Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Super Bowl Tech: A Supersized Role For Security
The cold weather has been the strongest story line throughout the entire NFL season. Sunday’s game will be no exception -- behind the scenes and on the field.
Yahoo Mail Passwords: Act Now
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts.
Finding The Balance Between Compliance & Security
IT departments can reduce security risks by combining the flexibility of ISO 27000 with the stringent requirements of PCI. Here’s how.
Angry Birds Site Toppled After Surveillance Report
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies.
Feds Arrest Bitcoin Celebrity In Money Laundering Case
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
How To Defend Point-Of-Sale Systems
US-CERT gives advice on defending POS systems against attacks like those against Target, Neiman Marcus.
Michaels Stores Investigates Data Breach
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards.
Neiman Marcus Data Breach: 1.1M Cards Exposed
Debit and credit card details 'scraped' during transactions in stores.
China Blames Massive Internet Blackout On Hackers
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say.
Target Mocks, Not Helps, Its Data Breach Victims
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Politically Motivated Cyberattackers Adopt New Tactics
Organized cybergroups from China, Syria, and Russia are finding new ways to breach enterprises, CrowdStrike reports.
Power Utility Substations At Risk
"Project Robus" so far has exposed dozens of security flaws in software using popular ICS/SCADA network protocol, but several vendors still have not patched.
Target Breach: 5 Unanswered Security Questions
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers.
Target, Neiman Marcus Malware Creators Identified
Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm.
Target Malware Origin Details Emerge
Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.
Java 'Icefog' Malware Variant Infects US Businesses
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations.
Blackphone Promises To Block Snooping
Geeksphone and Silent Circle promise their new smartphone will lock out spies. But the details, including how it works, aren't clear.
What Healthcare Can Teach Us About App Security
The Centers for Disease Control protects people from health threats and increases the health security of our nation. It’s a mission that’s not so different from InfoSec.
Target Breach: 8 Facts On Memory-Scraping Malware
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
Neiman Marcus, Target Data Breaches: 8 Facts
A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers.
Why IT Security RFPs Are Like Junk Food
Buying the latest security technology won't save you if your company isn't carrying out basic health checks.
Fearing NSA Surveillance, 25 Percent Of Firms Plan To Move Data Offshore
Scandal over NSA privacy violations causes a quarter of companies to change data hosting locations
9 Security Experts Boycott RSA Conference
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA.
How Cloud Security Drives Business Agility
Cloud computing represents a unique opportunity to re-think enterprise security and risk management.
Name That Toon: Contest Winners Named
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
OpenSSL Says Breach Did Not Involve Corrupted Hypervisor
Hosting provider's compromised password system, not a hacked hypervisor, led to defacing of OpenSSL.org site, site reps say – after VMware cries foul.
5 Monitoring Initiatives For 2014
To get better visibility into the business and potential threats inside their networks, companies should collect more data, use context, and invest more in their employees' expertise
Physical & Network Security: Better Together In 2014
How ready are you for the day you discover there are more networked IP security cameras than laptops in your infrastructure – and none adheres to 802.1x standards?
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
