Small businesses’ weak cybersecurity abused by hackers

Read why Joyce M. Rosenberg says that that small and medium businesses have weak cyber security which is abused by hackers on Arkansas Online : Randell Heath said he isn’t sure how hackers got into his company’s website — all he knows that is a supplier called, saying the site had become an online store […]

How to patch your security blind spots

Read Robert Gibbons’ article about how companies can patch their blind spots on Help Net Security : One of the most challenging – and interesting, and frustrating – aspects of cybersecurity is the sheer unpredictability of industry developments still to come. Sure, analyzing recent history, preparation strategies and common mistakes can offer some direction forward in […]

Some thoughts on vulnerability management

Read Marko Ruotsalainen’s article about vulnerability management on Liquid Information Blog : In this blog post I will briefly discuss about vulnerability management, what it is from a high-level perspective and what it generally requires from an organization. The processes probably varies a lot between organizations based on the size and the industry the organization operates […]

Addressing the challenges of vulnerability coordination

The first Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination. While ISO standards provide basic guidance on the handling of potential vulnerabilities in products, the guidelines document is geared to consider more complex and typical real-life scenarios. Read more about […]

Securing modern IT environments: 5 steps to better vulnerability management

Read Nick Ismail list five steps for companies to implement better vulnerability management on Information Age : Managing information security is difficult, particularly the process of identifying and patching vulnerabilities, which is the main threat affecting enterprise IT teams. According to Verizon’s 2016 Data Breach Investigation Report, the top 10 known vulnerabilities accounted for 85% of […]

73% of companies using vulnerable end-of-life networking devices

Seventy-three percent of companies are using vulnerable, end-of-life networking equipment, up from 60 percent last year, according to a new analysis of more than 212,000 Cisco networking devices at 350 organizations across North America. Read about the new research by Softchoice which reveals that nearly 73 percent companies are using vulnerable networking devices on Network […]

Vendors leave crypto key in the door when it comes to security

Manufacturers of internet gateways, routers and modems are leaving the key in the door when it comes to security by re-using private SSH keys and HTTPS certificates, a researcher claims. In a report entitled The House of Keys, cyber-security firm SEC Consult said it had identified more than 50 vendors and thousands of device models with […]

Vulnerability Scanners

Vulnerability scanning refers to the scanning of systems, network component or application which may expose to the external world or hosted internally to detect the vulnerabilities or security weakness in them. Read all about vulnerability scanner on Infosec Institute.

Managing Accepted Vulnerabilities

The discovery of new vulnerabilities occurs every day and organizations that follow good security practices remediate these vulnerabilities as soon as possible. Good security practices could be using automated patching tools, making a configuration change, or by implementing other security controls to reduce the risk, these vulnerabilities pose. Read the white paper about how organisations […]

Dangerous open-source bugs lurk inside most commercial apps

Watch out for vulnerable open-source components hidden in commercial applications, a security firm warns. The security of open-source components is a blind spot that’s leaving businesses exposed to dozens of very old bugs, security firm Black Duck Software contends in a new report, based on open-source security work it’s conducted. Read more about the new […]