Security and Vulnerability Management

Security and vulnerability management

mobile fingerprint identification

clean desk

Low tech 'visual hacking' successful nine times out of 10

Researchers were able to get sensitive corporate information just by looking around corporate offices in 88 percent of attempts, according to a new study

patch bandage band-aid first-aid ouch cure remedy

Google relaxes strict bug disclosure rules after Microsoft grievances

Google today relaxed a strict 90-day vulnerability disclosure that put it at odds with rival Microsoft, saying it would give vendors a 14-day grace period if they promised to fix a flaw within the two-week stretch.

Book Report: Countdown to Zero Day

Kim Zetter's book on Stuxnet sheds light on esoteric areas like malware analysis, process automation, and cyber war.

cutcaster 902830953 tour small

Throw your vendor under the bus after a breach? Not quite so fast

Tips for your third-party risk management program.

cwjan15 klossner humanerror cartoon

The risks of a big man-made IT disaster are on the rise

IT services are but one human error away from a spectacular failure, and there's very little evidence to suggest that we've found a way to stop people from making mistakes. (Insider, registration required.)

Endpoint Security Activities Buzzing at Enterprise Organizations

CISOs are assessing people, processes, and technologies to address endpoint security threats and vulnerabilities

00 title

Six social engineering tricks that can be avoided if you're careful

Social Engineers work on multiple levels. The key to their success is to target human nature and emotion.

social media

Social engineering: The dangers of positive thinking

CSO Online recently spoke to a person working in the security field with a rather unique job. He's paid to break into places, such as banks and research facilities (both private and government), in order to test their resistance to...

010515 utm 1

UTM Shootout: Security appliances for SMBs are smaller, more powerful and packed with new features

Vendors are coming up with new ways to fit enterprise-grade security features into more compact and more powerful appliances.

Microsoft Windows patch tuesday bug

Catchy nicknames prompt more patching of vulnerabilities

Vulnerabilities with catchy nicknames get more attention from media, customers, and vendors and so get patched more thoroughly than similar vulnerabilities without clever names.

Windows security patches

Patch Tuesday Dec 2014: 7 fixes, 3 critical patches for Windows, IE and Office

For the last Patch Tuesday in 2014, Microsoft released 7 security updates, including 3 patches for critical remote code execution flaws in Windows, Office and Internet Explorer.

oops keyboard

Do you create stupid users?

A week doesn’t go by where we read about some attack that is precipitated by bad user actions.

FTC gets federal court to shut down $120M tech support scam

FTC says scammers use bogus software and the deceptive telemarketing operations to roll over victims.

Windows security patches

November 2014 Patch Tuesday: Microsoft released 4 critical fixes, 14 total updates

Microsoft released 14 security patches, four rated critical, eight rated important and two rated as moderate.

Chris Young, Cisco

Cisco names new security chief after Young departs

14 year vet Goeckeler was instrumental in Sourcefire integration


8 cutting-edge technologies aimed at eliminating passwords

From electronic pills to digital tattoos, these eight innovations aim to secure systems and identities without us having to remember a password ever again

identity concept 164551610

New Brunswick Conquers Identity Management With Virtual Directory

What started as a single provincial department's effort to roll out a virtual directory now helps government employees and citizens access about 150 applications. Find out how New Brunswick solved what could have otherwise been a big...

Book Report: Cyberstorm by Matthew Mather

Great read for those who want to understand what might happen as a result of a devastating cyber-attack on critical infrastructure

Load More