Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The State of Application Penetration Testing
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Virtual Private Networks: Why Their Days Are Numbered
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
SAML Flaw Lets Hackers Assume Users' Identities
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Splunk to Acquire Phantom
$350 million deal scheduled to close Q1 2018.
Adobe Flash Vulnerability Reappears in Malicious Word Files
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
7 Key Stats that Size Up the Cybercrime Deluge
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
6 Cybersecurity Trends to Watch
Expect more as the year goes on: more breaches, more IoT attacks, more fines…
93% of Cloud Applications Aren't Enterprise-Ready
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
10 Can't-Miss Talks at Black Hat Asia
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
Facebook Aims to Make Security More Social
Facebook's massive user base creates an opportunity to educate billions on security.
Siemens Leads Launch of Global Cybersecurity Initiative
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
FedEx Customer Data Exposed on Unsecured S3 Server
Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.
Democracy & DevOps: What Is the Proper Role for Security?
Security experts need a front-row seat in the application development process but not at the expense of the business.
Oracle Buys Zenedge for Cloud Security
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Microsoft Adds Windows Defender ATP Support to Windows 7, 8.1
Microsoft brings Windows Defender ATP down-level support to older versions of Windows for businesses transitioning to Windows 10.
Man Formerly on FBI Most Wanted List Pleads Guilty in 'Scareware' Hack
Latvian man ran bulletproof Web hosting service that served cybercriminals.
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Top Cloud Security Misconceptions Plaguing Enterprises
Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Here’s how to find the best fit for your company.
Security vs. Speed: The Risk of Rushing to the Cloud
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
2017 Smashed World's Records for Most Data Breaches, Exposed Information
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
Mastering Security in the Zettabyte Era
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Securing Cloud-Native Apps
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
