Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
3 Ways Social Distancing Can Strengthen Your Network
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
5 Tips for Optimizing Your Company's Cyber-Crisis Preparedness
Cyber-incident response often addresses short-term needs, but we need to broaden the view of crisis management to be more forward-thinking.
Black Hat Virtually: An Important Time to Come Together as a Community
The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.
Using the Attack Cycle to Up Your Security Game
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
The Future's Biggest Cybercrime Threat May Already Be Here
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
Autonomous IT: Less Reacting, More Securing
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Banning TikTok Won't Solve Our Privacy Problems
Preventing the use of an apps based solely on its country of origin (no matter how hostile) is merely a Band-Aid that won't fully address all privacy and security concerns.
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
Deepfakes & James Bond Research Project: Cool but Dangerous
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
The InfoSec Barrier to AI
Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here's why.
Cybersecurity Lessons from the Pandemic
How does cybersecurity support business and society? The pandemic shows us.
The Data Privacy Loophole Federal Agencies Are Still Missing
Why knowledge-based authentication is leaving federal contact centers vulnerable to an increasingly sophisticated hacker community.
Leading Through Uncertainty: Be Proactive in Your Dark Web Intelligence Strategy
Having a strong Dark Web intelligence posture helps security teams understand emerging vulnerability trends.
UK Data Privacy Legislation Cannot Be Bypassed to Limit Spread of COVID-19
The UK faces GDPR data privacy challenges regarding its COVID-19 "Test and Trace" program. Despite the importance of contact tracing, its intent to ignore privacy legislation is extremely worrying.
What Organizations Need to Know About IoT Supply Chain Risk
Here are some factors organizations should consider as they look to limit the risk posed by risks like Ripple20.
Cybersecurity Leaders: Invest In Your People
Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust.
Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift
The only entities equipped to safeguard Internet of Things devices against risks are the IoT device manufacturers themselves.
How Nanotechnology Will Disrupt Cybersecurity
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
Top 5 Questions (and Answers) About GRC Technology
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
'Make Your Bed' and Other Life Lessons for Security
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Omdia Research Launches Page on Dark Reading
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
Fight Phishing with Intention
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
Pen Testing ROI: How to Communicate the Value of Security Testing
There are many reasons to pen test, but the financial reasons tend to get ignored.
Fresh Options for Fighting Fraud in Financial Services
Fraud prevention requires a consumer-centric, data sharing approach.
Why Cybersecurity's Silence Matters to Black Lives
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
Applying the 80-20 Rule to Cybersecurity
How security teams can achieve 80% of the benefit for 20% of the work.
How to Assess More Sophisticated IoT Threats
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
Introducing 'Secure Access Service Edge'
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Considerations for Seamless CCPA Compliance
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
4 Steps to a More Mature Identity Program
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
