Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
How to Engage Your Cyber Enemies
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
US Ballistic Missile Defense System Riddled With Security Flaws
An Inspector General's report concerning the Defense Department's Ballistic Missile Defense System found numerous security flaws, including a lack of multi-factor authentication and classified information stored on removable drives.
8 Security Tips to Gift Your Loved Ones For the Holidays
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
Shamoon Malware Re-Emerges With Attacks in Italy, Middle East
Over the last week, several reports emerged that the Shamoon malware, which was last seen in 2016, has re-emerged with attacks in Italy and the Middle East. This version includes a destructive data file wiper.
Cyber Readiness Institute Launches New Program for SMBs
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow
As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Chinese Hackers Stole Classified US Navy Info
Cyberattacks reportedly targeted US Defense contractor.
Lax Controls Leave Fortune 500 Overexposed On the Net
The largest companies in the world have an average of 500 servers and devices accessible from the Internet - and many leave thousands of systems open to attack.
Facebook: Photo API Bug Exposed 6.8M User Photos
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didn’t post.
Shhhhh! The Secret to Secrets Management
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Russian-Backed Sofacy Group Used New Cannon Trojan in Recent Attacks
Palo Alto Networks' Unit 42 has documented two months of attacks from the Sofacy group, which also goes by Fancy Bear and APT28. Researchers found the attackers deployed a new Trojan called Cannon.
SQLite Vulnerability Could Put Thousands of Apps at Risk
A significant bug in SQLite could allow for remote code execution, leaks of memory and program crashes within thousands of apps, according to new research.
Email Bomb Threats Follow Sextortion Playbook
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Who Are You, Really? A Peek at the Future of Identity
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
Spam Emails Bring Bomb Threats to US Businesses, Schools
On Thursday, US businesses and schools began receiving a number of bomb threats that demanded Bitcoin as ransom. All these seem related to a series of spam emails.
2019 Attacker Playbook
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Phishing Emails, Trojans Continued to Proliferate in Q3 – Report
Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Universities Get Schooled by Hackers
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Cybercrime Is World's Biggest Criminal Growth Industry
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
The Economics Fueling IoT (In)security
Attackers understand the profits that lie in the current lack of security. That must change.
IoT Botnets Shifting to Exploit Vulnerabilities
A report from NetScout's ASERT Team finds that IoT devices are vulnerable to exploits for long periods of time and can be attacked within minutes after coming online.
China Suspected of Massive Marriott Data Breach – Report
A New York Times report finds that investigators believe China-backed attackers pulled off the massive data breach at Marriott, exposing the records of 500 million guests. It's a continuation of the tensions between China and the US.
Worst Password Blunders of 2018 Hit Organizations East and West
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Deception: Honey vs. Real Environments
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Mac Malware Cracks WatchGuard’s Top 10 List
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Arctic Wolf Buys RootSecure
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Forget Shifting Security Left; It's Time to Race Left
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
'Operation Sharpshooter': Lazarus Revived or False Flag Operation?
McAfee Labs has homed in on a new attack targeting critical infrastructure that they call 'Operation Sharpshooter.' However, while there is technical overlap with the Lazarus Group, there's also the possibility of a false flag operation.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
'Novidade' Exploit Changes DNS Settings in Home & Small Business Routers
Trend Micro has picked up on a new exploit dubbed 'Novidade,' which targets small business and home routers and changes their DNS settings to redirect the traffic as part of an attack.
Supermicro: Report Clears Company of Hacking Allegations
Following a Bloomberg report that found hackers implanted specialized chips in its motherboards, Supermicro claims an audit has cleared the company of wrongdoing.
Battling Bots Brings Big-Budget Blow to Businesses
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
Goal is to steal banking credentials by redirecting users to phishing sites.
49% of Cloud Databases Left Unencrypted
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
NetSecOPEN Names Founding Members, Board of Directors
The organization is charged with building open, transparent testing protocols for network security.
Grammarly Takes Bug Bounty Program Public
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
|
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
