Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Rising Ransomware Breaches Underscore Cybersecurity Failures
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
New Wroba Campaign Is Latest Sign of Growing Mobile Threats
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
JavaScript Obfuscation Moves to Phishing Emails
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
SANS Launches New CyberStart Program for All High School Students
Free program lets students solve real-world security problems - and learn about cybersecurity.
First the Good News: Number of Breaches Down 51% Year Over Year
But the number of records put at risk experiences a massive increase. Here's why.
McAfee Launches XDR, Browser Isolation, Cloud App Security Tools
New additions are built to help organizations better respond to threats and protect applications and data in the cloud.
Hackers Make Off With Millions From Wisconsin Republicans
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.
Ransomware Wave Targets US Hospitals: What We Know So Far
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
How Healthcare Organizations Can Combat Ransomware
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership
Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
How to Increase Voter Turnout & Reduce Fraud
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
'Act of War' Clause Could Nix Cyber Insurance Payouts
The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
Is Your Encryption Ready for Quantum Threats?
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
US Government Issues Warning on Kimsuky APT Group
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
6 Ways Passwords Fail Basic Security Tests
New data shows humans still struggle with password creation and management.
Rethinking Security for the Next Normal -- Under Pressure
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
Trump Campaign Website Defaced by Unknown Attackers
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
Physical Security Has a Lot of Catching Up to Do
The transformation we need: merging the network operations center with the physical security operations center.
Survey Uncovers High Level of Concern Over Firewalls
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
MITRE Shield Matrix Highlights Deception & Concealment Technology
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Akamai Acquires Asavie
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
Developers' Approach to App Testing Could Cut Flaw Fix Times by 80 Days
An analysis of more than 130,000 active applications found more with at least one high-severity flaw compared with 2019.
Employees Aware of Emailed Threats Open Suspicious Messages
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
5 Human Factors That Affect Secure Software Development
With the move to remote work, it's especially important to understand how to support, discourage, and monitor conditions for development teams.
Neural Networks Help Users Pick More-Secure Passwords
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
New Report Links Cybersecurity and Sustainability
Some have also created the role of chief sustainability officer, according to Kaspersky.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
The Story of McAfee: How the Security Giant Arrived at a Second IPO
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.
US Treasury Sanctions Russian Institution Linked to Triton Malware
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Flurry of Warnings Highlight Cyber Threats to US Elections
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
A Pause to Address 'Ethical Debt' of Facial Recognition
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Botnet Infects Hundreds of Thousands of Websites
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says.
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.
WordPress Plug-in Updated in Rare Forced Action
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
McAfee Raises $740M in Second IPO
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
Need for 'Guardrails' in Cloud-Native Applications Intensifies
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
FIRST Announces Cyber-Response Ethical Guidelines
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
Oracle Releases Another Mammoth Security Patch Update
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
As Smartphones Become a Hot Target, Can Mobile EDR Help?
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Dealing With Insider Threats in the Age of COVID
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
