Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Healthcare.gov FFE Breach Compromises 75K Users' Data
Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.
Understanding SOCs' 4 Top Deficiencies
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
Gartner Experts Highlight Tech Trends – And Their Security Risks
Security must be built into systems and applications from the beginning of the design process, they agreed.
EU Takes Step Toward Cyberattack Sanctions
European leaders complete first step toward establishing a sanctions regime.
Google Patch to Block Spectre Slowdown in Windows 10
Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
A report by the Wall Street Journal points finger at group that is known to Facebook Security.
Risky Business: Dark Reading Caption Contest Winners
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
Cyber Espionage Campaign Reuses Code from China's APT1
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
How to Get Consumers to Forgive You for a Breach
It starts with already-established trust, a new survey shows.
New Security Woes for Popular IoT Protocols
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
7 Ways a Collaboration System Could Wreck Your IT Security
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Apache Access Vulnerability Could Affect Thousands of Applications
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Oracle Issues Massive Collection of Critical Security Updates
The software updates from Oracle address a record number of vulnerabilities.
(ISC)² : Global Cybersecurity Workforce Short 3 Million People
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Cybercrime-as-a-Service: No End in Sight
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The Three Dimensions of the Threat Intelligence Scale Problem
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
A Cybersecurity Weak Link: Linux and IoT
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
Rapid7 Acquires tCell
The purchase brings together a cloud security platform with a web application firewall.
6 Reasons Why Employees Violate Security Policies
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
6 Security Trends for 2018/2019
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Millions of Voter Records Found for Sale on the Dark Web
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
3 Out of 4 Employees Pose a Security Risk
New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.
DoD Travel System Breach Exposed Data of 30K Civilian, Military Employees
Defense Dept. says contractor that handles travel management services was hacked.
4 Ways to Fight the Email Security Threat
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Most IT Security Pros Want to Change Jobs
They cite five main reasons for wanting to move on – and what it would take to retain them.
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
Threat Hunters & Security Analysts: A Dynamic Duo
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Many organizations have yet to create an effective cybersecurity strategy — and it's costing them millions.
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Window Snyder Shares Her Plans for Intel Security
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Most Malware Arrives Via Email
Watch out for messages with the word "invoice" in the subject line, too.
Google Adds New Identity, Security Tools to Cloud Platform
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
Not All Multifactor Authentication Is Created Equal
Users should be aware of the strengths and weaknesses of the various MFA methods.
One-Third of US Adults Hit with Identity Theft
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Meet 5 Women Shaping Microsoft's Security Strategy
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
Russian Hacking Groups Intersect in Recent Cyberattacks
Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity.
New Threat Group Conducts Malwareless Cyber Espionage
Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
|
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.
Tweet This
1 Comments
