In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML)
algorithm to identify four distinct strategies, or "styles." These are based on five VA key performance indicators (KPIs)
which correlate to VA maturity characteristics.
This study specifically focuses...
Block chain, artificial intelligence and machine learning can all play a role in ensuring the security of health data and preventing fraud, says Ajit Ashok Shenvi, director of big data and analytics at Philips' Innovation Campus in India.
No one migrates to the cloud to become less secure than before the migration. Knowing what to expect when it comes to security will allow you to avoid pitfalls and slow migrations.
Download this white paper and learn how to avoid:
Exposing sensitive information;
Accounts running amok;
Traditional pen tests work well for testing on-site security and running crystal-box, insider tests. However, adding a hacker-powered pen test to your rotation of traditional pen tests enables you to do true black box testing.
Download this white paper and learn how hacker-powered pen testing:
The Hacker-Powered Security Report 2018 is the most comprehensive report on the bug bounty and vulnerability disclosure ecosystem. It contains a detailed analysis of 78,275 security vulnerability reports reported over the past year by ethical hackers through more than 1,000 programs.
This report looks exclusively...
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
The defacing of the website of Jamia Millia Islamia, a public central university in Delhi, is the latest example of how academic websites in India are vulnerable to hackers. But the hacking incidents had a humorous twist that generated many comments on twitter.
The head of the NSA's Cybersecurity Threat Operations Center says attackers haven't bothered targeting unclassified U.S. Defense Department networks with a zero-day exploit in 24 months. Instead, they attempt to exploit flaws within 24 hours of information of the vulnerability or exploit going public.
A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.
How can gaining visibility into indicators of exposure (IOEs) shrink layers of attack and more effectively contain incident? By understanding how network modelling and simulation can be used to visualize and analyze an attack surface, as well as understanding how to measure IOEs, such as vulnerability density,...