Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How to Roll Your Own Threat Intelligence Team
A lot of hard work needs to go into effectively implementing an intelligence-driven security model. It starts with five critical factors.
How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there’s no better place to do it than Black Hat.
The Internet Of Tiny Things: What Lurks Inside
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
In Security, Know That You Know Nothing
Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.
Building Black Hat: Locking Down One Of The World’s Biggest Security Conferences
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
5 Failsafe Techniques For Interviewing Security Candidates
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
Tools & Training To ‘Hack Yourself’ Into Better Security
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
5 ‘Mr. Robot’ Hacks That Could Happen in Real Life
As season two of the popular TV series gets underway, we reality-check anti-hero Elliot’s hacking prowess against real-life security and attack scenarios.
Deconstructing Connected Cars: A Hack Waiting To Happen
Why your automobile’s simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
What's Next For Canada’s Surveillance Landscape?
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau government’s next move in the country’s complex privacy and security debate.
72% of Black Hat Attendees Expect To Be Hit By 'Major' Data Breach Within A Year
End users are the biggest weakness, and we're not doing enough to address the problem.
What I Expect to See At Black Hat 2016: 5 Themes
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here's what piques my interest this year.
EU’s General Data Protection Regulation Is Law: Now What?
Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril.
Dark Reading Launches Best Of Black Hat Awards Program; Finalists Selected
New awards recognize innovation on Black Hat exhibit floor, including startups, emerging companies, and industry thinkers.
Does Defense In Depth Still Work Against Today’s Cyber Threats?
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
A Holistic Approach to Cybersecurity Wellness: 3 Strategies
Security professionals need to rely on more than ‘vaccinations’ to protect the health and safety of company systems and data.
Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Whether it’s due to lack of attention, poor capital planning or alert fatigue, there are lots of reasons why an SOC can become unhealthy. Here’s how to make it better.
How Not To Write A Pen Test RFP
The downside of a failed request for a penetration test proposal is a no-win situation for everyone. Here are five common mistakes to avoid.
Big Business Ransomware: A Lucrative Market in the Underground Economy
Why lock and/or pilfer a person’s files worth hundreds of dollars when corporate data is infinitely more valuable?
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
