By Mark Hatton

Vulnerability management has become a term that continues to be thrown around in security circles as a quick and easy path to threat remediation. However, the reality is that most companies are not actually managing vulnerabilities, but rather conducting scans that produce thousands of potential threats. Identifying possible security risks and actually managing them through to remediation are completely different things.

In its common definition, vulnerability management sounds like security utopia: if you purchase the right software, implement the proper ...

Britain’s intelligence agencies will establish a Facebook-style site

to share cyber security secrets with industry experts to help combat

the growing terrorist threat, it emerged last night.

Agents and analysts from MI5 and GCHQ will work side-by-side with private sector counterparts in a new government “fusion cell”.

Under the Cyber Security Information Sharing Partnership (CISP), private firms will be given access to a secure web portal, described as a ...

Think of it as an American Idol in which the contestants aren’t fighting for record deals but rather a pathway to joining the next generation of American offensive and defensive cybersecurity experts.

Meet Cyber Aces, a series of experimental state competitions that use a videogame to target participants with the right skills — a mixture of a deep understanding of networking, operating systems and systems administration — to receive ...

The largest Distributed Denial of Service (DDoS) attack ever reported is affecting internet access around the world, according to several reports.

The DDoS attack, which began on around 15^th March, is directed against Spamhaus, a non-profit organisation that provides blacklists of IP addresses alleged to be distributing spam messages. Spamhaus has accused a Dutch hosting service provider CyberBunker, of initiating the attacks along with eastern European cybercriminals, after Spamhaus listed CyberBunker ...

Long dark teatime in Seoul saga continues to unfold

By John Leyden

SEOUL – South Korea was hit by a major cyber attack Wednesday as the computer systems of two major banks, three broadcasters and others simultaneously crashed, raising suspicions that North Korea was to blame.

On some computer screens, images of skulls with glowing red eyes popped up along with cackling laughter.

A government report says a cyberattack against 23 natural gas pipeline operators stole crucial information that could compromise security. Experts strongly suspect China’s military.

Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.

From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to ...

The company broke out of its regular patching cycle for the second time

this year to fix an actively exploited flaw

Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.

The vulnerabilities, identified as CVE-2013-1493 and CVE-2013-0809, are located in the 2D component of Java and received the highest possible impact score from Oracle.

“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited ...

The Saudi Aramco Total Refining and Petrochemical Company (SATORP), a joint venture with France’s Total Oil Co., trying to maintain its infrastructure after a very hard cyber war attacks.

which leads to a huge disaster for the main servers, SATORP now moving all Employee Mail Access to be hosted by Mobily until investigators began searching for evidence of who was behind the attack.

The company ...