Organizations are awash in vulnerabilities. And it’s becoming more difficult to prioritize which vulnerabilities require immediate attention – especially as resources in the infosec industry remain scarce. Organizations, vendors, and governing bodies, all have slightly different approaches to vulnerability...
Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.
To stay ahead of a hacker, you need to think like one. In groundbreaking new research, SANS and Bishop Fox surveyed more than 300 ethical hackers to gain insight into how attackers think, the tools they use, their speed, specialization, and favorite targets. Unlike other surveys, which take a defender’s point of...
Malware activity has increased 28% since last year, and botnet and exploit activity are up over 100%, according to CyberTheory's 2022 Third Quarter Review. CyberTheory Director Steve King says "a new approach to cybersecurity defense" is needed to fight today's cybercrime.
The United Kingdom's National Cyber Security Centre is scanning the British internet for vulnerabilities. "We're not trying to find vulnerabilities in the U.K. for some other, nefarious purpose," says the center, a part of signals intelligence agency Government Communications Headquarters.
The global attack surface is a living thing that grows and changes constantly. Unfortunately, that means the work of security teams is never really done. No matter how good you are at fixing issues as they arise, there are always unknown assets to consider.
The Cortex® Xpanse™ research team studied the global...
Apple has issued a slew of security updates amid reports that its iOS devices are being actively exploited via a zero-day vulnerability in the kernel. While Apple hasn't attributed the exploits to any specific group, experts say surveillance malware developers are a likely culprit.
A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.
Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.
Private equity firm Vector Capital invested $100 million in Malwarebytes a month after the antivirus stalwart laid off 125 employees to focus on smaller customers. The funds will help the vendor reduce clients' attack surfaces and accelerate momentum with MSPs and channel partners.
Darktrace's Cybersprint acquisition allowed the cybersecurity AI vendor to move from focusing solely on internal threats to also defending the external attack surface, Nicole Eagan says. The company says AI will give an outside-in view of the victim and simulate how the attacker will behave.
CrowdStrike has purchased external attack surface management startup Reposify to help organizations detect and eliminate risk from vulnerable and unknown assets. This deal will allow CrowdStrike to combine its insights on endpoints and IT environments with Reposify's internet-scanning capabilities.
Even with custom tools, security teams cannot easily see the entirety of their rapidly expanding attack surface and address its challenges. Legacy sprawl, orphaned infrastructure and an increasingly distributed workforce are ever-present complications.
ASM generates comprehensive visibility of the extended...
From January 1, 2022, to March 31, 2022, Mandiant identified common high and critical severity issues that occurred in medium to large enterprises due to unpatched technologies and configuration drift in internet-facing assets.
Download this report and learn more about:
Exposed data repositories and data...