Vulnerabilities in web applications are a major vector for cyber-crime. In large organizations, vulnerable web applications comprised 54% of all hacking breaches and led to 39% of compromised records, according to the 2012 Data Breach Investigation Report by Verizon Business.
This paper describes how large enterprises can effectively discover, catalog and scan web applications to control this major risk vector as part of their organization’s overall vulnerability management program.
A zero-day threat is a vulnerability that becomes known to the vendor on the same day it becomes known to the public, meaning IT assets targeted by a zero-day threat won't have a patch available when it's needed. However, zero-day attacks operate in a realm of the probable - they work only because there are exploitable vulnerabilities within IT systems. Many of these can, and should be prevented.
This guide describes why organizations are vulnerable to zero-day attacks, and what you can do to add a zero-day offense to your existing vulnerability management processes to protect your organization's assets and data.
We often think of malware as being designed to sit beneath the radar, collecting data in stealth mode, for the purposes of fraud or corporate espionage. Increasingly however, we’re witnessing attacks on corporations designed to cause substantial economic losses via wholesale destruction. For example, the Shamoon malware that recently hit Saudi Arabia-based Aramco (the world’s largest oil company) and RasGas (a Qatar-based gas company) corrupted files on tens of thousands of workstations, overwriting the Master Boot Records.
These malware attacks, which may well have targeted website vulnerabilities, resulted in destruction on an industrial scale. At Aramco, IT professionals were forced to replace 30,000 PCs and laptops. RasGas meanwhile, had to shut down all email communications, and the company’s website was forced offline.
Published By: Webroot
Published Date: Sep 18, 2013
This whitepaper deals with the rise of mobility, BYOD and social networking, and how these trends have led cybercriminals to exploit vulnerabilities in browsers and mobile apps. For example, more than 30,000 mostly legitimate websites become infected with malware every day. From drive-by downloads to spearfishing to XML injection, web-borne threats represent a significant new risk for businesses. The report describes how to stay on top of this changing threat landscape and prevent damaging attacks with:
• 100% protection against known viruses
• Industry-leading URL filtering and IP protection via the world’s largest threat database
• Extended protection for smartphones and tablets
• Simplified web-based management
Published By: Webroot
Published Date: Sep 18, 2013
This infographic gives a quick visual representation of some of the key findings of a recent Webroot research on web security in the US and UK. As cybercriminals increasingly exploit vulnerabilities in mobile browsers and apps, companies with mobile workforces face new challenges in protecting users and critical data. And the impacts of failing to protect against mobile browsing threats can be severe. The infographic also gives a checklist of things you can do to reduce the risks. Among the key points:
• 50% of companies in the US estimate that web-borne attacks cost from $25,000 to $1 million in 2012.
• 90% of respondents agree that managing the security of remote users is challenging
• 50% of firms with remote workers had a website compromised
This paper touches upon the following topics:
-Critical vulnerabilities are on the decline, but still pose a significant threat
-Mature technologies introduce continued risk
-Mobile platforms represent a major growth area for vulnerabilities
-Web applications remain a substantial source of vulnerabilities
-Cross-site scripting remains a major threat to organizations and users
-Effective mitigation for cross-frame scripting remains noticeably absent
HP Enterprise Security provides a broad view of the vulnerability landscape, ranging from industry-wide data down to a focused look at different technologies, including web and mobile. The goal of this report is to provide the kind of actionable security that intelligence organizations need to understand the vulnerability landscape as well as best deploy their resources to minimize security risk.
The end of support date for Windows XP – April 8, 2014 – is rapidly approaching, after which the potential for security vulnerabilities will dramatically increase. Companies with many Windows XP machines still in use likely will need help upgrading in this compressed timeframe. Download this checklist to learn about a three-phase solution that can help internal IT staffs quickly and successfully migrate from Windows XP to Windows 7 or Windows 8 with a minimum of disruption to users and the organization.
The end of support date for Windows XP–April 8, 2014 is rapidly approaching, after which the potential for security vulnerabilities will dramatically increase. Companies with lots of Windows XP machines still in use need help upgrading in this compressed timeframe. Lenovo has an answer, as its Image Technology Center (ITC) services along with the Lenovo In-Place Migration (IPM) product can help internal IT staff quickly and successfully migrate from Windows XP to Windows 7 or Windows 8 with a minimum of disruption to users and the organization.
In the context of these current vulnerability announcements, there is definite cause for concern: vulnerable systems are widespread, they can be exploited remotely, and the exploitation itself seems relatively simple. This means that we likely have only a short window of time before attacks become widespread.
There is no question that mobile computing is growing at an
exponential rate. This rapid transformation has seen security
concerns outpaced by the ease of use, flexibility, and productivity of mobile devices. When vulnerabilities are exploited, the security of mission-critical data becomes a serious concern. Here we take a look at three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Federal agencies must take a proactive approach to information and network security due to increasing cybersecurity threats. IBM Tivoli Endpoint Manager, built on BigFix technology, is the leading enterprise cybersecurity solution to help combat cyber threats and eliminate vulnerabilities.
Published By: SilverSky
Published Date: Apr 16, 2013
Threats to the security of your network will never completely go away, but the ability to prepare for, recognize and quickly remediate these threats should be a part of day-to-day company operations. This white paper gives you eight essentials for managing vulnerabilities in a network including internal and external assessments, how frequently you should run scans for threats and the importance of broadening testing beyond basic network services and operating systems.
McAfee® Vulnerability Manager for Databases automatically discovers networked databases; determines if the latest patches have been applied; and tests for common weaknesses, making it easier to demonstrate compliance and better protect critical data.
Compliance does not automatically equate to security. A company may be compliant with a host of regulatory requirements, while its databases remain exposed and vulnerable. Learn how McAfee Database Security can help prevent such vulnerabilities.
McAfee® Virtual Patching for Databases shields databases from the risk presented by unpatched vulnerabilities by detecting and preventing attempted attacks and intrusions in real time without requiring database downtime or application testing.
Take the stealth, creativity and patience of Stuxnet, the commercialism, wide
distribution and easy-to-use toolkits of Zeus, and you understand the potency of today’s malware. Start planning now to protect your intellectual property and other assets.
Threats and vulnerabilities are a way of life for IT admins. This paper focuses on how McAfee's Vulnerability Manager and McAfee e Policy Orchestrator provide IT Admins with powerful and effective tool for identifying and re-mediating systems.
Information security based on regulatory compliance stipulations cannot keep up with today’s sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, “Real-time Risk Management."
As long as there is software, there will be software vulnerabilities and you will find malware and cybercriminals. This paper will examine that risk and provide a step by step process to protect your companies critical assets.