Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Security on a Shoestring? More Budget Means More Detection
Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Moving from DevOps to CloudOps: The Four-Box Problem
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
A decision on the order, which contains several recommendations, is still forthcoming.
The CIO's Shifting Role: Improving Security With Shared Responsibility
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
6 Tips for Limiting Damage From Third-Party Attacks
The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.
Anti-Spoofing for Email Gains Adoption, but Enforcement Lags
More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
CSA & ISACA Team Up on Cloud Auditing Certificate
The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.
Qualys CEO Courtot Departs for Health Reasons
The well-known security industry entrepreneur initially took a leave of absence in February.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
CISA Issues Advisory on TrickBot Campaigns
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Enterprises Wrestle With Executive Social Media Risk Management
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
IronNet Cybersecurity to Go Public in Merger
Company intends for the deal to drive adoption of its Collective Defense Platform.
Combating Call Center Fraud in the Age of COVID
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Lookout Acquires SASE Cloud Provider CipherCloud
Deal signals a focus on the cloud for mobile security firm.
Verkada Breach Demonstrates Danger of Overprivileged Users
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Three steps to fight this increasingly vexing problem.
Call Recorder iPhone App Flaw Uncovered
Researcher finds thousands of recorded calls easily accessible to others.
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.
Leaked Development Secrets a Major Issue for Repositories
Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.
Look to Banking as a Model for Stopping Crime-as-a-Service
The first step toward prevention is understanding the six most common CaaS services.
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project
Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
Secure Laptops & the Enterprise of the Future
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
Microsoft Ignite Brings Security & Compliance Updates
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
Google Partners With Insurers to Create Risk Protection Program
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
