Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Got Attitude?
Attack attitude: Does China really not care about attribution?
Spamhaus DDoS Attacks: What Business Should Learn
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
Who Supplies CyberBunker?
The hosting company behind CyberBunker, the company allegedly behind the DDOS attacks on Spamhaus, connects to the Internet through other providers. Perhaps the only way to pressure those responsible for the attacks is to put pressure on the upstream providers
BlackBerry Balance: The Real Reason To Buy It
BlackBerry Z10 is a good phone, but it doesn't get really cool until you use it as both your work and personal phone. BlackBerry 10 has a series of features the company calls "BlackBerry Balance," to make both roles work well and to protect each from the other
Follow The Dumb Security Money
When security companies raise big funding rounds and spend big bucks at security conferences, be afraid -- very afraid
Arguments Against Security Awareness Are Shortsighted
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Mission Impossible: 4 Reasons Compliance Is Impossible
Compliance, like security, is not a constant
Putting Out Fires With Gasoline
Spending for security and identity products is going up, but here is a sobering thought that should give you pause--our solutions may be part of the problem
Database Security Restart
How to restart your database security program
Cisco Reports Some IOS Passwords Weakly Hashed
Type 4 plain-text user passwords on Cisco IOS and Cisco IOS XE devices are hashed not according to spec, but with no salt and just one SHA-256 iteration. Working around the problem can be clumsy
Samsung? BlackBerry? Who Will Win The Containerization Wars?
The chaos of multiple container formats won't last
On Security Awareness Training
The focus on training obscures the failures of security design
Your Password Is The Crappiest Identity Your Kid Will Ever See
Ever watch an episode of 'Mad Men' and see everyone smoking? Some kid in 2045 will look at their parent and ask, did you really have to enter a password that many times?
With Biometrics, Can Fingers Do Password Management's Work?
Biometrics are one way end users can, literally, "give the finger," to cumbersome password management systems. But it won’t be cheap.
Managing The Local Admin Password Headache
Forcing and managing unique passwords on Windows systems in an enterprise network can be challenging, but many tools are out there to help
Outsource Your Monitoring To The Business
Don't keep all of the fun to yourself
Database Security Operations
Process -- not tools -- is important
You've Been Hacked, But For How Long?
One of the big themes at the recent RSA Conference was awareness of threats already inside the network. The way you learn about these threats and lower your ‘Mean Time To Know’ (MTTW) about an intrusion is with profile-based network monitoring
Defending Local Admin Against Physical Attacks
Physical access usually spells game over, but protections can be put in place to help defend against local boot attacks
Better Patching Priority
What to consider when prioritizing risks
Samsung Knox Raises Android Security Game
Following the BlackBerry announcement of BES 10 as a general-purpose mobile management solution, Samsung has expanded its SAFE program to include EMM features like MAM and business/personal partitioning. These companies are advancing the technology for customers. Where are Microsoft and Apple in this?
Cerberus, White Courtesy Phone, Please
Why you need two opposing styles of monitoring
Password Police Cite Evernote Mistakes
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
The Great Lie Of Compliance
If you believe you are fully compliant, then you are not
BlackBerry Can Set EMM Standard With BES 10
The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices
Evernote Resets Everyone's Passwords After Intrusion
After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords
Kill Passwords: Hassle-Free Substitute Wanted
Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe.
Open Public Wi-Fi: How To Stay Safe
One day our systems will be built to default always to secure configurations, but we're not there yet
Defending Local Administrator Accounts
One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
