Critical vulnerabilities remain unresolved due to prioritization gaps

Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabi… Continue reading Critical vulnerabilities remain unresolved due to prioritization gaps

Time for a change: Elevating developers’ security skills

Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the… Continue reading Time for a change: Elevating developers’ security skills

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures

In an update Friday, the White House says nine telecom companies were impacted by the Chinese espionage effort.

The post White House: Salt Typhoon hacks possible because telecoms lacked basic security measures appeared first on CyberScoop.

Continue reading White House: Salt Typhoon hacks possible because telecoms lacked basic security measures

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the CNA communit… Continue reading Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

The effect of compliance requirements on vulnerability management strategies

In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements … Continue reading The effect of compliance requirements on vulnerability management strategies

What’s behind unchecked CVE proliferation, and what to do about it

The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations’ cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified. Meanwhile, Coalition’s 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit […]

The post What’s behind unchecked CVE proliferation, and what to do about it appeared first on Security Intelligence.

Continue reading What’s behind unchecked CVE proliferation, and what to do about it

Risk hunting: A proactive approach to cyber threats

Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn…. Continue reading Risk hunting: A proactive approach to cyber threats

Defenders must adapt to shrinking exploitation timelines

A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, in 2023, exploitatio… Continue reading Defenders must adapt to shrinking exploitation timelines

Strengthening Kubernetes security posture with these essential steps

In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many… Continue reading Strengthening Kubernetes security posture with these essential steps