Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Financial Breaches Show ‘Trust Model’ Is Broken
It’s a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
Welcome To My Cyber Security Nightmare
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
Infographic: The Many Faces of Today’s Hackers
How many of these hacker personas are you dueling with in your organization?
What Scares Me About Healthcare & Electric Power Security
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
A Simple Formula For Usable Risk Intelligence
How infosec can cut through the noise and gain real value from cyberdata.
Poll: Patching Is Primary Response to Shellshock
As potential threats mount, Dark Reading community members home in on patching infrastructure but not devices, according to our latest poll.
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
Cyber Threats: Information vs. Intelligence
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
Insider Threats: Breaching The Human Barrier
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
Third-Party Code: Fertile Ground For Malware
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
Stolen Medical Data Is Now A Hot Commodity
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
In AppSec, ‘Fast’ Is Everything
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
Security Education K Through Life
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
How Retail Can Win Back Consumer Trust
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Birth names and legal names aren’t always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
Tokenization: 6 Reasons The Card Industry Should Be Wary
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
How Cookie-Cutter Cyber Insurance Falls Short
Many off-the-shelf cyber liability policies feature a broad range of exclusions that won’t protect your company from a data breach or ransomware attack.
How Retro Malware Feeds the New Threat Wave
Old-school exploits used in new ways are placing fresh demands for intel-sharing among infosec pros and their time-tested and next-gen security products.
Poll: Employees Clueless About Social Engineering
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
5 New Truths To Teach Your CIO About Identity
When CIOs talk security they often use words like "firewall" and "antivirus." Here’s why today’s technology landscape needs a different vocabulary.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
