Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Natural Language Processing Fights Social Engineers
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 – So Far
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
Mobile Malware Group Hits Google Play a Third Time
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Botnets Evolving to Mobile Devices
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
There's No Automating Your Way Out of Security Hiring Woes
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
65% of Resold Memory Cards Still Pack Personal Data
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Equifax Agrees to Implement New Security Measures
Equifax and eight states have signed an agreement that will have the company implement new security rules, following one of the largest data breaches in history. The news comes as a Florida firm may have exposed the records of millions to the open Internet.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Marketing data firm left its massive database open to the Internet.
Ticketmaster UK Warns Thousands of Data Breach
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
Redefining Security with Blockchain
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
CenturyLink Enhances Log Management for Hybrid Networks
CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.
10 Tips for More Secure Mobile Devices
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
How to recruit, retrain, and retain with creativity and discipline.
Cynicism in Cybersecurity: Confessions of a Recovering Cynic
Anyone constantly dealing with complex computer systems teetering on the brink of disaster will likely succumb to the cult of cynicism. These four strategies will help you focus on the positive.
Massive Bot Armies Target the Hospitality Industry
Research from Akamai finds that the entire hospitality industry is under assault from armies of bots that are conducting DDOS attacks and attempting to steal data from websites.
Hundreds of Hotels Hit in FastBooking Breach
The hotel-booking software provider reports an actor stole personal and payment card data of guests from hundreds of properties.
IEEE Calls for Strong Encryption
Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
After 20 years, the Wi-Fi Alliance has released a new WiFi standard – WPA3 – which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Insider Dangers Are Hiding in Collaboration Tools
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
US Announces Arrests in Ghanian Fraud Schemes
Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.
Fairhair Alliance Building IoT Security Architecture
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Secure by Default Is Not What You Think
The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Cloud-Based Identity Management Systems: What to Look For
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
WPA3 Brings New Authentication and Encryption to Wi-Fi
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
Intel Names Window Snyder as Chief Software Security Officer
The microprocessor giant hires security veteran credited with leading both Microsoft's and Apple's security advancements.
Midsized Organizations More Secure Than Large Ones
New report offers data and analysis as to why midsized organizations hit a cybersecurity sweet spot in terms of security efficacy.
iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
Phishing Attacks Are Increasing & Gaining in Sophistication
Reports from Palo Alto Networks and Barracuda Networks show that different types of phishing attacks are increasing, and becoming more sophisticated and deceptive.
Secure Code: You Are the Solution to Open Source’s Biggest Problem
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Adware & Cryptomining Remain Top Enterprise Security Threats
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
8 Security Tips for a Hassle-Free Summer Vacation
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
'Pay Up or Get WannaCry Hit' Extortion Email Spreading
Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.
|
Incorporating a Prevention Mindset into Threat Detection and ResponseThreat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time.
The report covers areas enterprises should focus on:
What positive response looks like.
Improving security hygiene.
Combining preventive actions with red team efforts.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
