Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Hands-Off Security: Automating & Virtualizing the Enterprise Network
A series of recent tech events demonstrate that enterprises are increasingly using virtualized automation to improve their network-security posture – but perhaps no tool is perfect.
FBI & DHS Warn About 2 North Korea Malware Threats
The FBI and Department of Homeland Security are warning about North Korea's Hidden Cobra group, which is suspected of being behind the Joanap and Brambul threats that have targeted multiple countries for almost a decade.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
Public Cloud, Part of the Network or Not, Remains a Security Concern
Security in the public cloud is like asking who is responsible for securing your rented apartment – you or the building owner?
Researchers Bypass AMD's SEV Hypervisor & Cause More Chip Concerns
Intel is not the only chip maker being tested these days. A group of German researchers have found a way around AMD's SEV hypervisor, leaving these processors open to attack.
How to Empower Today's 'cISOs'
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
New Threats, Old Threats: Everywhere a Threat
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Z-Shave Attack Shows Why IoT Security Need More Attention
Pen Test Partners have discovered a new IoT vulnerability that researchers call Z-Shave. This shows why manufactures need to think much harder about building security into connected devices.
Bridging the Cybersecurity Talent Gap
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
IoT Security Concerns Include Pet Trackers, Kaspersky Finds
Kaspersky Lab researchers found BLE and weaknesses in the Android apps running on pet trackers can enable attackers to access user data from the IoT devices.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
GDPR Should Change Your Thinking About Network Firewalls
Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.
FBI Knocks Out VPNFilter Malware That Infected 500K Routers
The VPNFilter botnet malware spread to 500,000 globally before the FBI knocked it out late in the day on May 23. However, it's another skirmish in the cyberfight between Russia and Ukraine.
The Good & Bad News about Blockchain Security
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Is Threat Intelligence Garbage?
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
Spectre Number 4 Disclosure Raises Fresh Hardware Alarms
The latest side-channel vulnerability, dubbed Spectre Number 4, is raising new alarms about widespread issues in chips, beyond x86. However, this time, Intel is trying a different approach.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
The State of Information Sharing 20 Years after the First White House Mandate
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
Roaming Mantis Android Malware Expands Its Reach to iOS, Cryptomining
The rapidly evolving campaign that is Roaming Mantis now includes iOS devices, expansion into new regions around the world, additional cryptomining capabilities and it is becoming even more evasive.
Satori Botnet Plays Hidden Role in Cryptomining Scheme, Researchers Find
Several different researchers have found that recent attempts on TCP port 3333 is the work of a cryptomining scheme where the Satori botnet is playing a hidden part.
Get Smart About Network Segmentation & Traffic Routing
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
Check Point: Cryptomining Malware Targeting Vulnerable Servers
As the incidence of ransomware wanes, attackers are shifting to cryptocurrency mining malware as a less noisy, more lucrative alternative, according to a new Check Point study.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
How to Hang Up on Fraud
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
Throwhammer & Nethhammer Show How Chips Are Vulnerable to Bit Flips
In a pair of papers released over the last week, researchers have shown how two different types of attacks, Throwhammer and Nethhammer, can cause a bit flip in chips by sending packets across a standard network.
The Risks of Remote Desktop Access Are Far from Remote
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
WannaCry: How the Notorious Worm Changed Ransomware
This week marked the one-year anniversary of the WannaCry ransomware attacks and its impact can still be seen in the form of such encrypting malware as NotPetya, BadRabbit and Olympic Destroyer.
Boosting Security Effectiveness with 'Adjuvants'
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
Want Your Daughter to Succeed in Cyber? Call Her John
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
Relax: PGP Is Still Secure
Talk about overreacting. After researchers claimed to have found some flaws in PGP, the industry lost its collective mind. Here's what is really happening.
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network
They may be stupidly named but they are essential for protecting enterprise assets that span on-premises servers, IaaS and PaaS clouds, as well as virtual machines.
Taming the Chaos of Application Security: 'We Built an App for That'
Want to improve the state of secure software coding? Hide the complexity from developers.
UNC Researchers Pitch Framework to Fight Password Reuse
The proposal from two security researchers at the University of North Carolina would entail creating a protocol that would enable websites and service providers to block attempts by individuals trying to use the same password for multiple sites.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
Radware: Nigelthorn Malware Hiding in Google Chrome Extensions
A new type of malware called Nigelthorn is hiding in Google Chrome extensions and hijacking victims as part of an elaborate cryptomining scheme, Radware reports.
The New Security Playbook: Get the Whole Team Involved
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
ZooPark Malware Targets Android Users in Middle East, Kaspersky Finds
The ZooPark malware that has infected Android phones has evolved rapidly over the past three years and can now steal data ranging from browser histories to photos, videos and keylogs as well as information from external apps.
Microsoft's JavaScript Update for Excel Is a Gift to Cryptominers
At Build 2018, Microsoft revealed a new JavaScript features that is supposed to add new functionality into Excel. However, it's also a gift for those who want to indulge in cryptomining schemes.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
Ready or Not: Transport Layer Security 1.3 Is Coming
Better encryption could mean weaker security if you're not careful.
Cisco: As Business Users Go Mobile, So Do Attackers
Cisco monitored the wireless traffic at the MWC show in February and found more than 32,000 security events and high use of encryption, though some applications used outdated protocols.
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
New campaign shows that there are still systems exposed to the year-old CVE–2017–7269 vuln on an operating system that was declared end-of-life three years ago.
20 Signs You Are Heading for a Retention Problem
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
|
Latest Comment: The superior method of sandboxing called "sandcastling" involves having the user detonate the malware.
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Tweet This
17 Comments
