Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Newbie’s 'How To Survive Black Hat' Guide
There’s little chance you won’t be totally exhausted after “drinking from the information firehose” all week. But if you follow these eight steps, it will be a very satisfying kind of fatigue.
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
With the explosion of mobile, cloud, and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
The Blind Spot Between The Cloud & The Data Center
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and you’re likely to get some confused looks. Here’s why.
Mind The Gap: CISOs Versus 'Operators'
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
Security Lessons from My Financial Planner
Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Internet Of Things & The Platform Of Parenthood
A new father’s musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
Bug Poachers: A New Breed of Cybercriminal
As if security researchers don't have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
Phishing, Whaling & The Surprising Importance Of Privileged Users
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
Privacy Shield: Can the US Earn the EU’s Trust Post Apple vs. FBI?
Rebuilding the privacy framework for data transfer between the US and its European trading partners won’t be easy but it’s still a worthwhile effort.
The Gamble Behind Cyber Threat Intelligence Sharing
In theory, sharing threat intel makes sense. But in cybersecurity you're not dealing with known individuals, you’re dealing with anonymous adversaries capable of rapid change.
How Secure is Secure? Tips For Investing In The Right Strategy
Business alignment, defense-in-depth and a phased approach are three principles to follow when building out a solid security program.
Pretty Good Passwords: Cartoon Caption Contest Winners
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
What CISOs Need to Tell The Board About Cyber Risk
To avoid devastating financial losses, boards and the C-suite must have a deep understating of the cyber risks their organizations’ face. Here’s what they need to hear from the security team
A Look Back At Dark Reading's Best 10 Years (So Far)
The past decade in security -- from botnets that were bigger than some service provider networks to vulnerabilities that affected not only whole industries but the very fabric of the internet. And much, much more...
5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead
Today’s employers aren’t looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.
Self-Service Password Reset & Social Engineering: A Match Made In Hell
A sad tale of how hackers compromised a CEO’s corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
IoT Security: Onus On Developers, Security Researchers
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
Revealing Lessons About Vulnerability Research
It’s not clear why a dozen FBI agents showed up at a security researcher’s door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
The End Of A Security Decade -- And The Beginning Of A New One
Dark Reading wraps up its 10th anniversary coverage with a final look back at the decade -- and a look ahead.
Google Dorking: Exposing The Hidden Threat
Google Dorking sounds harmless, but it can take your company down. Here's what you need to know to avoid being hacked.
Deconstructing The Impact Of Ransomware On Healthcare’s IoT
If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?
Microsegmentation & The Need For An Intelligent Attack Surface
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
BYOD Security: How To Shift Device Control & Grant Users More Choice
Gartner’s ‘managed diversity’ model offers an ITIL-compliant information security solution to the problem of Shadow IT.
How Facebook Raises A Generation Of Intelligence Analysts
In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time.
How ‘Agile’ Changed Security At Dun & Bradstreet
Chief Security Officer Jon Rose shares the whys and wherefores of integrating agile software development methodology into a traditional security environment.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
