Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Why Sharing Intelligence Makes Everyone Safer
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Mobile Malware Group Hits Google Play a Third Time
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Redefining Security with Blockchain
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Cynicism in Cybersecurity: Confessions of a Recovering Cynic
Anyone constantly dealing with complex computer systems teetering on the brink of disaster will likely succumb to the cult of cynicism. These four strategies will help you focus on the positive.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
After 20 years, the Wi-Fi Alliance has released a new WiFi standard – WPA3 – which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Secure by Default Is Not What You Think
The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Cloud-Based Identity Management Systems: What to Look For
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
Secure Code: You Are the Solution to Open Source’s Biggest Problem
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Adware & Cryptomining Remain Top Enterprise Security Threats
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
White House Email Security Faux Pas?
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
AppSec in the World of 'Serverless'
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Containers in the Cloud Are Great, but Are They Secure?
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Olympic Destroyer Returns With Attacks in Europe
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
Improving the Adoption of Security Automation
Four barriers to automation and how to overcome them.
Betabot Trojan Reborn in New Sophisticated Form
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
How to Prepare for 'WannaCry 2.0'
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Do 'cloud-first' strategies create a security-second mindset?
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Is Florida Really Such a Cybersecurity Risk?
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Modern Cybersecurity Demands a Different Corporate Mindset
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Meet 'Bro': The Best-Kept Secret of Network Security
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Cisco: Companies More Proactive About Cybersecurity
The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.
IPS: A Key Network Protection in an Age of Increasing Threats
Intrusion prevent systems or IPS have had a checkered history in the enterprise, but increases in malicious activity across business networks have shown the technology can make a big security difference.
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
Why CISOs Need a Security Reality Check
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
'Shift Left' & the Connected Car
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
Talos: VPNFilter Malware Still Stands at the Ready
Rebooting routers and the FBI's takeover of the C&C server may have mothballed the threat that infected more than 500,000 routers, but attackers could get it going again, Talos's Craig Williams said at Cisco Live in Orlando.
Weaponizing IPv6 to Bypass IPv4 Security
Just because you're not yet using IPv6 doesn't mean you're safe from the protocol's attack vectors.
6 Ways Greed Has a Negative Effect on Cybersecurity
How the security industry can both make money and stay true to its core values, and why that matters.
ISF: Balance Is Key to Mobile Security
As the workforce becomes more mobile, companies can't lock everything down but also can't risk leaving their mobile environments wide open, Information Security Forum finds.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
Threat Landscape: Dark Reading Caption Contest Winners
Insider threats -- desktop attacks, security awareness, caffeine -- all worthy contenders in our cartoon caption competition. And the winners are ...
Operation Prowli Infects 40,000 Systems for Cryptomining
GuardiCore researchers uncover a campaign that has comprised vulnerable servers at more than 9,000 companies worldwide for cryptojacking and traffic manipulation purposes.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Side-Channel Attacks & the Importance of Hardware-Based Security
Reliably evaluating the security of modern infrastructure requires a solid understanding of the hardware supporting it.
In Pursuit of Cryptography's Holy Grail
Homomorphic encryption eliminates the need for data exposure at any point — something that certainly would be welcome these days.
|
Latest Comment: Sandboxing? Ppphhht! I've moved beyond sandboxes to sandcastles.
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Tweet This
17 Comments
