Threat and Vulnerability Management

Threat and Vulnerability Management | News, how-tos, features, reviews, and videos

eye binary IDS Intrusion Detection System

Orca adds detection and response capabilities to its agentless cloud security solution

New feature gives users full visibility into cloud environments to thwart workload and non-workload attacks.

Microsoft > Excel [Office 365]

How to manage Microsoft's Excel and Office macro blocking

Microsoft's reversal of its blocking by default on Excel macros creates an opportunity to improve policies and processes around Excel and Office macro use.

A human face emerges from an abstract virtual landscape of metallic cylinders.

Darktrace launches new PREVENT AI security products to pre-empt cyberthreats

Darktrace claims its AI-driven portfolio works together autonomously to optimize an organization’s security through a continuous feedback loop.

A broken link in a digital chaing / weakness / vulnerability

SQL injection, XSS vulnerabilities continue to plague organizations

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.

CSO  >  danger / security threat / malware / grenade-shaped flash drive

How you handle independent contractors may determine your insider threat risk

Outside experts can be willing or accidental security threats. Reduce that risk by changing how you onboard, train and offboard them.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Why more zero-day vulnerabilities are being found in the wild

With the number of zero-days spiking in the last 18 months, organizations need to increase their patching efforts. Software vendors can be more transparent, too.

Cyber warfare  >  Russian missile launcher / Russian flag / binary code

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."

Insider threats  >  Employees suspiciously peering over cubicle walls

MITRE's Inside-R Protect goes deep into the behavior side of insider threats

The new Inside-R program looks to collect historical insider threat data to more deeply analyze behaviors that signal risk.

rules rulebook letters compliance regulation by alex ishchenko getty

Sigma rules explained: When and how to use them to log events

Sigma rules allow you to detect anomalies in log events and identify suspicious activity.

banana peel slip accident mistake fall by rapideye getty

Vulnerability management mistakes CISOs still make

These common missteps and misconceptions may be keeping your vulnerability management from being the best it can be.

security protection / defenses / protocols

Qualys upgrades vulnerability management solution

VMDR 2.0 offers better insight into risk posture, faster fix times for critical vulnerabilities.

First aid kit > help / fix / patch / remedy / recovery

12 steps to building a top-notch vulnerability management program

Security experts share their best advice for the essential ingredients of a solid vulnerability management program, including foundational elements to put in place, workflows to establish, who to involve, and metrics to track.

Security system alert: 'DANGER'

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.

Security system alert, warning of a cyberattack.

HackerOne launches Attack Resistance Management solution to boost cyber resilience

Vulnerability coordination and bug bounty platform says its new solution addresses attack resistance gaps by blending the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement.

4 .root cause exploits breach raining data binary psd

New attack surface management product takes full-stack aim at software supply chain threats

Data Theorem's Supply Chain Secure offers continuous runtime analysis and dynamic inventory discovery.

An abstract network of nodes or endpoints.

Syxsense launches vulnerability monitoring and remediation solution

The new solution promises to address three key elements of endpoint security – vulnerabilities, patching and compliance.

A magnifying lens exposes an exploit amid binary code.

15 most exploited vulnerabilities of 2021

Global cybersecurity advisory highlights the 15 most targeted vulnerabilities of 2021, indicating that attackers targeted exploits both old and new last year.

A user reviews data and statistical models. [analytics / analysis / tracking / monitoring / logging]

Proficio launches detection and response service to tackle identity-based threats

MDR firm claims solution is the industry’s only vendor-agnostic open XDR solution that supports identity threat detection and response.

mwc intel brian krzanich 5g drone stock image

Drones as an attack vector: Vendors need to step up

Growing commercial use and few built-in defenses make drones an attractive target for malicious actors.

radar grid / computer circuits / intrusion detection / scanning

Bitdefender enters native XDR market with new offering

GravityZone XDR promises to reduce attacker dwell time with robust detection, quick triage, and automated threat containment.

Load More