Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
What It's Like to Be a CISO: Check Point Security Leader Weighs In
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
Ashley Madison Breach Returns with Extortion Campaign
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Two Vulnerabilities Found in Microsoft Azure Infrastructure
Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.
How To Keep Your Privacy and Data Secure While Working With a Remote Team
Implementing basic strategies can ensure your remote team's work will be secure, data will be protected, and you'll be far less exposed to security risks.
United Nations Data Breach Started with Microsoft SharePoint Bug
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Inside the Check Point Research Team's Investigation Process
The team sheds light on how their organization works and what they're watching in the threat landscape.
NFL, Multiple NFL Teams' Twitter Accounts Hacked and Hijacked
Hackers claiming to be from the hacktivist group OurMine temporarily took over Twitter accounts of the NFL and several teams in the league.
New Zoom Bug Prompts Security Fix, Platform Changes
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.
NSA Offers Guidance on Mitigating Cloud Flaws
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
For Mismanaged SOCs, The Price Is Not Right
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Startup Privafy Raises $22M with New Approach to Network Security
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
FireEye Buys Cloudvisory
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
Mobile Banking Malware Up 50% in First Half of 2019
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
7 Ways to Get the Most Out of a Penetration Test
You'll get the best results when you’re clear on what you want to accomplish from a pen test.
Active Directory Needs an Update: Here's Why
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
How SD-WAN Helps Achieve Data Security and Threat Protection
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Google: Chrome Will Remove Third-Party Cookies and Tracking
It's "not about blocking" but removing them altogether, the company said.
Processor Vulnerabilities Put Virtual Workloads at Risk
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
Microsoft to Officially End Support for Windows 7, Server 2008
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Study Points to Lax Focus on Cybersecurity
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
The "Art of Cloud War" for Business-Critical Data
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
Cloudflare Adds New Endpoint, Web Security Service
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
Mimecast Acquires Segasec to Boost Phishing Defense
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Continental Drift: Is Digital Sovereignty Splitting Global Data Centers?
The recent proposal by Germany, backed by France, to fuse the infrastructures of Europe's cloud providers could challenge every data center storing a European's data.
Organizations May 'Uncloud' Over Security, Budgetary Concerns
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're using
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
