Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Driven by Ransomware, Cyber Claims Rise in Number & Value
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
Baltimore County Public Schools Closed Due to Ransomware Attack
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
Industrial Computer Maker Confirms Ransomware, Data Theft
Advantech reports the stolen data was confidential but did not contain high-value documents.
Why Vulnerable Code Is Shipped Knowingly
The business priority of speed of development and deployment is overshadowing the need for secure code.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
Do You Know Who's Lurking in Your Cloud Environment?
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Look Beyond the 'Big 5' in Cyberattacks
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Latest Version of TrickBot Employs Clever New Obfuscation Trick
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Baidu Apps Leaked Location Data, Machine Learning Reveals
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
CISA Warns of Holiday Online Shopping Scams
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
Alexa, Disarm the Victim's Home Security System
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
Cloud Security Startup Lightspin Emerges From Stealth
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
What's in Store for Privacy in 2021
Changes are coming to the privacy landscape, including more regulations and technologies.
Printers' Cybersecurity Threats Too Often Ignored
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
Security Researchers Sound Alarm on Smart Doorbells
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Manchester United Suffers Cyberattack
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Online shopping will be more popular than ever with consumers... and with malicious actors too.
10 Undergraduate Security Degree Programs to Explore
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
Facebook Messenger Flaw Enabled Spying on Android Callees
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Security Pros Push for More Pervasive Threat Modeling
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
How Cyberattacks Work
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
Telos Goes Public
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
The data breach began with a compromised employee email account.
Cybercriminals Get Creative With Google Services
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
The Yellow Brick Road to Risk Management
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
New Proposed DNS Security Features Released
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
2021 Cybersecurity Spending: How to Maximize Value
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
Unpatched Browsers Abound, Study Shows
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
Online Shopping Surge Puts Focus on Consumer Security Habits
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
Trump Fires CISA Director Chris Krebs
Christopher Krebs was fired via tweet shortly after the Cybersecurity and Infrastructure Security Agency called the 2020 election "the most secure in American history."
As Businesses Move to Multicloud Approach, Ransomware Follows
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
How to Identify Cobalt Strike on Your Network
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Researchers Say They've Developed Fastest Open Source IDS/IPS
With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
EFF, Security Experts Condemn Politicization of Election Security
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
Vulnerability Prioritization Tops Security Pros' Challenges
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Researchers Scan for Supply-Side Threats in Open Source
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
|
How Enterprises are Attacking the Cybersecurity ProblemConcerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
