Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
Do you know what happens to your data when it's not in use? If the answer is no, you need to fix that.
Accidental Cryptojackers: A Tale of Two Sites
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.
PowerGhost Cryptomining Malware Targets Corporate Networks
Kaspersky Lab researchers said the malware uses fileless techniques to make it harder to detect and the Eternal Blue exploit to spread to systems across the networks.
MUD: The Solution to Our Messy Enterprise IoT Security Problems?
The 'Manufacturer Usage Description' proposal from IETF offers a promising route for bolstering security across the industry.
New Spectre-Like Vulnerability Allows for Remote Data Theft
Researchers have found new Spectre-like vulnerability in x86 processors called NetSpectre, which allows attackers to steal data remotely.
Zero Trust Means Never Trust & Always Verify
Enterprise security teams have actually been practicing zero trust policies for a number of years, but new advances and better tools now make the philosophy easier to implement. Still, it's always best to verify.
Every Week Is Shark Week in Cyberspace
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
Symantec: Leafminer Group Is a Dangerous Group of Amateurs
While the Leafminer group has been causing significant problems in the Middle East for well over a year, Symantec notes that the group is doing so using rather amateurish techniques.
Kronos Returns as Banking Trojan Attacks Ramp Up
Proofpoint researchers have seen a new version of the four-year-old Kronos emerge in campaigns in Europe and Japan. The report also finds it may be rebranded as 'Osiris.'
5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
Keep your company protected with a mix of old- and new-school technologies.
The Double-Edged Sword of Artificial Intelligence in Security
AI is revolutionizing cybersecurity for both defenders and attackers as hackers, armed with the same weaponized technology, create a seemingly never-ending arms race.
California's CCPA Law: Why CISOs Need to Take Heed
The recently enacted California Consumer Privacy Act, while hardly a sweeping reform of the state's privacy laws, changes the playing field for IT risk and liability where California residents' personal information is concerned.
The Good & Bad News About Today's Cybersecurity Investment Landscape
Lots of things keep CISOs up at night. But instead of guessing what CISOs want, investors and vendors should incorporate customer feedback throughout product ideation and development cycles.
Securing Our Interconnected Infrastructure
A little over a year ago, the world witnessed NotPetya, the most destructive cyberattack to date. What have we learned?
Bluetooth Vulnerability Opens Up Man-in-the-Middle Attacks
With almost certainly hypothetical, this vulnerability in Bluetooth's protocol could result in a man-in-the-middle attack and allow the culprits to steal personal data off a device.
How 'Projection' Slows Down the Path to Security Maturity
A little bit of self-awareness goes a long way when it comes to evaluating a company's security maturity level. It's also a prerequisite to improving.
Threat Hunting: Rethinking 'Needle in a Haystack' Security Defenses
In cyber, needles (that is, threats) can disappear quickly, for a variety of reasons, and long often after hackers have completed what they came to do.
Kaspersky: There's No Such Thing as a Free Gift Card Code
Kaspersky Labs is warning that bad actors are using a scheme offering free gift card codes from Amazon, Google, eBay and others to separate consumers from their personal data and money.
London Calling with New Strategies to Stop Ransomware
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Watch Out: The Dark Web Is Really Watching You
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
DNS Rebinding Attack Could Affect Half a Billion IoT Devices
From smart speakers to printers to IP-connected video equipment, DNS rebinding attacks are targeting a number of IoT-based devices.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
More Data Breaches in Store for US Retail Industry
A report from Thales eSecurity and 451 Research finds that the security systems of US retailers are getting breached more often than their global counterparts. As a result, IT is rethinking its security spending.
The Fundamental Flaw in Security Awareness Programs
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Beyond Passwords: Why Your Company Should Rethink Authentication
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Make Security Boring Again
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
SCADA/ICS Dangers & Cybersecurity Strategies
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Researchers Detail Spoofing Attack Against Vehicle GPS
A new paper shows that with the right amount of hardware and know-how, an attacker can spoof a vehicle's GPS system and change the route.
Time to Yank Cybercrime into the Light
Too many organizations are still operating blindfolded, research finds.
IDT CIO Faces Down New Crop of Global Threats
IDT CIO Golan Ben-Oni has faced down two serious cyberattacks in the last year and he expects more are on the way. From selecting vendors to thinking about the cloud, here's how Ben-Oi is rethinking the security landscape.
Broadcom's Deal for CA Puts Big Iron in the Spotlight
With Broadcom buying CA for $18.9 billion, old-time big iron is suddenly cool again. Here's what it means for security and software development.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
To keep an organization safe, you must think about the entire IT ecosystem.
Attackers Increasingly Turning Attention to the Cloud
In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.
Bug Bounty Programs Paying Off for Enterprises
The number of bug bounty programs continues to grow, and enterprise security is better for it. A new report urges more businesses to embrace and not squash these initiatives.
Lessons from My Strange Journey into InfoSec
Establishing an entrée into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M
For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.
Kaspersky: Asia the Focus of APT Operations in Q2
In their second quarter report, Kaspersky researchers also noted the return of various well-known bad actors and the threats facing networking hardware devices.
Getting Safe, Smart & Secure on S3
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
What We Talk About When We Talk About Risk
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
By targeting third-party vendors that Ticketmaster uses to help process payment, the Magecart group appears to be expanding the scope of its cybercrimes, according to RiskIQ.
For Data Thieves, the World Cup Runneth Over
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
HNS IoT Botnet Evolves, Goes Cross-Platform
The Hide 'N Seek malware had previously targeted devices such as home routers and DVRs, but now the botnet is including Apache CouchDB and OrientDB in its expanding list of targets.
Cisco: GDPR Is About More Than Compliance
Cisco's top privacy official says that the EU's new privacy regulations – GDPR – gives forward-thinking companies an opportunity to excel by building new data management and privacy models.
Creating a Defensible Security Architecture
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Attackers Combining Smoke Loader & PROPagate in New Campaign
Cisco Talos researchers have found that attackers have started to combine Smoke Loader and the PROPagate injection in a new campaign delivered through phony Word documents.
Reactive or Proactive? Making the Case for New Kill Chains
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Google, Firefox Pull Stylish After Report Shows How Data Is Collected
A security researcher showed how the Stylish browser extension sent personal data and search results back to the parent company, and this forced Mozilla and Google to yank it off their stores.
|
Latest Comment: The superior method of sandboxing called "sandcastling" involves having the user detonate the malware.
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Tweet This
17 Comments
