News & Commentary
Content posted in June 2018
|
Natural Language Processing Fights Social Engineers
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 – So Far
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
Botnets Evolving to Mobile Devices
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
There's No Automating Your Way Out of Security Hiring Woes
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
65% of Resold Memory Cards Still Pack Personal Data
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Marketing data firm left its massive database open to the Internet.
Ticketmaster UK Warns Thousands of Data Breach
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
Redefining Security with Blockchain
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
10 Tips for More Secure Mobile Devices
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
How to recruit, retrain, and retain with creativity and discipline.
Cynicism in Cybersecurity: Confessions of a Recovering Cynic
Anyone constantly dealing with complex computer systems teetering on the brink of disaster will likely succumb to the cult of cynicism. These four strategies will help you focus on the positive.
Hundreds of Hotels Hit in FastBooking Breach
The hotel-booking software provider reports an actor stole personal and payment card data of guests from hundreds of properties.
IEEE Calls for Strong Encryption
Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Insider Dangers Are Hiding in Collaboration Tools
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
US Announces Arrests in Ghanian Fraud Schemes
Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.
Fairhair Alliance Building IoT Security Architecture
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Secure by Default Is Not What You Think
The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
WPA3 Brings New Authentication and Encryption to Wi-Fi
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
Intel Names Window Snyder as Chief Software Security Officer
The microprocessor giant hires security veteran credited with leading both Microsoft's and Apple's security advancements.
Midsized Organizations More Secure Than Large Ones
New report offers data and analysis as to why midsized organizations hit a cybersecurity sweet spot in terms of security efficacy.
iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
Secure Code: You Are the Solution to Open Source’s Biggest Problem
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
8 Security Tips for a Hassle-Free Summer Vacation
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
'Pay Up or Get WannaCry Hit' Extortion Email Spreading
Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.
White House Email Security Faux Pas?
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Destructive Nation-State Cyberattacks Will Rise
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
Artificial Intelligence & the Security Market
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Privacy and security can experience tension at a number of points in the enterprise. Here are seven — plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-12173
PUBLISHED: 2019-05-18
PUBLISHED: 2019-05-17
PUBLISHED: 2019-05-17
PUBLISHED: 2019-05-17
PUBLISHED: 2019-05-17
From DHS/US-CERT's National Vulnerability Database CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-11644PUBLISHED: 2019-05-17
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premi...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This