Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Read why Brian Evans says that companies should take a layered approach to vulnerability management on Security Intelligence : Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit […]

90% of businesses hacked via old, unpatched exploits

Two-thirds of attacks over the course of Q2 2017 were ranked as either high or critical severity, Fortinet’s latest Global Threat Landscape report found, while 60% of businesses were hit by an exploit relating to a flaw dating back more than a decade. Read about the Fortinet’s latest Global Threat Landscape report which found that hackers […]

Medical devices at risk: 5 capabilities that invite danger

Read Taylor Armerding list five capabilities that invite cyber risks in medical devices on CSO Online : Medical device cybersecurity is lousy — beyond lousy. Indeed, the word from security experts for most of the past decade (and certainly since those devices increasingly have become connected to the internet) has been that while the physical security of […]

The “Internet of Things” is way more vulnerable than you think—and not just to hackers

Read why Richard Clarke and RP Eddy say that Internet of Things are way more vulnerable than normally thought on Quartz : Not far from San Francisco International Airport, San Bruno is a quaint middle-class residential suburb, yet underground in San Bruno was a gas pipeline controlled by SCADA software that used the Internet as […]

Why Continuous Vulnerability Assessment Is Essential

A continuous vulnerability assessment program should be baseline security requirement for all organizations, says Richard Bussiere, Technical Director APAC at Tenable Network Security. Read why Richard Bussiere of Tenable Network Security says that continuous vulnerability assessment is essential for effective cyber defense on Bank Info Security.

Small businesses’ weak cybersecurity abused by hackers

Read why Joyce M. Rosenberg says that that small and medium businesses have weak cyber security which is abused by hackers on Arkansas Online : Randell Heath said he isn’t sure how hackers got into his company’s website — all he knows that is a supplier called, saying the site had become an online store […]

How to patch your security blind spots

Read Robert Gibbons’ article about how companies can patch their blind spots on Help Net Security : One of the most challenging – and interesting, and frustrating – aspects of cybersecurity is the sheer unpredictability of industry developments still to come. Sure, analyzing recent history, preparation strategies and common mistakes can offer some direction forward in […]

Some thoughts on vulnerability management

Read Marko Ruotsalainen’s article about vulnerability management on Liquid Information Blog : In this blog post I will briefly discuss about vulnerability management, what it is from a high-level perspective and what it generally requires from an organization. The processes probably varies a lot between organizations based on the size and the industry the organization operates […]

Addressing the challenges of vulnerability coordination

The first Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination. While ISO standards provide basic guidance on the handling of potential vulnerabilities in products, the guidelines document is geared to consider more complex and typical real-life scenarios. Read more about […]

Securing modern IT environments: 5 steps to better vulnerability management

Read Nick Ismail list five steps for companies to implement better vulnerability management on Information Age : Managing information security is difficult, particularly the process of identifying and patching vulnerabilities, which is the main threat affecting enterprise IT teams. According to Verizon’s 2016 Data Breach Investigation Report, the top 10 known vulnerabilities accounted for 85% of […]