Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
10 Steps for Creating Strong Customer Authentication
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
AppSec Is Dead, but Software Security Is Alive & Well
Application security must be re-envisioned to support software security. It's time to shake up your processes.
3 Keys to Reducing the Threat of Ransomware
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Tackling Supply Chain Threats
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Benefits of DNS Service Locality
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
The Browser Is the New Endpoint
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
IoT Bot Landscape Expands, Attacks Vary by Country
New report finds 1,005 new user names and passwords beyond Mirai’s original default list two years ago.
Gartner Experts Highlight Tech Trends – And Their Security Risks
Security must be built into systems and applications from the beginning of the design process, they agreed.
Google Patch to Block Spectre Slowdown in Windows 10
Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Cybercrime-as-a-Service: No End in Sight
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
The Three Dimensions of the Threat Intelligence Scale Problem
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
A Cybersecurity Weak Link: Linux and IoT
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
4 Ways to Fight the Email Security Threat
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
12 Free, Ready-to-Use Security Tools
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Not All Multifactor Authentication Is Created Equal
Users should be aware of the strengths and weaknesses of the various MFA methods.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
Stop Saying 'Digital Pearl Harbor'
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
