Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Incident Response Now Shaping Security Operations
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/2/2014 | 8:47:49 AM
Re: Two common Web application attacks illustrate security concerns.
@andrewboon2739 I noticed that McGladrey is a provider of accounting, tax and consulting services. What are some of the principal threats and vulnerabilities you are seeing in your industry? And what are some of the recommendations you are giving to customers. 
andrewboon2739
50%
50%
andrewboon2739,
User Rank: Apprentice
4/2/2014 | 7:59:12 AM
Two common Web application attacks illustrate security concerns.

Interesting article. Hackers frequently gain access to important data using flaws in IT security systems and injecting malwares into web applications. Organization should conduct regular security maintenance and testing that focuses first on the most common threats to its applications. I work with McGladrey and there's a whitepaper on our website which offers very good information on common security concerns for business and ways to mitigate them @ http://bit.ly/1c0f35M readers will find it helpful .



Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
3/28/2014 | 5:14:15 PM
Re: IR Plan
It's interesting--IR is not a new concept by any means, but it seems it's finally becoming a more formalized strategy. I think high-profile breaches like Target's are going to make it even more of a mainstream part of the security operation.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/28/2014 | 4:52:44 PM
IR Plan
Its very important to have an IR plan. Working for a healthcare network, my team and I need to adhere to HIPAA standards among other sets of compliance regulations. Having an IR plan, although not a complete safety net, acts as somewhat of a buffer from a compliance standpoint. 

Losing data is never good, but when you have to incur compliance fines on top of damages paid to the victims, as well as losing clients you need re-instill faith to the consumer that they will be safe and that this is an out of the ordinary occurence. An IR can help lessen the weight of fines and show the consumer that you are on the right path towards safeguarding data.

This is not the only benefit to an IR. An IR can help an organization quickly and effectively map out a plan to deal with breaches. Closing the vulnerability and remedying the infection are two big proponents of having an IR in place.


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...