Commentary
Latest Content
|
95% of Organizations Have Cultural Issues Around Cybersecurity
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
Cyber Crooks Diversify Business with Multi-Intent Malware
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Understanding Evil Twin AP Attacks and How to Prevent Them
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
To Click or Not to Click: The Answer Is Easy
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Empathy: The Next Killer App for Cybersecurity?
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
RIP, 'IT Security'
Information security is vital, of course. But the concept of "IT security" has never made sense.
'CARTA': A New Tool in the Breach Prevention Toolbox
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
The technology never really took off in IT, but it could be very helpful in the industrial world.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
5 Reasons Why Threat Intelligence Doesn't Work
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.
Hidden Costs of IoT Vulnerabilities
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
After the Breach: Tracing the 'Smoking Gun'
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
Tackling Cybersecurity from the Inside Out
New online threats require new solutions.
Where Is the Consumer Outrage about Data Breaches?
Facebook, Equifax, Cambridge Analytica … Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Not Every Security Flaw Is Created Equal
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
How the Power of Quantum Can Be Used Against Us
There has been a palpable shift from volumetric attacks to "quantum attacks," and they look to be one of the biggest cybersecurity challenges on the rise today.
Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk
Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.
The Case for MarDevSecOps
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
10 Steps for Creating Strong Customer Authentication
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
AppSec Is Dead, but Software Security Is Alive & Well
Application security must be re-envisioned to support software security. It's time to shake up your processes.
3 Keys to Reducing the Threat of Ransomware
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Securing Serverless: Attacking an AWS Account via a Lambda Function
It’s not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Securing Severless: Defend or Attack?
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
Tackling Supply Chain Threats
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Benefits of DNS Service Locality
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
The Browser Is the New Endpoint
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
Good Times in Security Come When You Least Expect Them
Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.
Understanding SOCs' 4 Top Deficiencies
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
Risky Business: Dark Reading Caption Contest Winners
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Getting Up to Speed with "Always-On SSL"
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Cybercrime-as-a-Service: No End in Sight
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
The Three Dimensions of the Threat Intelligence Scale Problem
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
A Cybersecurity Weak Link: Linux and IoT
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
4 Ways to Fight the Email Security Threat
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Threat Hunters & Security Analysts: A Dynamic Duo
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
Not All Multifactor Authentication Is Created Equal
Users should be aware of the strengths and weaknesses of the various MFA methods.
The Better Way: Threat Analysis & IIoT Security
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Security Researchers Struggle with Bot Management Programs
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
New Domains: A Wide-Open Playing Field for Cybercrime
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Technology such as Apple's device trust score that decides "you" is “not you” is a good thing. But only if it works well.
GDPR Report Card: Some Early Gains but More Work Ahead
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
Putting Security on Par with DevOps
Inside the cloud, innovation and automation shouldn't take a toll on protection.
Stop Saying 'Digital Pearl Harbor'
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This