Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
New Threat Group Carrying Out Aggressive Ransomware Campaign
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Expect an Increase in Attacks on AI Systems
Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows.
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
Attackers Heavily Targeting VPN Vulnerabilities
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
Clear & Present Danger: Data Hoarding Undermines Better Security
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
New Malware Downloader Spotted in Targeted Campaigns
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
Did 4 Major Ransomware Groups Truly Form a Cartel?
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
7 Security Strategies as Employees Return to the Office
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
