Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

[TechWeb]( Follow Dark Reading: [RSS]( May 20, 2019 Top!Top?elq_mid=91117&elq_cid=22844169 LATEST SECURITY NEWS & COMMENTARY [Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter]( Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security. [When Older Windows Systems Won't Die]( Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises. [DevOps Repository Firms Establish Shared Analysis Capability]( Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations. [A Trustworthy Digital Foundation Is Essential to Digital Government]( Agencies must take steps to ensure that citizens trust in the security of government's digital channels. [Artist Uses Malware in Installation]( A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer. [Exposed Elasticsearch Database Compromises Data on 8M People]( Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses. [MORE NEWS & COMMENTARY]( HOT TOPICS [Attackers Are Messing with Encryption Traffic to Evade Detection]( Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year. [Effective Pen Tests Follow These 7 Steps]( Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment. [Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008]( Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited. [MORE]( EDITORS' CHOICE [Demystifying the Dark Web: What You Need to Know]( The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners. [Missing in Action: Cybersecurity Professionals]( Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap. Tech Resources - [[Checklist] Vendor Risk Management Fundamentals]( - [Building and Managing an IT Security Operations Program]( - [6 Keys to Faster Phishing Mitigation]( - [The Vulnerable Landscape: Metrics, Insights & Impact]( - [Brochure Ribbon: RoboProtect]( - [SANS Review: Securing Your Endpoints with Carbon Black]( - [A New World of IT Management in 2019]( [ACCESS TECH LIBRARY NOW]( - [Extending the Value of SD-WAN with Cloud Unified Communications]( An expert panel will discuss important considerations that need to be taken into account to migrate off of legacy MPLS networks and premises-based PBXs; creating a solution that is compelling for both customers and employees. - [A Day in the Life of an OT Cybersecurity Expert]( Listen to three OT cybersecurity experts who will share their experience and lessons learned when securing the critical infrastructure. [MORE WEBINARS]( FEATURED REPORTS - [The State of Cyber Security Incident Response]( Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving. - [Managing the Risk of Post-breach or Resident Attacks]( How well-equipped is your organization to stop insider attacks or external attackers once they're inside your network? According to this study, almost two-thirds of respondents lack efficient capabilities to detect and investigate "stealth" attackers before serious damage occurs. [MORE REPORTS]( Middle!Middle?elq_mid=91117&elq_cid=22844169 CURRENT ISSUE [Building and Managing an IT Security Operations Program]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [xMatters open-sources its Chaos Engineering tool]( [LogRhythm Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform]( [Rackspace and Telos Team Up to Accelerate FedRAMP Journey]( [Sectigo Sponsors Let's Encrypt to Enable Certificate Transparency Log Operation]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [InformationWeek]( UBM Tech 2 Penn Plaza, 15th Floor, New York, NY 10121 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:email@techwebnewsletters.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2019]( | [UBM Tech]( | [Privacy Statement]( | [Terms Of Service]( | [Contact Us](mailto:iwkbtnnewsletters@ubm.com)