Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
UPnProxy Still Infecting Thousands of Home & Small Business Routers
An analysis by Akamai finds that UPnProxy is still out in the wild and still targeting routers mainly used in homes and by small businesses.
Establishing True Trust in a Zero-Trust World
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
The Return of Email Flooding
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
Data Breach Threats Bigger Than Ever
A quarter of IT and security leaders expect a major data breach in the next year.
The "Typical" Security Engineer: Hiring Myths & Stereotypes
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
New Worm Helps Spread Fileless Version of Bladabindi RAT
An updated version of the Bladabindi RAT is fileless and can now be spread through removable USB and other storage devices.
How to Find a Privacy Job That You'll Love (& Why)
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Rowhammer Vulnerability Can Bypass ECC Memory Chips
New research finds that the Rowhammer vulnerability can be adjusted to bypass ECC memory chips, exposing processors to an attack.
12 Cloud Backup Tips to Protect Your Business's Back-End Servers
The cloud can offer cost-effective backups for enterprise web servers, file servers and other critical infrastructure. Here are a dozen tips on how to make cloud backups safe and efficient.
Transforming into a CISO Security Leader
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
Carbon Black: Cyber Attacks Could Jump 60% During Holidays
Spear-phishing campaigns are the most common form of attack as shoppers go to the stores and online and employees hit the road, according to a survey from Carbon Black.
GDPR Presents New Challenges in Backup & Disaster Recovery Management
GDPR applies not only to primary systems, but also to backup and recovery systems. Cloud storage, combined with a modicum of common sense, may prove essential to helping with GDPR compliance for these systems.
Perceptual Ad Blockers Have Security Flaws, Too
Blocking ads is more than stopping annoying pop-ups. There's a security component as well. However, a crop of perceptual ad blockers that use machine learning have their own flaws and shortcomings.
To Stockpile or Not to Stockpile Zero-Days?
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
Geoblocking, Even at Low Levels, Restricts Internet Freedom – Study
A new research paper from the University of Michigan and Cloudflare finds that geoblocking or geofencing is not as extensive as some believe. However, even at low levels, this practice can restrict Internet freedom.
Cybersecurity at the Core
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
8 Security Buzzwords That Are Too Good to Be True
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
IoT Security Problems Can Cost Enterprises Millions
A survey by DigiCert finds that the IoT is a priority for most companies, but many enterprises struggle when it comes to security and privacy. This can translate into firms losing millions.
Employees Traveling This Holiday? Don't Forget Good Security Practices
A survey finds that employees are more likely to bypass good security practices when they travel during the holiday season, but still log onto the corporate network to work.
Security Concerns Increasing as BYOD Programs Continue to Grow
Businesses are expanding their BYOD programs to include partners, customers and others, but most are behind in securing their mobile environments, according to a Bitglass survey.
95% of Organizations Have Cultural Issues Around Cybersecurity
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
New Spectre & Meltdown Attacks Show Limits of CPU Vulnerabilities
A group of researchers from Belgium, Austria and the US have uncovered more Spectre and Meltdown flaws in CPU architectures, but their paper also shows the limits of these vulnerabilities in real-world attacks.
Cyber Crooks Diversify Business with Multi-Intent Malware
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
From Reactive to Proactive: Security as the Bedrock of the SDLC
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Understanding Evil Twin AP Attacks and How to Prevent Them
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
To Click or Not to Click: The Answer Is Easy
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Google Data Center Traffic Rerouted to Nigeria, China & Russia
For over an hour this week, some Internet traffic from Google's data centers was rerouted through a Nigerian ISP and possibly sent to Russia and China.
Empathy: The Next Killer App for Cybersecurity?
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
RIP, 'IT Security'
Information security is vital, of course. But the concept of "IT security" has never made sense.
'CARTA': A New Tool in the Breach Prevention Toolbox
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
Metamorfo Trojan Revamped to Evade Antivirus Protections
The Metamorfo Trojan, which has targeted banks and other financial institutions in Brazil, has been revamped by threat actors to better evade antivirus and other security protections.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
DJI Drones Buzzed Over Security Flaw in Company's User Forum
Check Point researchers found a flaw in the DJI's online user forum that could allow an attacker to access and steal information from one of the company's drones.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
The technology never really took off in IT, but it could be very helpful in the industrial world.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
5 Reasons Why Threat Intelligence Doesn't Work
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
'Outlaw' IRC Bot Roughs Up Windows & Open Source Environments
Trend Micro is having a showdown with a IRC bot developed by a group dubbed 'Outlaw,' which is targeting Windows, Ubuntu and even Android environments.
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.
Hidden Costs of IoT Vulnerabilities
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
After the Breach: Tracing the 'Smoking Gun'
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
'BLEEDINGBIT' Bluetooth Vulnerability Leaves Enterprises Exposed to Attacks
Security firm Armis has found two, zero-day vulnerabilities in the BLE protocol of Texas Instrument chips that researchers call 'BLEEDINGBIT.'
On Eve of 2018 Midterm Elections, All Eyes Still on Cybersecurity
Netscout and McAfee executives talk about the myriad challenges facing state and county election officials as voting for the 2018 midterm elections is about to get underway.
Tackling Cybersecurity from the Inside Out
New online threats require new solutions.
RDP Attacks Prompt New Slate of Security Warnings
Following a warning by the FBI, Trend Micro has issued its own alert about an increase in RDP attacks that have targeted enterprises all around the world.
Where Is the Consumer Outrage about Data Breaches?
Facebook, Equifax, Cambridge Analytica … Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Not Every Security Flaw Is Created Equal
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
Let's Get Physical: Why Protecting Hardware Is Essential to Good Cybersecurity
Enterprises need to consider physical security as part of any comprehensive cybersecurity plan.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
