Penetration Testing has been around for years, but many organizations are missing the mark when it comes to utilizing this security powerhouse. While they understand the need for a penetration test, organizations are challenged with understanding the right level of risk assessment for the organization, the ROI...
Security teams are dealing with more vulnerabilities than they can handle. Spreading these limited resources too thin can quickly lead to inefficiency and burnout. Don't waste precious time remediating vulnerabilities that pose little to no risk.
With risk-based vulnerability management, you'll know exactly which...
The main methods that organizations use to verify that their systems and data are protected, are vulnerability scans and penetration tests. However, these do not provide a continuous and complete evaluation of an organization's security posture; especially when it comes to more sophisticated, multi-vector...
The number of patches you need to deploy each month is already vast and it continues to grow every day. No wonder only 1 in 10 get deployed.
The most efficient way to keep your IT estate safe is to prioritize patching based on business risk, which requires insight into the vulnerabilities themselves. You can gain...
As the costs of exposures continue to rise, businesses are tasked with ongoing efforts towards identifying and mitigating the exploitation risk of software vulnerabilities.
Download the Flexera Annual Vulnerability Review Report and learn:
Insights derived from monitoring 62,000 applications and operating...
How much do you know about the supply chain that takes a vulnerability and turns it into an exploit?
In this new report, Tenable Research explores the lifecycle of exploits - from discovery to utilization in a breach. Their analysis of cybercrime economics will help you better protect your organization.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
Active Directory Mismanagement exposes 90% of businesses to breaches.
Download this infographic to learn more about:
The percentage of active directories that pentesters are able to breach
How open source tools are simplifying AD exploitation
Other areas of opportunity for exploitation
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.
The DHS says the defacement of a U.S. government website over the weekend is not linked to Iranian state-sponsored actors. Attackers posted a pro-Iran message with a photo of President Donald Trump being punched in the face. The website, belonging to the Federal Depository Library Program, is now offline.
Security experts speaking on the ending "locknote" panel at this year's Black Hat Europe highlighted trends from the conference, including the rise of fuzzing, simplification via the cloud, increasing vendor transparency as well as the industry too often still failing to focus on the basics.
The cybersecurity community had been holding its breath in anticipation of mass attacks targeting the severe BlueKeep vulnerability in Windows, which Microsoft has patched. The first in-the-wild exploits have now been seen, although they don't appear to constitute an emergency - at least yet.