vulnerability management
How organizations are managing vulnerability risks
Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched …
GitHub introduces Dependabot-powered automated security fixes
GitHub, the largest code-hosting site in the world, has announced many new features and changes at the 2019 GitHub Satellite conference that took place last week in Berlin. …
How mainstream media coverage affects vulnerability management
For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has …
Attackers are weaponizing more vulnerabilities than ever before
2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of …
How to build an effective vulnerability management program
The concept of vulnerability management has undergone a number of changes in the last few years. It is no longer simply a synonym for vulnerability assessment, but has grown …
February 2019 Patch Tuesday: PrivExchange hole plugged
For the February 2019 Patch Tuesday, Microsoft has released fixes for over 70 CVE-numbered vulnerabilities, 20 of which are rated Critical. Also rated Critical are the Adobe …
0patch releases micropatch for Windows Contacts RCE zero-day
ACROS Security, the creators of 0patch, have released a micropatch for a recently revealed zero-day RCE flaw affecting Windows. About the vulnerability and the micropatch …
Vulnerabilities’ CVSS scores soon to be assigned by AI
The National Institute of Standards and Technology (NIST) is planning to use IBM’s Watson to evaluate how critical publicly reported computer vulnerabilities are and …
Building security into DevOps versus bolting it on
In this podcast, Hari Srinivasan, Director of Product Management for Qualys, talks about building security into DevOps versus bolting it on, specifically for containers. …
Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps
In this podcast recorded at Black Hat USA 2018, Anthony Mogannam, Product Manager, SME/SMB Solutions at Qualys, talks about issues related to open source software and Qualys …
Incorporating sensitive asset data into your vulnerability and compliance program
In this podcast recorded at Black Hat USA 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about the importance of incorporating …
Why do enterprises take a long time to install vital security updates
More than a quarter (27%) of enterprise IT departments in the US are forced to wait at least a month before installing vital security updates, due to budgetary restraints and …
Featured news
Resources
Don't miss
- 48,000+ internet-facing Fortinet firewalls still open to attack
- Acronis CISO on why backup strategies fail and how to make them resilient
- Ransomware attackers are “vishing” organizations via Microsoft Teams
- Scam Yourself attacks: How social engineering is evolving
- Addressing the intersection of cyber and physical security threats