Dark Reading
Protect The Business - Enable Access
Dark Reading's Vulnerability Management Tech Center is your portal to all the news, product information, best practices, and other data related to detecting and remediating security vulnerabilities. Written for those who must find and fix enterprise security vulnerabilities, the Vulnerability Management Tech Center is your guide to the latest tools and techniques for preventing security breaches, as well as best practices for responding to new vulnerability discoveries.
Breaking News
How (And Why) Attackers Choose Their Targets
To build a sure defense, you need to know what makes you a juicy target. Here are some tips
Can Glass-Box Scanning Find Your Real Bugs?
When it works, hybrid -- or 'glass-box' scanning -- combines dynamic, black-box analysis with static, white-box code analysis to find bugs and cut down on false positives
Adobe Calls For Defensive Approach In Security Research
Mitigation methods the emphasis at Adobe
More Stories:
- FDIC Warns Of 'High Risk' Payment Processors
- Financial Services Industry Employs Microsoft SDL In New Secure Software Model
- Famed Hacking Contest Gets Facelift
- Third-Party Vulnerability Counts Down? Not Quite
- New Version Of Carberp Trojan Targets Facebook Users
- Possible New Zero-Day Windows 7 Flaw Under Investigation
- Security Holes In Software Decreased This Year, Early Data Shows| 2 Comments
- Zero Day Initiative: One Year After Throwing Down The Disclosure Gauntlet
MORE NEWS >>>
By The Numbers
The number of vulnerabilities reported publicly continues to be well off its 2006 peak. Reported vulnerabilities will likely be flat to slightly up in 2010, compared to 2009. Source: 2010 Top Cyber Risks Security Report published by HP TippingPoint, Qualys and the SANS Internet Storm Center.
Blog
Fighting 0days With FundamentalsNovember 06, 2011
How to pre-emptively secure systems against 0day attacks that, by definition, we know nothing about
Around The Web
H ONLINE
Attackers Exploit DLL Vulnerability In Office And Other Applications
SANS Internet Storm Center says cybercriminals are already exploiting the DLL vulnerability in applications including Microsoft Office, WindowsMail, and uTorrent
THE REGISTER
Apple Kills Jailbreakme Mac Bug
Apple patches more than a dozen vulnerabilities in the Mac OS X, including one that was used to jailbreak the company's iPhone. Exploits had already appeared targeting the security issue
COMPUTERWORLD
Google's Chrome Speeds Up Flash Patching Seven-Fold
Google pushes out patches for Adobe's Flash via Chrome's silent update service. The result: A seven-fold increase in patch adoption.
PC WORLD
Microsoft Partners Slow to Patch, Report Says
Third-party application makers patched less than half of the vulnerabilities reported to them in the previous 12 months, according to Microsoft.
BUSINESS WIRE
Tenable Network Security Awarded U.S. Patent for Network Monitoring Technology
The maker of the Nessus vulnerability and network scanner scores a patent on using passive network monitoring to find vulnerable assets.
CNET NEWS.COM
Forcing Vendors To Fix Bugs Under Deadline
Researchers complain that vendors still take their time fixing serious software vulnerabilities, but the firm that runs the Zero-Day Initiative plans to limit that time to six months
BANKINFOSECURITY
10 Tips To Thwart Skimming
It's all about layered security, monitoring, system audits, and education
CIO
Google Squashes Gmail Bug
Google patched a Gmail flaw that caused some users' accounts to resend messages multiple times
Vulnerability Management Reports
How (and Why) Attackers Choose Their Targets
To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In this report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain.
Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.
In-House Malware Analysis: Why You Need It, How to Do It
Vulnerability management identifies and closes exploitable holes in your enterprise network. But some systems remain vulnerable, and traditional antivirus and perimeter defenses are proving less effective against sophisticated malware, targeted attacks and zero-day exploits. In this report, we show you how malware analysis, tied closely to incident response, is an essential complement to enterprise vulnerability management programs.
Other reports from the Vulnerability Management Tech Center:
- Scanning Reality: Limits of Automated Vulnerability Scanners
- Using BSIMM To Develop Safe Applications
- Applications Security: Eliminating Vulnerabilities in Enterprise Software
- In a Fix? Try a Vulnerability Remediation Life Cycle
- Sharing Is Daring: Multi-Enterprise Vulnerability Management Strategies
- Compliance 101: Creating a Strong Vulnerability Management Strategy
- Ground Zero: Building a Layered Defense Against Unknown Threats
- Assessing the Danger: How IT Can Ace Vulnerability Management
Related Content
| Sponsored by: |  |
The Ponemon Institute 2012 State of the Endpoint
The 2012 State of the Endpoint study, sponsored by Lumension and conducted by Ponemon Institute, determines how effective organizations are in the protection of their endpoints and what they perceive are the biggest obstacles to reducing risk. The study is focused on four topics on the state of endpoint security: risk, productivity, resources and complexity.
The CISOs Guide to Measuring IT Security
Many organizations continue to blindly blaze into new technology territory without fully understanding the inherent IT risks. As a CISO, you must be able to facilitate business productivity without the risk. If you can accurately measure your security posture and communicate in terms of business risk as opposed to bits and bytes, you can effectively gain buy-in from key executives on important security initiatives. Learn the key steps to enhancing your security visibility so that you have a voice at the executive table.
Think Your Anti-Virus Software Is Working? Think Again
We've been so bombarded by computer viruses, worms, Trojan horses and other malware that we've become acclimated to their presence. We subscribe to an anti-virus (AV) offering and hope for the best. Trouble is, AV hasn't been keeping up. Studies show that even though most organizations use AV, more and more are succumbing to attacks. It's time to shift from the status quo to a new, more effective endpoint security approach, called intelligent whitelisting, which affords greater protection, productivity, and efficiency.
Unruly USB Devices Expose Networks to Malware
It's pretty easy for organizations to get so wrapped up about what goes out on USB drives that they forget to protect against what comes in their environments via USB. And with attacks inflicting increasingly greater damage following uncontrolled connection, it's time that organizations got serious about this threat. The key to USB security is balancing productivity with protection.
Reducing Local Admin Exposure Through Application Whitelisting
In today's Windows environment, users are accustomed to having local administrator privileges that allow them to download a variety of applications and potentially misconfigure their PCs. While standard wisdom may be to simply solve the problem by revoking local administrator rights on users' systems, the reality is that this may not be an option. Fortunately, there's hope - through application whitelisting.
Vulnerability Management Newsfeed
- F5’s Certified Firewall Protects Against Large-Scale Cyber Attacks On Public-Facing Websites
- Websense Reports Record Revenues For Fourth Quarter And Fiscal Year 2011
- Symantec Reports Record Third Quarter Fiscal 2012 Results
- Sophos Reveals Assessment On Threat Landscape In Security Threat Report 2012
- Packet Plus Introduces Interactive Networking Stack Debugger
- Trend Micro Marks 2011 "The Year Of Data Breaches"
MORE NEWSFEED >>>
