7 Need-To-Know Attack Stats

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

alphaa10,
User Rank: Strategist
6/27/2016 | 11:35:57 PM

Wrong Direction

As if matters were not dire enough with an explosion in sophisticated, effective hacker tools, every criminal element which can capture a programmer or buy the software expects to rake in unprecedented profit.

Are corporate chiefs still asleep, trusting in the old IDS model for security? From all appearances, they are, indeed, and it will take millions more in losses before they awaken to the threat.

Poor training, coupled with antiquated threat indentification methods, understaffed IT sections, merger-speed corporate expansion, and profound ignorance of the threat conspire to make "corporate security" (almost) an oxymoron.

For Dark Readers, these are the dark ages of network security.

Reply | Post Message | Messages List | Start a Board

50%

kbannan100,
User Rank: Moderator
6/22/2016 | 10:49:33 AM

Re: The million dollar mark

"...the time from attack to compromise and attack to exfiltration is rarely longer than a few days."

Which means you have to be doubly vigilant when it comes to protecting everything -- endpoints such as printers and mobile devices, wireless connections, everything! And people are not doing that. Here's a portion of a white paper I have open on my desktop:

"Many do not realize that embedded devices such as printers and industrial controllers can be the source or initial access point for a network breach. In fact, one of the largest identity theft cases in 2014 involved Target's POS systems and leveraged weaknesses within the building's HVAC systems to gain a foothold within Target's internal network."

Crazy! The white paper can be found here, BTW: bit.ly/1sq1kyG

--Karen Bannan, commenting for IDG and HP

Reply | Post Message | Messages List | Start a Board

100%

Charlie Babcock,
User Rank: Ninja
6/21/2016 | 6:10:13 PM

The million dollar mark

Slide 4: Find a breach in its first 100 days, save a million dollars. Whew. What a statistic.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

California Man Arrested for Politically Motivated DDoS

Dark Reading Staff 2/21/2020

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Robert Lemos, Contributing Writer, 2/20/2020

Ransomware Damage Hit $11.5B in 2019

Dark Reading Staff 2/20/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

Digital Transformation Built on the Cloud

Apex Report: Global Cyber Infection

Ransomware Defense for Dummies - 2nd Edition

More White Papers

Video

All Videos

Cartoon

Latest Comment: "... you see, he has solid cyber security knowledge, still we cannot hire him with his long hair and T-shirt"

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-18238
PUBLISHED: 2020-02-26

Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 3.0 or lower IOxpress configuration utility, Version 2.3.0 or lower. Sensitive information is stored in configuration files without encryption, which may allow an attacker to a...

CVE-2019-17274
PUBLISHED: 2020-02-26

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

CVE-2019-17275
PUBLISHED: 2020-02-26

OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.

CVE-2020-3169
PUBLISHED: 2020-02-26

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...

CVE-2020-3170
PUBLISHED: 2020-02-26

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]