Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Why Automation Will Free Security Pros to Do What They Do Best
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Lessons From the Black Hat USA NOC
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
4 Benefits of a World with Less Privacy
The privacy issue is a problem for a lot of people. I see it differently.
How One Company’s Cybersecurity Problem Becomes Another's Fraud Problem
The solution: When security teams see something in cyberspace, they need to say something.
Why Security Needs a Software-Defined Perimeter
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
WhatsApp: Mobile Phishing's Newest Attack Target
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
How Can We Improve the Conversation Among Blue Teams?
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
A False Sense of Security
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
The GDPR Ripple Effect
Will we ever see a truly global data security and privacy mandate?
Embedding Security into the DevOps Toolchain
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
The Votes Are In: Election Security Matters
Three ways to make sure that Election Day tallies are true.
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
Data Privacy Careers Are Helping to Close the IT Gender Gap
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Make a Wish: Dark Reading Caption Contest Winners
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
The 5 Challenges of Detecting Fileless Malware Attacks
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
Overcoming 'Security as a Silo' with Orchestration and Automation
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Open Source Software Poses a Real Security Threat
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Equifax Avoided Fines, but What If ...?
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
The Enigma of AI & Cybersecurity
We've only seen the beginning of what artificial intelligence can do for information security.
Oh, No, Not Another Security Product
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
Breaking Down the PROPagate Code Injection Attack
What makes PROPagate unique is that it uses Windows APIs to take advantage of the way Windows subclasses its window events.
Shadow IT: Every Company's 3 Hidden Security Risks
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
4 Reasons Why Companies Are Failing at Incident Response
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Power Grid Security: How Safe Are We?
Experiencing a power outage? It could have been caused by a hacker … or just a squirrel chewing through some equipment. And that's a problem.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
How AI Could Become the Firewall of 2003
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
5 Steps to Fight Unauthorized Cryptomining
This compromise feels like a mere annoyance, but it can open the door to real trouble.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
