Vulnerability Management

Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.

Here's how physical security teams can integrate with the business to identify better solutions to security problems.

Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.

A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.)