few years, but Chrome's sandbox makes Google's browser a harder target, researchers say
Fixing Vulnerabilities On A Shoestring
A study of 15 vulnerability remediation projects finds only a third of time is actually spent fixing flaws. More on the costs and how to reduce them
Making Windows Secure From The Ground Up
Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push -- and the costs
Nearly 80% Of All Bugs Are In Third-Party Apps
Secunia annual report says only 10 percent of bugs in 2011 were in Microsoft software
How (And Why) Attackers Choose Their Targets
To build a sure defense, you need to know what makes you a juicy target. Here are some tips
Can Glass-Box Scanning Find Your Real Bugs?
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives
Adobe Calls For Defensive Approach In Security Research
Mitigation methods the emphasis at Adobe
FDIC Warns Of 'High Risk' Payment Processors
Some third-party payment processing services may not be secure, commission says
Financial Services Industry Employs Microsoft SDL In New Secure Software Model
Microsoft meanwhile releases new data showing major drop in bugs and exploitable vulnerabilities in its software over the past year and a half
Famed Hacking Contest Gets Facelift
‘Pwn2Own’ will up the ante with more prolonged contest, fewer targets, more payout for first-, second-, third-place winners -- plus an extra Google bounty for cracking Chrome
Vulnerability Management Reports
Choosing the Right Vulnerability Scanner for Your Organization
Vulnerability scanners can be used to help detect and fix systemic problems in an organization's security program and monitor the effectiveness of security controls. However, a vulnerability scanner can improve the organization?s security posture only when it is used as part of a vulnerability management program, in which products, processes and people are working together to find, identify, prioritize and mitigate threats. Here are some tips on choosing and implementing vulnerability scanners in your enterprise.
Using Google to Find Vulnerabilities In Your IT Environment
Attackers are increasingly using a simple method for finding flaws in websites and applications: they Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. Sound scary? It is, but there is good news: You can use these same methods to find flaws before the bad guys do. In this special report, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services--and to fix them before they can be exploited.
Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.
Other reports from the Vulnerability Management Tech Center:
- In-House Malware Analysis: Why You Need It, How to Do It
- Scanning Reality: Limits of Automated Vulnerability Scanners
- Using BSIMM To Develop Safe Applications
- Applications Security: Eliminating Vulnerabilities in Enterprise Software
- In a Fix? Try a Vulnerability Remediation Life Cycle
- Sharing Is Daring: Multi-Enterprise Vulnerability Management Strategies
- Compliance 101: Creating a Strong Vulnerability Management Strategy
- Ground Zero: Building a Layered Defense Against Unknown Threats
- Assessing the Danger: How IT Can Ace Vulnerability Management
Vulnerability Management Newsfeed
- WatchGuard Continues Pattern Of Strong Growth
- Agnitum: PC Security Test shows Antivirus Products Being Left Behind
- ICASI Releases Update To XML Framework For Reporting IT System Vulnerabilities
- Kindsight Security Labs Releases Q1 2012 Malware Report
- How Travelers Can Protect Themselves From Hotel Wi-Fi Drive-By Attacks
- TCS Introduces Military Cyber Grade Security For Enterprises
MORE NEWSFEED >>>
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
- Securing the Cloud: Extend the Benefits of Traditional IT Environments to Cloud
- Best Practices in SMB Desktop Virtualization
- Collaborative DevOps: Bridging the gap between development and operations with automation
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
- Cyber Security Risk: A Conversation with Richard Clarke about Threats to Enterprise Software
- RHEV for Servers Feature Comparison
- A CIO's Guide: Building Business Trust with Application Performance Monitoring
- Using storage to extend the benefits of virtualization and iSCSI
- Drive Your Business with Predictive Analytics
