In this report, we provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. We analyze vulnerability prevalence in the wild,
based on the number of affected enterprises, to highlight vulnerabilities that security practitioners...
Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
This research report examines the difference in time between when a public exploit for a vulnerability is published
and when users actively assess it. These two events represent the first move the attacker and defender make.
The premise of this paper is that this delta is an indicative metric in determining Cyber...
In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML)
algorithm to identify four distinct strategies, or "styles." These are based on five VA key performance indicators (KPIs)
which correlate to VA maturity characteristics.
This study specifically focuses...
As the modern attack surface rapidly expands, companies must get the basics right. Yet each time a data security breach hits the news, there are reactionary questions are what could have been done to avoid the problem. More often than not these incidents occur because organizations commonly overlook basic security...
Kevin McDonald, director of clinical information security at Mayo Clinic, spells out several steps for helping to ensure the security of medical devices, stressing there's no "silver bullet" that can do the job. He'll be a speaker at ISMG's Healthcare Security Summit, to be held Nov. 13-14 in New York.
Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad."
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Many of the computer devices to be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
A newly released report from the U.S. Government Accountability Office on the massive 2017 Equifax data breach provides a postmortem look at what went wrong, centering on the credit bureau's identification, detection, segmentation and data governance, as well as a failure to rate-limit database requests.
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.