Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
6 Ways To Prepare For The EU’s GDPR
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Here’s how to prepare for them.
EMV: The Anniversary Of One Deadline, The Eve of Another
How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
Microsoft Launches Cloud-Based Fuzzing
'Project Springfield' debuts at Ignite conference.
Hacking The Polls: Where US Voting Processes Fall Short
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
5 Best Practices For Winning the IoT Security Arms Race
By focusing on a pragmatic approach to security, it’s possible to develop IoT solutions that will reduce future risk without breaking the bank.
25 Security Vendors To Watch
A wave of security companies are armed with technologies to help businesses mitigate the next generation of cyberattacks. Who are these vendors and what can they offer?
Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users
No 'connection' between August 2016 data dump claims and 2014 nation-state attack, company says.
Yahoo Sued By User Over 2014 Hacking
New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts.
Yahoo Breach: US Senator Seeks SEC Role In Probe
Democrat Mark Warner asks US Securities and Exchange Commission to investigate whether Yahoo completed obligations post breach discovery.
7 New Rules For IoT Safety & Vuln Disclosure
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
Spam Levels Spike, Thanks In Part To Ransomware
By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
7 Ways Cloud Alters The Security Equation
Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
FTC Releases Video With Data Breach Recovery Advice
The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.
SWIFT CISO: Cyber Threat 'Persistent'
Alain Desausoi describes threat as persistent, and says there's been progress in combating it via new SWIFT initiatives.
How Cloud, Mobile Are Changing IT, Security Management: Study
The evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks.
Florida Man Charged With Hacking Linux Servers
Donald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
The security approaches of yesterday won’t work in the cloud world of today and tomorrow.
Yes, The Cloud Can Be A Security Win
With the right controls in place, the cloud doesn’t have to be a scary place. These guidelines can help your company stay safe.
Google, Facebook, Twitter, Petition Congress To Support ICANN Transition
Google, Facebook, Twitter, Yahoo and other tech companies ask Congress to not oppose the scheduled October 1 transfer of Internet control to global community.
Startup Focuses On Real-Time Security Monitoring Of Plant Networks
With $32 million in venture capital funding and co-founders from Siemens and Israeli Defense Force research teams, Claroty emerges from stealth.
A Moving Target: Tackling Cloud Security As A Data Issue
Today’s challenge is protecting critical information that an increasingly mobile workforce transfers every day between clouds, between cloud and mobile, and between cloud, mobile, and IoT.
White House Names First Federal CISO
Retired Brigadier General Touhill will serve as federal CISO.
Data Manipulation: An Imminent Threat
Critical industries are largely unprepared for a potential wave of destructive attacks.
Avoiding The Blame Game For A Cyberattack
How organizations can develop a framework of acceptable care for cybersecurity risk.
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims
Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users' accounts.
Defining The Common Core Of Cybersecurity: Certifications + Practical Experience
Security certifications are necessary credentials, but alone won’t solve the industry’s critical talent gap.
Cloud Security Alliance: 10 Ways To Achieve Access Control For Big Data
A look at granular access control of the big data security and privacy.
Social Media Fraud Spikes, Study Finds
Nearly 20% of social media accounts associated with ten major global brands are fraudulent.
How To Talk About Security With Every C-Suite Member
Reframe your approach with context in order to get your message across.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
