Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Twitter User Discloses Second Microsoft Zero-Day
The vulnerability can be used to elevate privileges and delete files on target systems.
8 Threats That Could Sink Your Company
Security researchers warn of both new and re-emerging threats that can cause serious harm.
Benefits of DNS Service Locality
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
FireEye Links Triton Malware to Russian Research Institute
Triton appeared in late 2017, designed to target industrial control systems. Now, FireEye has linked the malware to a Russian research facility.
iPhones Increasingly Vulnerable to Coinhive Cryptomining Malware
In their most recent Global Threat Index, Check Point researchers found a 400% increase in Coinhive attacks against iPhones by bad actors using the popular cryptomining malware.
Industrial Systems Suffer From Poor Patching, Bad Password Practices – Study
Industrial control systems are riddled with outdated software that is in need of patching, while passwords are stored in plain text and endpoints are left open to attack, according to a report from CyberX.
Battling Bots: How to Find Fake Twitter Followers
Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.
Barclays, Walmart Join New $85M Innovation Coalition
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
The Browser Is the New Endpoint
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
Former HS Teacher Admits to 'Celebgate' Hack
Christopher Brannan accessed full iCloud backups, photos, and other personal data belonging to more than 200 victims.
IoT Bot Landscape Expands, Attacks Vary by Country
New report finds 1,005 new user names and passwords beyond Mirai’s original default list two years ago.
Good Times in Security Come When You Least Expect Them
Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.
Biometrics: How to Balance Security, Privacy & Data Protection
Biometrics is a way to strengthen security within the enterprise, while doing away with older methods such as passwords. However, collecting this highly personal data has its own security risk.
Enterprises Face a Large, & Growing, Cybersecurity Skills Gap
As enterprise cybersecurity becomes complex and businesses scramble to invest more in their defenses, there's a shortage of workers with the right set of skills that businesses need. Is it possible to overcome this particular gap?
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
US Tops Global Malware C2 Distribution
The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.
UK, US to Sign Accord on AI, Cybersecurity Cooperation
Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
2018 State of Cyber Workforce
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Healthcare.gov FFE Breach Compromises 75K Users' Data
Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.
Understanding SOCs' 4 Top Deficiencies
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
Gartner Experts Highlight Tech Trends – And Their Security Risks
Security must be built into systems and applications from the beginning of the design process, they agreed.
Unpatched MikroTik Routers Vulnerable to Cryptomining Malware
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity
For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.
EU Takes Step Toward Cyberattack Sanctions
European leaders complete first step toward establishing a sanctions regime.
Google Patch to Block Spectre Slowdown in Windows 10
Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
A report by the Wall Street Journal points finger at group that is known to Facebook Security.
Risky Business: Dark Reading Caption Contest Winners
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
MIT Researchers Have a DAWG in the Fight Against Spectre & Meltdown
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
McAfee: Seasalt Malware Raises Its Head Again
Code from the Seasalt malware that was last seen in 2010 has been found in new campaigns in North Korea and North America, according to McAfee.
Cyber Espionage Campaign Reuses Code from China's APT1
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
How to Get Consumers to Forgive You for a Breach
It starts with already-established trust, a new survey shows.
New Security Woes for Popular IoT Protocols
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
7 Ways a Collaboration System Could Wreck Your IT Security
The same traits that make collaboration systems so useful for team communications can help hackers, too.
GreyEnergy Group Tied to Power Plant Attacks in Ukraine & Poland
Research from ESET has uncovered a new group called GreyEnergy, which appears to have targeted power plants in the Ukraine and Poland. The malware has also been linked to a previous group dubbed BlackEnergy.
Apache Access Vulnerability Could Affect Thousands of Applications
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
Your People Can't Secure Your Network? Try Tier 0 Automation
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Oracle Issues Massive Collection of Critical Security Updates
The software updates from Oracle address a record number of vulnerabilities.
(ISC)² : Global Cybersecurity Workforce Short 3 Million People
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Cybercrime-as-a-Service: No End in Sight
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The Three Dimensions of the Threat Intelligence Scale Problem
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
Why Killing Off TLS 1.0 & 1.1 Is a Good Thing
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
IBM's Ginni Rometty: We're the Blockchain & Quantum Computing Leader
At the Gartner Symposium/ITXPO, IBM CEO Ginni Rometty talked a lot about the cloud, but also how Big Blue is leading in two cutting-edge developments: Quantum computing and blockchain.
|
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
