Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
Mobile Malware Moves to Mine Monero (and Other Currencies)
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Security Lags in Enterprise Cloud Migration
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Privacy Group: Facebook, Google Policies Break GDPR Laws
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
Most Expensive Data Breaches Start with Third Parties: Report
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
What Should Post-Quantum Cryptography Look Like?
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
The State of Information Sharing 20 Years after the First White House Mandate
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
North Korean Defectors Targeted with Malicious Apps on Google Play
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
Google to Delete 'Secure' Label from HTTPS Sites
Google acknowledges HTTPS as the Internet standard with plans to remove ‘secure’ from all HTTPS sites.
Syrian Electronic Army Members Indicted for Conspiracy
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
Cracking 2FA: How It's Done and How to Stay Safe
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
7 Tools for Stronger IoT Security, Visibility
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
25% of Businesses Targeted with Cryptojacking in the Cloud
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
Smashing Silos and Building Bridges in the IT-Infosec Divide
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
Email Security Tools Try to Keep Up with Threats
Email has long been a prime vector for cyberattacks, and hackers are only getting sneakier. Can email platforms and security tools keep up?
Calculating Cloud Cost: 8 Factors to Watch
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
APT Attacks on Mobile Rapidly Emerging
Mobile devices are becoming a 'primary' enterprise target for attackers.
Google Security Updates Target DevOps, Containers
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
RSA CTO: 'Modernization Can Breed Malice'
Zulfikar Ramzan predicted the future of cybersecurity, drivers shaping it, and how enterprise IT should react in his InteropITX 2018 keynote.
Hackers Leverage GDPR to Target Airbnb Customers
Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
