Vulnerability Management

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.)

Amid ongoing software supply-chain jitters, the US' top tech division is offering a finalized, comprehensive cybersecurity control framework for managing risk.

A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)

The venerable film franchise shows us how to take threats in STRIDE.

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker.

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)