Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Bank Phishing: It Doesn't Take Much For Phishers To Take A Lot
Most people ignore -- and, one hopes, delete unopened -- those phishmails that pose as correspondence from legitimate banks. But even a fraction of a percentage of responses generates millions for the crooks.
KACE Adds Patch and Remediation To Strengthen Patch Management For Endpoint Security
The new technology is designed to improve patching support and add automated patch management to KBOX systems management appliances.
Researcher: iPhone Data Easy To Cultivate
While there hasn't been any attacks on iPhones that haven't been jailbroken, one researcher has shown that once a rogue application makes its way onto the device - there's not much it can't do with your data.
Global CIO: The Top 50 Tech Quotes From 2009
What were the most-memorable, confrontational, insightful, and valuable comments in 2009? We've pulled together 50 of the best.
SMB Security Spending To Grow In 2010, Vendors Say. What Say You?
Small and midsized businesses are "poised" for security growth in 2010, according to a recent panel of experts. But that same conversation included warnings that the growth would come while SMBs continue to slash budgets. Paradox? Not when you factor in the cloud and security services.
The Case For Specialized Hardware
As we described in the last few entries, adding storage software to standard servers or even to virtual servers is making more sense for a variety of data centers because of the increased performance capabilities of the Intel processor family. Despite this there may still be times in certain environments where there is a need for specialized storage hardware.
Global CIO: Outsourcer HCL To Cut Insurer's Costs By $150 Million
HCL is taking on an end-to-end chain of processes in a deal valued at $200 million that blends IT infrastructure and services with deep business processes and more.
Test Drive Of Metasploit's NeXpose Plug-In
Rapid7's acquisition of the Metasploit Project caused a lot of heads to turn. Concerns were raised about the project's future, specifically that of the Metasploit Framework. I held back from saying anything at the time because I was hoping for the best. Yesterday marked the first Metasploit Framework release that shows promise of the future by including integration with Rapid7's NeXpose vulnerability scanner.
Firefox On Fire
Firefox is hot. The latest numbers show it now owns one-fourth of the browser market right now. But fame, of course, comes with a price: A recent, separate report shows that Firefox accounted for nearly 45 percent of all Web vulnerabilities in the first half of this year.
Security Pro Market Heating Up
The good news for IT security professionals is that demand for their skills is likely to increase in the next few months, according to Robert Half Technology. The challenging news for small and midsized businesses looking for security pros is that rising demand for their skills is going to make finding and hiring them harder.
What IBM's Acquisition Of Guardium Really Means
IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.
Global CIO: Will SAP Move To Tiered Maintenance Fees?
SAP's intentions are always difficult to discern, but it might be on the verge of revising the support/maintenance fees its customers love to hate.
New Ransomware Attack Underway
Security researchers at CA have found a new so-called "ransomware" attack underway. There are many things you can say about malware writers. Most of it would be NSFW. But you can't say they don't work hard at what they do.
The Secret Sauce For Security Blogging
I recently wrote in my personal blog about how some security blogs manage to engage their audience better than others and make their readers feel more in touch with what's happening -- on top of earning credibility.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
