Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
At the most basic level, organizations must understand their data, the entry points, and who has access. But don’t forget to keep your backup systems up to date.
6 Ways To Hack An Election
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
US Think Tanks Involved In Russia Research Allegedly Hacked
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Report: Hackers Breach Two State Election Databases, FBI Warns
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
The Hidden Dangers Of 'Bring Your Own Body'
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
When Securing Your Applications, Seeing Is Believing
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security ‘Portfolios’ Vs. Reporting Structures
Organizational structure is a tool for driving action. Worrying about your boss’s title won’t help you as much as a better communication framework.
Hacktivists Take Aim At Olympics Broadcast Service
Broadcasts and images of Games left intact, but employee contact information apparently breached.
FireEye Probes Suspected Breach Of Clinton Charity Site: Sources
Officials say attackers reportedly employed same technique as used in Russia-backed hacking of Democratic Party groups.
Darknet: Where Your Stolen Identity Goes to Live
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
5 Strategies For Enhancing Targeted Security Monitoring
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Digital security hasn’t kept pace in this always-connected era. Is infosec up to the challenge?
Poorly Configured DNSSEC = Potential DDoS Weapon
New research from Neustar shows how attackers could abuse DNSSEC-secured domains for distributed denial-of-service (DDoS) attacks.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Join us for a wide-ranging discussion with (ISC)² Chief Exec David Shearer on the most worrisome infosec trends and challenges.
DDoS Attack On Aussie Swimming Site Linked To Horton-Sun Yang Feud
Cyberattack soon after Australian swimmer accuses Chinese rival of being a ‘drug cheat.'
6 Things To Know For Securing Amazon Web Services
AWS is coming out with more new cloud security features.
Trouble In the Cloud: More Than Half Of Organizations Facing Security Woes
Survey shows security professionals are grappling with unauthorized data sharing and other security incidents in SaaS cloud environments.
Global Businesses Ask China To Revise Draft Cyber Rules
Security may weaken, economic growth hampered, if draft made into law, say 46 businesses in letter to Li Keqiang.
Substantially Above Par: DR Cartoon Caption Contest Winners
Critical vulnerabilities, links & virtual reality. And the winner is...
The Future Of ATM Hacking
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Bitcoins Forfeited In Silk Road Cases To Be Auctioned
US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Data Protection From The Inside Out
Organizations must make fundamental changes in the way they approach data protection.
New Internet Security Domains Debut
Meet the new .security and .protection domains.
Dark Reading News Desk Coming Back To Black Hat, Live
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Best Of Black Hat Innovation Awards: And The Winners Are…
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Kaminsky Creates Prototype To Lock Out Attackers
Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
