Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Cybercrime: A Black Market Price List From The Dark Web
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
Think Risk When You Talk About Application Security Today
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
Tell DR: What Are Your Biggest Unanswered Security Questions?
Fill us in, Dark Reading community. What challenges and mysteries leave you scratching your heads and throwing up your hands?
No Place For Tor In The Secured Workplace
When it comes to corporate security, anonymity does not necessarily ensure protection of one’s private information – nor that of your employer.
Beyond Back Doors: Recalibrating The Encryption Policy Debate
Three compelling reasons why access to back doors should not be the intelligence and law enforcement community’s main policy thrust in the fight against terrorism.
Home Depot To Pay $19.5 Million In Data Breach Settlement
Home improvement chain agrees to pay for out-of-pocket losses incurred by US shoppers from 2014 data breach, and promises to improve its payment systems' data security.
Anonymous To Launch Cyberattacks Against Trump Campaign Starting April 1
Planned attacks a response to candidate’s controversial campaign rhetoric, hacking collective says.
CISO Playbook: Suit-up & Play Offense
In the game of IT security there are thousands of tools available, but the very best strategy to prepare for an opponent is to know your own weaknesses.
5 Hot Security Job Skills
Cybersecurity job openings are looking for people with a blend of technical, security, and industry-specific talents -- and it helps to know Python, Hadoop, MongoDB, and other big-data analysis tools, too.
FBI's Most Wanted Cybercriminals
The Federal Bureau of Investigation has got millions of dollars worth of rewards waiting for those who can help them nab these accused cyber thieves, spies and fraudsters.
‘Must Haves’ & ‘Must Dos’ For The First Federal CISO
Offensive and defensive experience, public/private sector know-how, ‘mini-NSA’ mindset and vision are top traits we need in a chief information security officer.
Presidential Candidates Get Graded On Their Cybersecurity Stances
Trump, Clinton, Sanders, Cruz, Rubio, Kasich, are all unified when it comes to blaming China -- but no one gets higher than a "C" average grade in any category.
Security Lessons From “The Gluten Lie”
How faith healers and security vendors have learned what lies work.
Why Security & DevOps Can’t Be Friends
Legacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000’s is just a small part of the application security problem.
The New BEC Phishing Attack: Stealing Data Instead Of Cash
Duped by phishers posing as company executives, Seagate and Snapchat expose employee tax, payroll data.
Forgot My Password: Caption Contest Winners Announced
Sticky notes, clouds and authentication jokes. And the winning caption is...
A Warning for Wearables: Think Before You Emote
An examination of how wearable devices could become the modern equivalent of blogs broadcasting proprietary workplace information directly to the Internet of Things -- and beyond.
Hottest Topics To Come Out Of RSA Conference
Encryption, bug bounties, and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week.
Cloud Survival Guide: 3 Tips For CISOs
To thrive in the cloud era, CISOs must refashion their roles as business enablers, adopt automation wherever possible, and go back to the basics on security hygiene.
Encryption, Privacy & Skills Shortage Hot Topics On RSA Keynote Stage
From the president of RSA to the director of the NSA, all RSA conference keynotes mentioned needs for protecting liberties and increasing the infosec workforce.
To Improve Workforce Diversity, Widen The Search, Feed Infosec Talent Pipeline
RSA Conference 2016: Session panelists offered practical tips on how to attract more women and minorities, and challenged attendees to do some soul-searching.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
