Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
To Stockpile or Not to Stockpile Zero-Days?
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
2018 Hacker Kids Gift Guide
Fun gift choices that foster design thinking and coding skills in kids both young and old.
Geoblocking, Even at Low Levels, Restricts Internet Freedom – Study
A new research paper from the University of Michigan and Cloudflare finds that geoblocking or geofencing is not as extensive as some believe. However, even at low levels, this practice can restrict Internet freedom.
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Microsoft Enables Account Sign-In via Security Key
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Cybersecurity at the Core
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
A solid response and reputation management program will go a long way in surviving a major breach.
6,500 Dark Web Sites Offline After Hosting Service Attacked
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
8 Security Buzzwords That Are Too Good to Be True
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Leaderboard Shows Adoption of DMARC Email Security Protocol
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
IoT Security Problems Can Cost Enterprises Millions
A survey by DigiCert finds that the IoT is a priority for most companies, but many enterprises struggle when it comes to security and privacy. This can translate into firms losing millions.
Former FBI Agent James Gagliano: 'Cyber Touches Everything'
Former FBI Agent James Gagliano sees the worlds of physical security and cybersecurity increasingly merging in the area of critical infrastructure.
Securities Markets at High Risk of Cyberattack
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Divide Remains Between Cybersecurity Awareness and Skill
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
It's the most wonderful time of the year – and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
Instagram Privacy Tool Exposed Passwords
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
Employees Traveling This Holiday? Don't Forget Good Security Practices
A survey finds that employees are more likely to bypass good security practices when they travel during the holiday season, but still log onto the corporate network to work.
Security Concerns Increasing as BYOD Programs Continue to Grow
Businesses are expanding their BYOD programs to include partners, customers and others, but most are behind in securing their mobile environments, according to a Bitglass survey.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
26M Texts Exposed in Poorly Secured Vovox Database
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
BlackBerry Acquiring Security & AI Firm Cylance for $1.4B
BlackBerry is continuing to move away from its smartphone legacy with the acquisition of Cylance, a firm that specializes in artificial intelligence and security, in a deal worth $1.4 billion.
95% of Organizations Have Cultural Issues Around Cybersecurity
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
AI Poised to Drive New Wave of Exploits
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
Magecart Attacks Proving Persistent Problem for Online Retailers
A research report shows that one in five sites targeted by a Magecart attack become re-infected, with the average skimming operation lasting nearly 2 weeks.
New Spectre & Meltdown Attacks Show Limits of CPU Vulnerabilities
A group of researchers from Belgium, Austria and the US have uncovered more Spectre and Meltdown flaws in CPU architectures, but their paper also shows the limits of these vulnerabilities in real-world attacks.
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
Congress Passes Bill to Create New Federal Cybersecurity Agency
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Cyber Crooks Diversify Business with Multi-Intent Malware
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Cloud, China, Generic Malware Top Security Concerns for 2019
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
Japan Cyber Minister Says He Has Never Used a Computer
Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
In addition, most have "unacceptable" privacy policies and "non-existent user support."
From Reactive to Proactive: Security as the Bedrock of the SDLC
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Mylobot Botnet & Khalesi Malware Deliver One-Two Security Punch
The recently discovered Mylobot botnet is now delivering Khalesi information stealer malware as part of its payload, according to new research from CenturyLink.
Kubernetes & Containers Stir Security Concerns in the Cloud
A study by security startup StackRox finds that in the rush to incorporate Kubernetes and containers into enterprises' cloud plans, security issues are being missed.
WannaCry Continues Rampage 18 Months After First Outbreak
A new report from Kaspersky Lab finds that 18 months after WannaCry fist infected Windows machines around the world, the ransomware remain a significant security threat.
Small-Time Cybercriminals Landing Steady Low Blows
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Security Teams Struggle with Container Security Strategy
Fewer than 30% of firms have more than a basic container security plan in place.
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
At the same time, criminal organizations continue to look for new ways to attack their victims.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data – and are fearful of a near-term breach of critical infrastructure.
Airlines Have a Big Problem with Bad Bots
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
Understanding Evil Twin AP Attacks and How to Prevent Them
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
To Click or Not to Click: The Answer Is Easy
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Sophos: 'Living off the Land' Is the Law of the Land
In its annual Threat Report, Sophos Labs researchers find that cybercriminals are using 'living off the Land' techniques more frequently for their attacks. At the same time, the study finds that ransomware is getting more hands-on.
Google Data Center Traffic Rerouted to Nigeria, China & Russia
For over an hour this week, some Internet traffic from Google's data centers was rerouted through a Nigerian ISP and possibly sent to Russia and China.
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
|
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
