Dark Reading
Protect The Business - Enable Access
Dark Reading's Vulnerability Management Tech Center is your portal to all the news, product information, best practices, and other data related to detecting and remediating security vulnerabilities. Written for those who must find and fix enterprise security vulnerabilities, the Vulnerability Management Tech Center is your guide to the latest tools and techniques for preventing security breaches, as well as best practices for responding to new vulnerability discoveries.
Breaking News
Malware Mania: Badware And Botnets Explode
McAfee's new threat report for Q1 shows bots and PC and mobile malware on the rise
BeyondTrust Buys eEye
eEye co-founder Marc Maiffret now CTO of BeyondTrust
FBI Warns Travelers Using Hotel Networks About New Attack
The FBI says attackers are trying to trick users into installing malware with promises of software updates
More Stories:
- Linux Users Beware: Patch New Samba Flaw 'Immediately'
- Massive Mac Trojan Attack Still Under Way
- Big Mac Botnet Mostly Made Up Of U.S. Machines
- Lesson From Pwn2Own: Focus On Exploitability
- Command Injection Attacks, Automated Password Guessing On The Rise
- Choosing The Right Vulnerability Scanner For Your Organization
- Simple Settings That Could Curtail Some Attacks
- The End Of Vulnerabilities?
MORE NEWS >>>
By The Numbers
Proportion Of Vulnerability Disclosures By The Top 10 Vendors
The ten software developers that disclose the most bugs account for an increasing number of bugs each year.
Source: IBM X-Force 2011 Trend And Risk Report
Blog
Ron Was Wrong, Whit Is Right, And What You Need To KnowMarch 13, 2012
Clarifying the technical findings on a weakness in RSA crypto keys and some recommendations on how to prepare and protect your assets from the next inevitable crypto weakness discovery
Around The Web
INFORMATION WEEK
Mac Botnet Now 600,000 Infected Machines Strong
Apple earlier this week released an update for its version of Oracle's Java software to limit the spread of a Flashback trojan variant that has already infected over 600,000 Macs
TECHWORLD
Google Patches Chrome Vulnerability Following Pwnium Hack
Google has patched a critical Chrome vulnerability disclosed at the CanSecWest security conference in Vancouver that can be exploited to escape from a browser's secure sandbox
INFOSECURITY MAGAZINE
Adobe Offers Malware Classification Tool For 'Quick Malware Triage'
Adobe has released a free tool that helps IT administrators classify suspicious files as malicious or benign using machine-learning algorithms
ZDNET'S ZERO DAY BLOG
Facebook: Android, Ios Security Hole Only For Jailbroken Devices
Facebook says the security vulnerability in Facebook for Android and Facebook for iOS that means your Facebook identity can be stolen only affects compromised or jailbroken devices
PCWORLD
Unpatched Java Vulnerability Exploited To Infect Macs With Flashback Malware
Flashback is a computer Trojan horse for Mac OS that first appeared in September 2011. The first variant was distributed as a fake Flash Player installer, but the malware has been changed significantly since then, both in terms of functionality and distribution methods
NEXTGOV
Weak Passwords Render Major Power Supplier Vulnerable to Hackers, Audit Finds
A federal utility in the Pacific Northwest that powers 30 percent of the region, including key military installations, is vulnerable to computer breaches, according to an internal Energy Department audit. But the weaknesses highlighted are typical of many critical government and industry systems, say some cybersecurity experts
SAN FRANCISCO CHRONICLE
Hacking Your Servers To Find Weaknesses
As the costs of data hacks surge -- the average loss is $5.5 million -- and information thieves become better-funded and more coordinated, companies are expanding efforts to prevent attacks and feeding a market for data-vulnerability management that may grow to almost $1 billion in 2016, from $400.5 million in 2011
FORBES
Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits
Any hacker who happens to know one Bangkok-based security researcher who goes by the handle the Grugq'?or someone like him?has a third option: arrange a deal through the pseudonymous exploit broker to hand the exploit information over to a government agency, don?t ask too many questions, and get paid a quarter of a million dollars?minus the Grugq?s 15% commission
Vulnerability Management Reports
Choosing the Right Vulnerability Scanner for Your Organization
Vulnerability scanners can be used to help detect and fix systemic problems in an organization's security program and monitor the effectiveness of security controls. However, a vulnerability scanner can improve the organization?s security posture only when it is used as part of a vulnerability management program, in which products, processes and people are working together to find, identify, prioritize and mitigate threats. Here are some tips on choosing and implementing vulnerability scanners in your enterprise.
Using Google to Find Vulnerabilities In Your IT Environment
Attackers are increasingly using a simple method for finding flaws in websites and applications: they Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. Sound scary? It is, but there is good news: You can use these same methods to find flaws before the bad guys do. In this special report, we outline methods for using search engines such as Google and Bing to identify vulnerabilities in your applications, systems and services--and to fix them before they can be exploited.
Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.
Other reports from the Vulnerability Management Tech Center:
- In-House Malware Analysis: Why You Need It, How to Do It
- Scanning Reality: Limits of Automated Vulnerability Scanners
- Using BSIMM To Develop Safe Applications
- Applications Security: Eliminating Vulnerabilities in Enterprise Software
- In a Fix? Try a Vulnerability Remediation Life Cycle
- Sharing Is Daring: Multi-Enterprise Vulnerability Management Strategies
- Compliance 101: Creating a Strong Vulnerability Management Strategy
- Ground Zero: Building a Layered Defense Against Unknown Threats
- Assessing the Danger: How IT Can Ace Vulnerability Management
Vulnerability Management Newsfeed
- WatchGuard Continues Pattern Of Strong Growth
- Agnitum: PC Security Test shows Antivirus Products Being Left Behind
- ICASI Releases Update To XML Framework For Reporting IT System Vulnerabilities
- Kindsight Security Labs Releases Q1 2012 Malware Report
- How Travelers Can Protect Themselves From Hotel Wi-Fi Drive-By Attacks
- TCS Introduces Military Cyber Grade Security For Enterprises
MORE NEWSFEED >>>
- Big Data at High Speed: Complex Event Processing at 10x
- Unlock the Value of Your Business Data: IBM's Integration Solution for .NET Environments
- Collaborative DevOps: Bridging the gap between development and operations with automation
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
- Insurance Workforce Optimization: How To Work Smarter To Benefit Your Customers, Employees and the Bottom Line
