Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Software Assurance: Time to Raise the Bar on Static Analysis
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
How To Hack A Human
Check out social engineering expert and founder of the DEF CON Social Engineering Capture the Flag contest Chris Hadnagy's recent interview on Dark Reading Radio.
Can We Talk? Finding A Common Security Language
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
How SaaS Adoption Is Changing Cloud Security
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
Dark Reading Radio: Trends In Application Security
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
The Truth About Ransomware: You’re On Your Own
What should enterprises do when faced with ransomware? The answer is, it depends.
An AppSec Report Card: Developers Barely Passing
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
5 Ways To Monitor DNS Traffic For Security Threats
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
Data Privacy Etiquette: It's Not Just For Kids
Children are the innocent victims of the worst effects of social media. That’s why it’s vital for adults to establish privacy values that are safe for them -- and the rest of us.
DR Radio: A Grown-Up Conversation About Passwords
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
In Defense Of Passwords
Long live the password (as long as you use it correctly along with something else).
5 Myths: Why We Are All Data Security Risks
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
Why Email Is Worth Saving
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
Apple Pay: A Necessary Push To Transform Consumer Payments
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
Privacy, Security & The Geography Of Data Protection
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
Black Hat & DEF CON: 3 Lessons From A Newbie
Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.
Dark Reading Radio: CISO James Christiansen Shares Experiences
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
No End In Sight For Ransomware
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users don’t pay up.
Poll: Significant Insecurity About Internet of Things
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
In Cloud We Trust: A New Model
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
Celeb Hack: Is Apple Telling All It Knows?
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You’re darn tootin'!
“Contactless” HCE Payments Promise Simplicity But Is It Secure?
Host Card Emulation is a powerful and flexible technology, but like most software-dependent solutions, it can be hacked and exploited.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
