Medical devices at risk: 5 capabilities that invite danger

Read Taylor Armerding list five capabilities that invite cyber risks in medical devices on CSO Online : Medical device cybersecurity is lousy — beyond lousy. Indeed, the word from security experts for most of the past decade (and certainly since those devices increasingly have become connected to the internet) has been that while the physical security of […]

The “Internet of Things” is way more vulnerable than you think—and not just to hackers

Read why Richard Clarke and RP Eddy say that Internet of Things are way more vulnerable than normally thought on Quartz : Not far from San Francisco International Airport, San Bruno is a quaint middle-class residential suburb, yet underground in San Bruno was a gas pipeline controlled by SCADA software that used the Internet as […]

Why Continuous Vulnerability Assessment Is Essential

A continuous vulnerability assessment program should be baseline security requirement for all organizations, says Richard Bussiere, Technical Director APAC at Tenable Network Security. Read why Richard Bussiere of Tenable Network Security says that continuous vulnerability assessment is essential for effective cyber defense on Bank Info Security.

Small businesses’ weak cybersecurity abused by hackers

Read why Joyce M. Rosenberg says that that small and medium businesses have weak cyber security which is abused by hackers on Arkansas Online : Randell Heath said he isn’t sure how hackers got into his company’s website — all he knows that is a supplier called, saying the site had become an online store […]

How to patch your security blind spots

Read Robert Gibbons’ article about how companies can patch their blind spots on Help Net Security : One of the most challenging – and interesting, and frustrating – aspects of cybersecurity is the sheer unpredictability of industry developments still to come. Sure, analyzing recent history, preparation strategies and common mistakes can offer some direction forward in […]

Some thoughts on vulnerability management

Read Marko Ruotsalainen’s article about vulnerability management on Liquid Information Blog : In this blog post I will briefly discuss about vulnerability management, what it is from a high-level perspective and what it generally requires from an organization. The processes probably varies a lot between organizations based on the size and the industry the organization operates […]

Addressing the challenges of vulnerability coordination

The first Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination. While ISO standards provide basic guidance on the handling of potential vulnerabilities in products, the guidelines document is geared to consider more complex and typical real-life scenarios. Read more about […]

Securing modern IT environments: 5 steps to better vulnerability management

Read Nick Ismail list five steps for companies to implement better vulnerability management on Information Age : Managing information security is difficult, particularly the process of identifying and patching vulnerabilities, which is the main threat affecting enterprise IT teams. According to Verizon’s 2016 Data Breach Investigation Report, the top 10 known vulnerabilities accounted for 85% of […]

73% of companies using vulnerable end-of-life networking devices

Seventy-three percent of companies are using vulnerable, end-of-life networking equipment, up from 60 percent last year, according to a new analysis of more than 212,000 Cisco networking devices at 350 organizations across North America. Read about the new research by Softchoice which reveals that nearly 73 percent companies are using vulnerable networking devices on Network […]

Vendors leave crypto key in the door when it comes to security

Manufacturers of internet gateways, routers and modems are leaving the key in the door when it comes to security by re-using private SSH keys and HTTPS certificates, a researcher claims. In a report entitled The House of Keys, cyber-security firm SEC Consult said it had identified more than 50 vendors and thousands of device models with […]