News & Commentary
Content posted in January 2018
|
Google Cloud Least-Privilege Function Goes Live
Custom Roles for Cloud IAM now available in production from Google.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
IoT devices are a botherder's dream attack-vector.
700,000 Bad Apps Deleted from Google Play in 2017
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Data Encryption: 4 Common Pitfalls
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Digital Extortion to Expand Beyond Ransomware
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
Hack Costs Coincheck Cryptocurrency Exchange $530 Million
Losses at Japanese exchange Coincheck surpass those of the Mt. Gox Bitcoin exchange hack in 2014, and may be largest-ever cryptocurrency theft.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Thieves Target ATMs In First US 'Jackpotting' Attacks
Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
RELX Group Agrees to Buy ThreatMetrix for £580M Cash
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
When it comes to security, organizations don’t need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
Microsoft is a partner at annual contest for the first time.
Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
Ransomware Detections Up 90% for Businesses in 2017
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
How Containers & Serverless Computing Transform Attacker Methodologies
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
New Voice MFA Tool Uses Machine Learning
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Avoiding the Epidemic of Hospital Hacks
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Ransomware Actors Cut Loose on Health Care Organizations
An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
DDoS Attacks Become More Complex and Costly
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
PCI DSS Adds Standard for Software-based PIN Entry
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
Meet Chronicle: Alphabet's New Cybersecurity Business
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
Security Automation: Time to Start Thinking More Strategically
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Bell Canada Hit with 2nd Breach in 8 Months
Less than 100,000 customers affected in latest incident.
Financial Impact of Cloud Failure Could Hit $2.8B in Insured Loss
A new report highlights the potential financial damage of downtime at top cloud services providers.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
10 Costs Your Cyber Insurance Policy May Not Cover
All the things you might think are covered but that don't actually fall under most policies.
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Fallout from Rushed Patching for Meltdown, Spectre
Not all systems require full patching for the flaws right now, anyway, experts say.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
Less than 10% of Gmail Users Employ Two-Factor Authentication
Google software engineer reveals lack of user adoption for stronger authentication.
45% of Businesses Say Employees Are Biggest Security Risk
The most common cloud security worries remain the same, with unauthorized access and malware infiltrations topping concerns.
5 Steps to Better Security in Hybrid Clouds
Following these tips can improve your security visibility and standardize management across hybrid environments.
Satori Botnet Malware Now Can Infect Even More IoT Devices
Latest version targets systems running ARC processors.
Intel Says to Stop Applying Problematic Spectre, Meltdown Patch
Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-7201
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
From DHS/US-CERT's National Vulnerability Database CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7854PUBLISHED: 2019-05-22
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This