Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Customized Malware: Confronting an Invisible Threat
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
And why it’s your job to change with it and ‘skate where the puck is headed.’
Payment Card Industry Security Compliance: What You Need to Know
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Privacy Babel: Making Sense of Global Privacy Regulations
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
To Gain Influence, CISOs Must Get Security's Human Element Right
Focusing on certain elements of security in isolation can cause a false sense of security.
Commercial IoT: Big Trouble in Small Devices
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. There’s also a readily available solution called ‘HIP.’
How Identity Deception Increases the Success of Ransomware
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Prioritizing Threats: Why Most Companies Get It Wrong
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
Phishing Your Employees for Schooling & Security
Your education program isn't complete until you test your users with fake phishing emails.
Report: ‘OilRig' Attacks Expanding Across Industries, Geographies
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it won’t happen overnight.
Embrace the Machine & Other Goals for CISOs
Here are five ways we can become more effective for our organizations.
In Cyber, Who Do We Trust to Protect the Business?
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Ethical Hacking: The Most Important Job No One Talks About
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Trust Begins With Layer 1 Encryption
In today’s distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Here’s how.
Security in the Age of Open Source
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Debunking 5 Myths About DNS
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
The Industrial Revolution of Application Security
DevOps is driving big changes in the industry, but a cultural shift is needed.
What Your SecOps Team Can (and Should) Do
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
IoT & Liability: How Organizations Can Hold Themselves Accountable
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are …
Securing Today’s 'Elastic Attack Surface'
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
In a Cybersecurity Vendor War, the End User Loses
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
Trust, Cloud & the Quest for a Glass Wall around Security
In the next year, we’re going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
Google’s ‘SHA-1 Countdown Clock’ Could Undermine Enterprise Security
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New York’s Cyber Regulations: How to Take Action & Who’s Next
Even if your company isn’t directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Threats Converge: IoT Meets Ransomware
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
How to Use & Share Customer Data without Damaging Trust
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
Three Years after Heartbleed, How Vulnerable Are You?
You may have a problem lurking in your open source components and not know it. Start making a list...
Best Practices for Lowering Ransomware Risk
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
