Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The State of Application Penetration Testing
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Grey’s Anatomy, hacking themes now run deep in today’s TV shows.
FTC Settles with Venmo on Security Allegations
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
Why Cryptocurrencies Are Dangerous for Enterprises
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
OMG: Mirai Botnet Finds New Life, Again
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
Virtual Private Networks: Why Their Days Are Numbered
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
GDPR: The New Price We Pay for Data Privacy
When the EU's GDPR regulations come into effect in May, the rules around how companies and individuals regard data privacy will change forever. Even for those outside Europe, this could be an expensive journey to take.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
Memcached Servers Being Exploited in Huge DDoS Attacks
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
NSA's Rogers: No White House Request for Action Against Russian Hacking
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
4 Steps to Make Your Website GDPR Compliant
Three months remain to whip your website into shape before the May 25 GDPR compliance deadline. Here are several steps to help you get there.
Splunk to Acquire Phantom
$350 million deal scheduled to close Q1 2018.
Misleading Cyber Foes with Deception Technology
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Attackers Sell Growing Number of Legitimate SSL Certificates
Network security applications performing deep packet inspections are increasingly getting duped by these rogue legitimate certificates, according to a new report.
Threats from Mobile Ransomware & Banking Malware Are Growing
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Adobe Flash Vulnerability Reappears in Malicious Word Files
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
GDPR: Your Enterprise Security Checklist
With GDPR looming, Security Now wants to help security pros create their checklist to meet the new data privacy rules.
6 Cybersecurity Trends to Watch
Expect more as the year goes on: more breaches, more IoT attacks, more fines…
US Government Leads World in Data Breaches
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
GDPR Non-Compliance: Will Your Enterprise Get Busted?
GDPR enforcement begins May 25 and regulators are likely to focus on particular industries and types of companies, according to attorneys and analysts.
93% of Cloud Applications Aren't Enterprise-Ready
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Visa: EMV Cards Drove 70% Decline in Fraud
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Leveraging Security to Enable Your Business
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Enabling Better Risk Mitigation with Threat Intelligence
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
EU's NIS Directive Compounding GDPR Burdens & Confusion
With the eyes of the tech world focused on the day GDPR goes into effect, many have been missing the compounding factor of separate EU member-state InfoSec rules that will coincide with GDPR. Here's a look at the NIS Directive.
Best Practices for Recruiting & Retaining Women in Security
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
IRS Warns of Spike in W-2 Phishing Emails
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Cisco: 'Ransomware' Seeks Destruction, Not Ransom
The Cisco 2018 Annual Cybersecurity report rounds up the state of the threat landscape, including the changing nature of ransomware.
Anatomy of an Attack on the Industrial IoT
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan
Cybercriminals' targeted attacks may also include extortion fees to keep their breaches quiet and out of the view of GDPR enforcers, researchers find.
Security Liability in an 'Assume Breach' World
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Intel Offering New Microcode to Fix Spectre & Meltdown
Intel is releasing new microcode to OEMs to fix the Spectre and Meltdown flaws found in the company's 6th, 7th and 8th Generation processors.
Global Cybercrime Costs Top $600 Billion
More than 50% of attacks result in damages of over $500K, two reports show.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
