Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.
So many products, so little value.
Organizations invest in multiple security products, train employees and manage activities, yet don't achieve their security goals. IT environments and endpoints are still vulnerable to attacks and exploits.
Most products have complicated or feature-rich functionality but only...
Today, the CISO, CEO and board all want to know, "Where are we exposed?"
Answering this question means having complete visibility into the attack surface - not just traditional IT infrastructure, but every networked asset (e.g., cloud, containers, IoT and even OT). It means seeing every vulnerability.
So, how do...
Cyber risk management is demanding work. Vulnerabilities are growing, threat actors are smarter and pressure from the executive team is intensifying.
What used to be a side IT conversation is now a top business priority. You finally have the full attention of the C-suite and board - but, do you know which cyber...
Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
Crowdsourced bug bounty programs help organizations identify severe vulnerabilities in their apps and infrastructure. But that gamification model has been evolving to supply not only penetration testing but also deep dives by single researchers, says Bugcrowd CSO David Baker.
One of the most-heard complaints from security experts is that often they find their work repetitive ("The CFO's laptop has been compromised... again!"), which results in the desire of trying something "new", meaning "leave for another company." Another common complaint is that the work is very compartmentalized, and...
The 7th annual Microsoft Vulnerabilities Report for 2020 analyzes the data from security bullitens issued by Microsoft throughout 2019. Every Tuesday, Microsoft releases fixes for all vulnerabilities affecting Microsoft products, and this report compiles these releases into a year-long overview, creating a holistic...
The latest report from Tenable Research analyzes vulnerability prevalence in the wild, highlighting the cyber threats that security practitioners are dealing with in practice - not just in theory. Our research shows that enterprises must triage more than 100 critical vulnerabilities a day. To better understand where...
The latest report from Tenable Research analyzes vulnerability prevalence in the wild, highlighting the cyber threats that security practitioners are dealing with in practice - not just in theory. Our research shows that enterprises must triage more than 100 critical vulnerabilities a day. To better understand where...
Tenable Research's analysis shows that how the race begins is a key indicator of how it will end. But, security teams have the power to reclaim the advantage by developing a risk-centric mindset and more agile vulnerability management.
Download the report now to:
Find out more about Tenable Research's analysis of...
A vulnerability in a U.S. Postal Service application for tracking mail in real time reportedly allowed anyone logged into the service to view personal data, and it persisted for more than a year after USPS failed to heed a warning from an anonymous security researcher.
A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.
Gartner receives frequent inquiries from clients who are...
In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML)
algorithm to identify four distinct strategies, or "styles." These are based on five VA key performance indicators (KPIs)
which correlate to VA maturity characteristics.
This study specifically focuses...
No one migrates to the cloud to become less secure than before the migration. Knowing what to expect when it comes to security will allow you to avoid pitfalls and slow migrations.
Download this white paper and learn how to avoid:
Exposing sensitive information;
Accounts running amok;
Network misconfigurations...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.