Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Google Cloud Least-Privilege Function Goes Live
Custom Roles for Cloud IAM now available in production from Google.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
IoT devices are a botherder's dream attack-vector.
700,000 Bad Apps Deleted from Google Play in 2017
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Ransomware Shows There's no Honor Among Cyberthieves
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
Data Encryption: 4 Common Pitfalls
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Four Enterprise Security Lessons From Maury
Popular daytime TV show Maury offers some surprisingly apt lessons for enterprise IT leaders for keeping their data protected and their networks secure.
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Digital Extortion to Expand Beyond Ransomware
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
Hack Costs Coincheck Cryptocurrency Exchange $530 Million
Losses at Japanese exchange Coincheck surpass those of the Mt. Gox Bitcoin exchange hack in 2014, and may be largest-ever cryptocurrency theft.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Cryptomining: Paying the Price for Cryptocurrency
The growing popularity of Bitcoin and other cryptocurrency has led to cryptomining, with enterprises and individuals running the software unknowingly. Here's a look at the underside of this new business model.
Trump's 5G Nationalization Plan: Is It Good for Security?
The Trump administration has floated a plan to nationalize 5G networks as a security precaution against China, but it's been met with confusion.
Thieves Target ATMs In First US 'Jackpotting' Attacks
Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
RELX Group Agrees to Buy ThreatMetrix for £580M Cash
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Intel CEO Promises Chips That Fix Spectre & Meltdown Flaws
During Intel's fourth-quarter earnings call, CEO Brian Krzanich promises the company will ship processors that are free of the Spectre and Meltdown flaws later this year.
Selling Cloud-Based Cybersecurity to a Skeptic
When it comes to security, organizations don’t need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
Alphabet's Security Moonshot: To Boldly Go... Where Others Are Going Too
Google parent company Alphabet launches Chronicle, a business unit looking to create a digital 'immune system' against threats. Other companies are taking a similar approach.
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
Microsoft is a partner at annual contest for the first time.
Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
Cisco Beefing Up Cloud Security With Skyport Buy
Cisco gains expertise and technology in hardware security to augment software tools.
Ransomware Detections Up 90% for Businesses in 2017
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
How Containers & Serverless Computing Transform Attacker Methodologies
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
New Voice MFA Tool Uses Machine Learning
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
8 Personal & Professional Data Privacy Tips to Follow
With International Data Privacy Day coming later this month, Security Now offers a checklist to help protect personal and professional data.
Avoiding the Epidemic of Hospital Hacks
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
HPE, Dell EMC Warn Customers Over Spectre, Meltdown Patches
Hewlett Packard Enterprise and Dell EMC, two of the biggest suppliers of enterprise data center gear, have issued new warnings about the Spectre and Meltdown patches from Intel.
Ransomware Actors Cut Loose on Health Care Organizations
An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
DDoS Attacks Become More Complex and Costly
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
PCI DSS Adds Standard for Software-based PIN Entry
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
Meet Chronicle: Alphabet's New Cybersecurity Business
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
Security Automation: Time to Start Thinking More Strategically
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Bell Canada Hit with 2nd Breach in 8 Months
Less than 100,000 customers affected in latest incident.
|
How Enterprises are Attacking the Cybersecurity ProblemConcerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
