Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
GDPR's First-Year Impact by the Numbers
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
Vulnerability Leaves Container Images Without Passwords
A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.
2.3B Files Currently Exposed via Online Storage
Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.
Palo Alto Networks Confirms PureSec Acquisition
The company also agreed to buy container security company Twistlock as it develops its cloud security suite.
Docker Vulnerability Opens Servers to Container Code
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Palo Alto Networks Said to Buy Twistlock
Reports in Israel-based business publications say Palo Alto Networks has reached a deal to purchase the container security startup, as well as another Israeli security startup.
8 Ways to Authenticate Without Passwords
Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
Keys for Working with Modern MSSPs
How to determine what an MSSP can do for your organization, and the questions to ask before signing a contract.
'Cattle, Not Pets' & the Rise of Security-as-Code
Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.
Mist Computing Startup Distributes Security AI to the Network Edge
MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
How Security Vendors Can Address the Cybersecurity Talent Shortage
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
To Manage Security Risk, Manage Data First
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
Google's Origin & the Danger of Link Sharing
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Microsoft Opens Defender ATP for Mac to Public Preview
Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.
New Software Skims Credit Card Info From Online Credit Card Transactions
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Consumer IoT Devices Are Compromising Enterprise Networks
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
49 Million Instagram Influencer Records Exposed in Open Database
An AWS-hosted database was configured with no username or password required for access to personal data.
Data Security: Think Beyond the Endpoint
A strong data protection strategy is essential as data moves across endpoints and in the cloud.
97% of Americans Can’t Ace a Basic Security Test
Still, a new Google study uncovers a bit of good news, too.
Financial Sector Under Siege
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
7 Signs of the Rising Threat of Magecart Attacks in 2019
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
Exposed Elasticsearch Database Compromises Data on 8M People
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Microsoft Builds on Decentralized Identity Vision
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
Baltimore Ransomware Attack Takes Strange Twist
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Effective Pen Tests Follow These 7 Steps
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Poorly Configured Server Exposes Most Panama Citizens' Data
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
78% of Consumers Say Online Companies Must Protect Their Info
Yet 68% agree they also must do more to protect their own information.
Symantec CEO Greg Clark Steps Down
Exec shake-up comes amid earnings drop in financial report.
How the Skills Gap Strains – and Constrains – Security Pros
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
Attackers Add a New Spin to Old Scams
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Trust the Stack, Not the People
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
Massive Dark Web 'Wall Street Market' Shuttered
Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.
The 2019 State of Cloud Security
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
Security Depends on Careful Design
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
