Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Google Creates Online Phishing Quiz
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
Cybercriminals Home in on Ultra-High Net Worth Individuals
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
Think Twice Before Paying a Ransom
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
In the Cloud, SD-WAN Provides Security at the Edge
As businesses move to the cloud, remote locations are relying more and more on SD-WAN. However, this change means a different approach to security. Here's why enterprises should look to the edge.
Enterprise Malware Detections Up 79% as Attackers Refocus
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
Stealthy New DDoS Attacks Target Internet Service Providers
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Hack of Plug-in Website Ruffles WordPress Community
An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.
Security Talent Continues to Fetch Top Dollar on IT Job Market
IT and cybersecurity positions continue to rank near the top of the salary ranges paid to IT professionals, according to a new survey.
The Fact and Fiction of Homomorphic Encryption
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
Real-World Threats That Trump Spectre & Meltdown
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
How Cybercriminals Clean Their Dirty Money
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Enterprises Are Getting Smarter When It Comes to Patching Vulnerabilities – Study
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Google Hit With $57 Million GDPR Fine in France
The fine represents the first major penalty for a US technology company under the new European regulations.
Shadow IT, IaaS & the Security Imperative
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
Microsoft Looks to Squash Bugs in its Azure DevOps Product
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
2018's Most Common Vulnerabilities Include Issues New and Old
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
VC Investments in Cybersecurity Hit Record Highs in 2018
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
GDPR Suit Filed Against Amazon, Apple
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
PCI Council Releases New Software Framework for DevOps Era
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Vulnerability Puts Millions of Fortnite Players at Risk, Check Point Finds
Epic Games, the developer of Fortnite, fixed vulnerabilities in its web infrastructure that researchers said exposed the sensitive information of users of the wildly popular online game.
8 Tips for Monitoring Cloud Security
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
Intel Patching SGX Flaw That Can Lead to Escalation of Privileges
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Microsoft Launches New Azure DevOps Bug Bounty Program
A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
New Attacks Target Recent PHP Framework Vulnerability
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
'Collection #1' Repository Totals 87GB of Stolen Email Addresses & Passwords
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
The network no longer provides an air gap against external threats, but access devices can take up the slack.
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Simulating Lateral Attacks Through Email
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
A Diverse Security Workforce Is a Stable Security Workforce
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Fancy Bear's LoJax C&C Servers Still Functioning in the Wild
A new report from NetScout's ASERT Team found that two command-and-control servers associated with Fancy Bear's LoJax malware are still active.
Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments
The World Economic Forum ranks climate change, economic instability, cyber attacks and data thefts as some of the top concerns facing businesses around the globe.
Malware Built to Hack Building Automation Systems
Researchers dig into vulnerabilities in popular building automation systems, devices.
Oklahoma Data Leak Compromises Years of FBI Data
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
BEC Groups Ramp Up Payroll Diversion Attacks
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Fortnite Players Compromised Via Epic Games Vulnerability
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Are You Listening to Your Kill Chain?
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Triton/Trisis Attack Was More Widespread Than Publicly Known
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC
The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.
Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
Zix Acquiring AppRiver to Bolster Email Security for SMBs
In a move to bolster its email security portfolio for small and midsized businesses, Dallas-based Zix is paying $275 million for AppRiver.
Hijacking a PLC Using its Own Network Features
Researcher at S4x19 to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
Report: Bots Add Volume to Account Takeover Attacks
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
Online Fraud: Now a Major Application Layer Security Problem
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
US Judge: Police Can't Force Biometric Authentication
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
7 Privacy Mistakes That Keep Security Pros on Their Toes
When it comes to privacy, it's the little things that can lead to big mishaps.
|
Improving Enterprise Cybersecurity With XDREnterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
