You are focusing too much on vulnerabilities that pose little danger

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study. The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and there… Continue reading You are focusing too much on vulnerabilities that pose little danger

A Guide to Easy and Effective Threat Modeling

Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. Learn more about building a threat model.

The post A Guide to Easy and Effective Threat Modeling appeared first on Security Intelligence.

Continue reading A Guide to Easy and Effective Threat Modeling

High-risk vulnerabilities and public cloud-based attacks on the rise

A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 My… Continue reading High-risk vulnerabilities and public cloud-based attacks on the rise

To Rank or Not to Rank Should Never Be a Question

Scanning is an important part of any vulnerability management program, but it should always be accompanied by vulnerability ranking to ensure teams are patching the most impactful issues first.

The post To Rank or Not to Rank Should Never Be a Question appeared first on Security Intelligence.

Continue reading To Rank or Not to Rank Should Never Be a Question

HECVAT toolkit helps higher education institutions assess cloud adoption risks

Higher education institutions are increasingly adopting cloud-based solutions in order to lower costs, improve performance and productivity, and increase flexibility and scalability. Before settling on a solution, though, they must assess it for securi… Continue reading HECVAT toolkit helps higher education institutions assess cloud adoption risks

Secure 5G networks: EU toolbox of risk mitigating measures

EU Member States have identified risks and vulnerabilities at national level and published a joint EU risk assessment. Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identifie… Continue reading Secure 5G networks: EU toolbox of risk mitigating measures

Davos 2020 World Economic Forum 2020 Global Risk Report Cyber Cliffs Notes

Each year the World Economic Forum releases their Global Risk Report around the time of the annual Davos conference. This year’s report is out and below are notes on the “cyber” content to help others speed-read through those sections… Continue reading Davos 2020 World Economic Forum 2020 Global Risk Report Cyber Cliffs Notes

Fraud prevents a third of businesses from expanding digital capabilities

Kount released a new research report on digital innovation and emerging fraud, which found that the most innovative businesses are also the ones facing the greatest fraud threats. The report, conducted by Javelin Research, surveyed hundreds of responde… Continue reading Fraud prevents a third of businesses from expanding digital capabilities

Containers in the Cloud: False Assumptions and Security Challenges

Strengthening container security in the cloud starts with addressing the misconception that containers automatically provide security for the applications inside them.

The post Containers in the Cloud: False Assumptions and Security Challenges appeared first on Security Intelligence.

Continue reading Containers in the Cloud: False Assumptions and Security Challenges

Mastercard jumps into the risk-assessment race with RiskRecon acquisition

Mastercard is getting into the security assessment business. The credit giant announced Monday it has agreed to acquire RiskRecon, a Salt Lake City-based startup that grades companies based on their ability to withstand cyberattacks and protect personally identifiable information. The companies did not disclose the terms of the deal. RiskRecon is one of several firms that collect publicly available data — such as what kind of web servers companies use and whether their protected information turns up on the dark web — to make cybersecurity assessments. Mastercard has an obvious financial interest in understanding which companies are more likely to be breached. CEO Ajay Banga has pushed for awareness that most data breaches start at small and medium-sized businesses (SMBs) and then spread to larger ones. Banga is a member of the Cyber Readiness Institute, a Washington nonprofit that distributes cybersecurity advice to SMBs. “Mastercard has been one of the brands that has stood out as a true innovator, focusing on the real problems of real business,” RiskRecon co-founder Kelly […]

The post Mastercard jumps into the risk-assessment race with RiskRecon acquisition appeared first on CyberScoop.

Continue reading Mastercard jumps into the risk-assessment race with RiskRecon acquisition