Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Apple Shares More Data with US in First Half of 2017
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Key Security Innovations Focus on Policy and Tech
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
How to Live by the Code of Good Bots
Following these four tenets will show the world that your bot means no harm.
Chevron's Jump to the Cloud is a Journey
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Why Size Doesn't Matter in DDoS Attacks
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
10 Hot Cybersecurity Funding Rounds in Q3
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
GDPR & the Rise of the Automated Data Protection Officer
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Viacom's Secret Cloud Keys Exposed
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Siemens' New ICS/SCADA Security Service a Sign of the Times
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
Public, Hybrid Cloud Security Fears Abound
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
Google, Spotify Build Open-Source Community for GCP Security
Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
Early Access program under way for new Azure cloud security feature.
Cloud Security's Shared Responsibility Is Foggy
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
Businesses Fail to Properly Secure, Assess SSH: ISACA
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
IBM Launches New Tools for Container Security
IBM's LinuxONE Emperor II addresses container security as researchers pay closer attention to containers' security shortcomings.
Cloud Security Hype Fails to Match Deployments
Technologies like software-defined perimeter and key management as-a-service generate enthusiasm but will take years to reach mainstream adoption.
10% of Ransomware Attacks on SMBs Targeted IoT Devices
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
Sandbox-Aware Malware Foreshadows Potential Attacks
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
GDPR Confusion Persists Among Businesses, Survey Shows
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
Amazon S3 Bucket Leaks Expose Classified US Veteran Data
Improperly configured Amazon S3 buckets led to the exposure of data belonging to veterans with Top Secret security clearance and Time Warner Cable customers.
Endpoint Security Overload
CISOs and their teams are over-investing in endpoint security tools, driving inefficiency and a need to consolidate data.
CISOs' Salaries Expected to Edge Above $240,000 in 2018
Other IT security professionals may garner six-figure salaries as well, new report shows.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
