Please turn on your JavaScript for this page to function normally.

vulnerability management

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …

Balancing budget and system security: Approaches to risk tolerance

Data breaches are a dime a dozen. Although it’s easy to look at that statement negatively, the positive viewpoint is that, as a result, cybersecurity professionals have plenty …

LibreOffice: Stability, security, and continued development

LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an …

Relying on CVSS alone is risky for vulnerability management

A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying …

A step-by-step guide for patching software vulnerabilities

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in …

cyber threat
Generative AI outperforms hackers but not their creativity

72% of hackers are confident that AI cannot replace human creativity in security research and vulnerability management, according to Bugcrowd. Generative AI hacking Generative …

Inadequate tools leave AppSec fighting an uphill battle for cloud security

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive …

CISOs struggle to manage risk due to DevSecOps inefficiencies

As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production …

Study of past cyber attacks can improve organizations’ defense strategies

Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that …

security awareness
The era of passive cybersecurity awareness training is over

Despite increased emphasis on cybersecurity from authorities and high-profile breaches, critical gaps in vulnerability management within organizations are being overlooked by …

Top 5 security risks for enterprise storage, backup devices

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, …

critical infrastructure
CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US …

Don't miss

Cybersecurity news