Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
8 Cybersecurity Myths Debunked
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
For a Super Security Playbook, Take a Page from Football
Four key questions to consider as you plan out your next winning security strategy.
Is Your Cisco Router Leaving Your Enterprise Vulnerable?
If your network uses Cisco's RV320 or RV325 Dual Gigabit WAN VPN routers, you are already under attack.
Four Security Questions You Need to Answer for SD-WAN Success
Before you select an SD-WAN vendor, read this.
Yes, You Can Patch Stupid
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Open Source & Machine Learning: A Dynamic Duo
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
Should All IAM Be CIAM?
CIAM vendors are right that traditional IAM isn't going to cut it for customer-facing solutions – but their sound premises have led to the perverse conclusion of keeping in-house IAM systems suboptimal. What if the power of CIAM could help employees realize better usability and security too?
Japanese Government to Use 'Credential Stuffing' to Survey Consumer IoT Devices
The Japanese government is concerned about the security of IoT devices – but is a mass attempt to log into consumers' devices the right approach to the issue?
Remote Access & the Diminishing Security Perimeter
Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.
Creating a Security Culture & Solving the Human Problem
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
Why Privacy Is Hard Work
For Data Privacy Day, let's commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.
3 Ways Companies Mess Up GDPR Compliance the Most
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
'Steganography' Obsfucation Hides Old PDF Exploits From Antivirus Tools
EdgeSpot has found two new obsfucation methods to hide old PDF exploits from various antivirus tools.
The 5 Stages of CISO Success, Past & Future
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.
Four Enterprise Identity & Access Management Trends to Watch in 2019
For CISOs, Identity and Access Management, or IAM, is a must-have for the security tool box. However, the technology is rapidly evolving. Here are four important trends to watch this year.
Collateral Damage: When Cyberwarfare Targets Civilian Data
You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.
Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses
The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.
DNS Tampering Prompts Homeland Security Warning
Despite the partial federal government shutdown, DHS has managed to issue a warning to the public about possible tampering with DNS addresses that appear to have originated in Iran.
The Evolution of SIEM
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Think Twice Before Paying a Ransom
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
The Fact and Fiction of Homomorphic Encryption
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
How Cybercriminals Clean Their Dirty Money
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Enterprises Are Getting Smarter When It Comes to Patching Vulnerabilities – Study
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Shadow IT, IaaS & the Security Imperative
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
Microsoft Looks to Squash Bugs in its Azure DevOps Product
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
The Rx for HIPAA Compliance in the Cloud
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Vulnerability Puts Millions of Fortnite Players at Risk, Check Point Finds
Epic Games, the developer of Fortnite, fixed vulnerabilities in its web infrastructure that researchers said exposed the sensitive information of users of the wildly popular online game.
Intel Patching SGX Flaw That Can Lead to Escalation of Privileges
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Simulating Lateral Attacks Through Email
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
Are You Listening to Your Kill Chain?
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
Online Fraud: Now a Major Application Layer Security Problem
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
Why Cyberattacks Are the No. 1 Risk
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
US Government Shutdown Preventing SSL Certificates From Being Renewed
The shutdown of the federal government is not only affecting federal workers, but the websites that various departments run. Specifically, SSL certificates are not being renewed.
Kudos to the Unsung Rock Stars of Security
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Iran Suspected of 'Stealthy & Sophisticated' DNS Hijacking Campaign
New research from FireEye suggests that a group working within Iran is behind a large-scale DNS hijacking scheme that involves web traffic all across the globe.
ServHelper & FlawedGrace Malware Highlight Shift in Cyber Attacks
The ServHelper and FlawedGrace malware developed by threat group TA505 exemplify the move away from smash-and-grab ransomware toward more stealthy, longer campaigns, according to a recent analysis by Proofpoint.
Election Security Isn't as Bad as People Think
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
6 Best Practices for Managing an Online Educational Infrastructure
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
Wi-Fi 6 Bakes in Additional IoT Security
At CES this week, the Wi-Fi Alliance offered new details on the new Wi-Fi 6 protocol, which bakes in some additional safeguards for IoT security.
Cutting Through the Jargon of AI & ML: 5 Key Issues
Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
Windows, Linux Susceptible to New Side-Channel Vulnerability
In a new paper co-authored by a researcher who discovered Spectre, it appears that Windows and Linux are susceptible to a new type of side-channel vulnerability that can target the page cache of an operating system.
Your Life Is the Attack Surface: The Risks of IoT
To protect yourself, you must know where you're vulnerable — and these tips can help.
Security Matters When It Comes to Mergers & Acquisitions
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Spectre, Meltdown Vulnerabilities Will Haunt Industry for Years
Chip makers such as Intel have released patches and fixes to mitigate Spectre and Meltdown issues, but the problem won't be solved until they come out with new architectures, which is two to three years away.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
We need more stringent controls and government action to prevent a catastrophic disaster.
|
Latest Comment: This is not what I meant by "I would like to share some desk space"
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
