informa

Application Security

Biden Broadens NSA Oversight of National Security Systems
New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.
January 20, 2022
New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.
by Dark Reading Staff, Dark Reading
January 20, 2022
2 min read
Article
1Password Raises $620M Series C, Now Valued at $6.8B
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.
January 19, 2022
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.
by Dark Reading Staff, Dark Reading
January 19, 2022
2 min read
Article
When Patching Security Flaws, Smarter Trumps Faster
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
January 19, 2022
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
by Robert Lemos, Contributing Writer
January 19, 2022
4 min read
Article
US Search for Vulnerabilities Drives 10x Increase in Bug Reports
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
January 18, 2022
Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
by Robert Lemos, Contributing Writer
January 18, 2022
4 min read
Article
Name That Toon: Nowhere to Hide
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
January 18, 2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
by John Klossner, Cartoonist
January 18, 2022
1 min read
Article
Mastering the Art of Cloud Tagging Using Data Science
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
January 17, 2022
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
by Keith Neilson, Technical Evangelist, CloudSphere
January 17, 2022
5 min read
Article
White House Meets With Software Firms and Open Source Orgs on Security
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
January 14, 2022
The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.
by Robert Lemos, Contributing Writer
January 14, 2022
5 min read
Article
What's Next for Patch Management: Automation
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
January 14, 2022
The next five years will bring the widespread use of hyperautomation in patch management. Part 3 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 14, 2022
5 min read
Article
New Vulnerabilities Highlight Risks of Trust in Public Cloud
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
January 13, 2022
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.
by Robert Lemos, Contributing Writer
January 13, 2022
4 min read
Article
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
January 12, 2022
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 12, 2022
4 min read
Article
Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
January 11, 2022
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
by Jai Vijayan, Contributing Writer
January 11, 2022
4 min read
Article
Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
January 11, 2022
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
by Robert Lemos, Contributing Writer
January 11, 2022
4 min read
Article
The Evolution of Patch Management: How and When It Got So Complicated
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
January 10, 2022
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
by Srinivas Mukkamala, Senior Vice President, Security Products, Ivanti
January 10, 2022
5 min read
Article
CDN Cache Poisoning Allows DoS Attacks Against Cloud Apps
A Romanian researcher discovers more than 70 vulnerabilities in how applications and their content delivery networks handle cache misses that open the doors to denial-of-service attacks.
January 06, 2022
A Romanian researcher discovers more than 70 vulnerabilities in how applications and their content delivery networks handle cache misses that open the doors to denial-of-service attacks.
by Robert Lemos, Contributing Writer
January 06, 2022
5 min read
Article
FTC: Companies Could Face Legal Action for Failing to Patch Log4j
The FTC will pursue companies that fail to take steps to protect consumer data from exposure due to Log4j, officials report.
January 05, 2022
The FTC will pursue companies that fail to take steps to protect consumer data from exposure due to Log4j, officials report.
by Dark Reading Staff, Dark Reading
January 05, 2022
2 min read
Article