Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Office 365: A Vehicle for Internal Phishing Attacks
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
7 Things to Know About Today's DDoS Attacks
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Cloud Security Alliance Offers Metrics for Cyber Resiliency
As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.
Shellshock Still in the Crosshairs
Spike in scans for the flaw spotted en masse in Q2.
Forcepoint Snaps Up RedOwl
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
10 Time-Consuming Tasks Security People Hate
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
To stay ahead of the bad guys, security teams need to think like criminals, leverage AI’s ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value.
GDPR Compliance Preparation: A High-Stakes Guessing Game
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
China, US Top List Of Countries With Most Malicious IPs
Brazil has 20% more risky IPs than Russia, Recorded Future's analysis shows.
Comparing Private and Public Cloud Threat Vectors
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
Trump Makes US Cyber Command an Official Combat Arm
Move seen as step one in spinning off the command from the NSA.
5 Factors to Secure & Streamline Your Cloud Deployment
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Facebook Doles Out $100K for Internet Defense Prize
Winners developed a new method of detecting spearphishing in corporate networks.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Cloud Complexity Mandates Security Visibility
The cloud is flexible, but security should be the top priority.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Amazon Tackles Security of Data in S3 Storage
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
WatchGuard Acquires Authentication Provider Datablink
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
Automating Defenses Against Assembly-Line Attacks
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
Risky Business: Why Enterprises Can’t Abdicate Cloud Security
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Qualys to Acquire Assets of Nevis Networks
The transaction aims to bolster Qualys' efforts in network traffic analysis and speeds up its move into the endpoint attack-mitigation and incident response market.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
