One of the most-heard complaints from security experts is that often they find their work repetitive ("The CFO's laptop has been compromised... again!"), which results in the desire of trying something "new", meaning "leave for another company." Another common complaint is that the work is very compartmentalized, and...
The Microsoft Vulnerabilities Report 2019 analyzes the data from security bullitens issued by Microsoft throughout 2018. On the second Tuesday of every month, or "Patch Tuesday," Microsoft releases fixes for any vulnerabilities affecting Microsoft products. This report compiles these releases into one, holistic...
The latest report from Tenable Research analyzes vulnerability prevalence in the wild, highlighting the cyber threats that security practitioners are dealing with in practice - not just in theory. Our research shows that enterprises must triage more than 100 critical vulnerabilities a day. To better understand where...
The latest report from Tenable Research analyzes vulnerability prevalence in the wild, highlighting the cyber threats that security practitioners are dealing with in practice - not just in theory. Our research shows that enterprises must triage more than 100 critical vulnerabilities a day. To better understand where...
Tenable Research's analysis shows that how the race begins is a key indicator of how it will end. But, security teams have the power to reclaim the advantage by developing a risk-centric mindset and more agile vulnerability management.
Download the report now to:
Find out more about Tenable Research's analysis of...
A vulnerability in a U.S. Postal Service application for tracking mail in real time reportedly allowed anyone logged into the service to view personal data, and it persisted for more than a year after USPS failed to heed a warning from an anonymous security researcher.
A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.
Gartner receives frequent inquiries from clients who are...
In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML)
algorithm to identify four distinct strategies, or "styles." These are based on five VA key performance indicators (KPIs)
which correlate to VA maturity characteristics.
This study specifically focuses...
No one migrates to the cloud to become less secure than before the migration. Knowing what to expect when it comes to security will allow you to avoid pitfalls and slow migrations.
Download this white paper and learn how to avoid:
Exposing sensitive information;
Accounts running amok;
Network misconfigurations...
Traditional pen tests work well for testing on-site security and running crystal-box, insider tests. However, adding a hacker-powered pen test to your rotation of traditional pen tests enables you to do true black box testing.
Download this white paper and learn how hacker-powered pen testing:
Utilizes more...
The Hacker-Powered Security Report 2018 is the most comprehensive report on the bug bounty and vulnerability disclosure ecosystem. It contains a detailed analysis of 78,275 security vulnerability reports reported over the past year by ethical hackers through more than 1,000 programs.
This report looks exclusively...
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
As the threat landscape evolves in today's networks, information security teams are scrambling to keep up. Attackers are using new and stealthy methods to infiltrate organizations and steal data, and the complexity of most environments makes it easier than ever for attackers to compromise assets and send malicious...
The head of the NSA's Cybersecurity Threat Operations Center says attackers haven't bothered targeting unclassified U.S. Defense Department networks with a zero-day exploit in 24 months. Instead, they attempt to exploit flaws within 24 hours of information of the vulnerability or exploit going public.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
