Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Simple Security Is A Better Bet
Complex security programs are little better than no security
Q&A: FedRAMP Director Discusses Cloud Security Innovation
Maria Roat, FedRAMP director, speaks with former Transportation Department CIO Nitin Pradhan on the federal government's approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Looking For A Security Job? You Don't Need To Be Bo Derek
7 tips to convince a hiring manager that you're a perfect fit.
Vanishing IT Security Boundaries Reappearing Disguised As Identity
It's that time of year, when nothing is as it seems. If cloud and mobile are haunting your dreams, consider some open protocol treats.
Think Hackers Are IT's Biggest Threat? Guess Again
More than one third of all data security breaches at government agencies are caused accidentally by internal employees.
Quick Guide To Flash Storage Latency Wars
Because latency is the key performance differentiator in server-side flash, SSD, PCIe and memory bus flash storage vendors are competing on speed.
Failure To Deploy: Aided And Abetted By Shelfware
It takes more than technology acquisition to protect against the insider threat -- just ask the NSA
Experian Breach Fallout: ID Theft Nightmares Continue
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
Is Your DNS Server A Weapon?
As we improve our defenses against distributed-denial-of-service (DDoS) attacks, the bad guys adapt and step up their game, too. Here's how to use your domain name servers to ward off hackers.
The Reality Of Freshly Minted Software Engineers
Why do recent computer science graduates need to be retrained when they hit the commercial world?
We're All The APT
XKeyscore, FoxAcid: APT lines are blurring
Don't Let 'Spooks' Get Your Cloud Data
Lesson from National Cyber Security Awareness Month: Keys are the key, and keep it simple.
Evasion Techniques And Sneaky DBAs
Why should DBAs introduce security measures that make their jobs harder for the nebulous benefit of better security?
Distributing Malware Through Future App Stores
Difficult times ahead for app markets as professional malware developers ramp their evasion techniques
Next-Gen Spam: Quality Over Quantity
The industry has been remarkably innovative in developing business models to extract money from the unwary.
Stratfor Hacker: FBI Entrapment Shaped My Case
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
WordPress Attacks: Time To Wake Up
The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites.
Security Skills For 2023
Align your career with these top security trends
Make The Most Of National Cyber Security Awareness Month
NCSAM is a catalyst to get extra attention for your security programs
Penetration Testing With Honest-To-Goodness Malware
When did penetration-testing methodologies stop replicating the vectors attackers make?
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
