Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Ticking Time Bomb in Every Company's Code
Developers must weigh the benefits and risks of using third-party code in Web apps.
Your Digital Identity's Evil Shadow
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
The Challenge of Securing Non-People Identities
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
How to Secure Employees' Home Wi-Fi Networks
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Is Your Cloud Raining Sensitive Data?
Learn common Kubernetes vulnerabilities and ways to avoid them.
4 Ways CISOs Can Strengthen Their Security Resilience
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Challenging Our Education System to Nurture the Cyber Pipeline
Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.
Shift Left: From Concept to Practice
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
SOC 2 Attestation Tips for SaaS Companies
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
6 Tips for Managing Operational Risk in a Downturn
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dark Reading to Upgrade Site Design, Performance
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Wake Up and Smell the JavaScript
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
Handcuffs Over AI: Solving Security Challenges With Law Enforcement
We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
Rethinking Cyberattack Response: Prevention & Preparedness
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.
5 Ways to Transform Your Phishing Defenses Right Now
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.
Cartoon Caption Winner: Something Seems Afoul
And the winner of Dark Readings's March cartoon caption contest is ...
Ryuk's Rampage Has Lessons for the Enterprise
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
7 Ways to Reduce Cyber Threats From Remote Workers
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
US Tech Dominance Rides on Securing Intellectual Property
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
Solving the Leadership Buy-In Impasse With Data
Justify your requirements with real numbers to get support for security investments.
The Role of Visibility in Securing Cloud Applications
Traditional data center approaches aren't built for securing modern cloud applications.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
