Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Palo Alto Networks Does Not Fully Address Vulnerability in GlobalProtect SSL VPN Solution
If Palo Alto Networks wants to keep the trust of its customers in the future, it will have to do much better in how it relates to them.
Malware-based Attacks Dropped 20% Worldwide
Meanwhile, criminals waged more encrypted, ransomware, and IoT attacks.
New IPS Architecture Uses Network Flow Data for Analysis
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'
Penetration Test Data Shows Risk to Domain Admin Credentials
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Business Email Compromise: Thinking Beyond Wire Transfers
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
Reward for vulnerability research climbed 83% in the past year.
Russia Attempted to De-Anonymize Tor Browser: Report
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
CISA Warns Public About the Risks of 5G
Vulnerabilities include everything from physical risks through the supply chain to business risks.
The War for Cyber Talent Will Be Won by Retention not Recruitment
Six steps for creating a work environment that challenges, stimulates, rewards, and constantly engages employees fighting the good fight against cybercriminals.
Skylight Says Cylance Can Be Bypassed; Cylance Says, 'Not So Fast, There!'
Skylight's findings certainly gained attention, but at what cost to the company's credibility?
Equifax to Pay Up to $700M for Data Breach Damages
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
How Cybercriminals Break into the Microsoft Cloud
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Firmware Vulnerabilities Show Supply Chain Risks
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
Ex-NSA Contractor Gets 9 Years for Retaining Defense Data
Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.
6 Actions That Made GDPR Real in 2019
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
CISO Pressures: Why the Role Stinks and How to Fix It
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
Bluetooth Devices Leaking Tracking Data
Researchers from Boston University found that the current version of Bluetooth Low Energy, as implemented by Apple iOS and Windows 10, leaked identifiers that allowed tracking of the device that was using BLE.
Malware in PyPI Code Shows Supply Chain Risks
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
Europol Head Fears 5G Will Give Criminals an Edge
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
Mirai Groups Target Business IoT Devices
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
Security Lessons From a New Programming Language
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
BitPaymer Ransomware Operators Wage Custom, Targeted Attacks
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
Open Source Hacking Tool Grows Up
Koadic toolkit gets upgrades — and a little love from nation-state hackers.
RDP Bug Takes New Approach to Host Compromise
Researchers show how simply connecting to a rogue machine can silently compromise the host.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Bulgarian Tax Breach Nets All the Records
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
79% of US Consumers Fear Webcams Are Watching
Widespread privacy concerns have caused 60% of people to cover their laptop webcams — some in creative ways — survey data shows.
Calculating the Value of Security
What will it take to align staff and budget to protect the organization?
MITRE ATT&CK Framework Not Just for the Big Guys
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
800K Systems Still Vulnerable to BlueKeep
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
Sprint Reveals Account Breach via Samsung Website
The last-June breach exposed data including names, phone numbers, and account numbers.
A Password Management Report Card
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Malvertising Adds Sophistication to Disruption
French security researcher Malekal delved into a murky world.
Data Loss, Leakage Top Cloud Security Concerns
Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.
For Real Security, Don't Let Failure Be Your Measure of Success
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
The 10 Essentials of Infosec Forensics
Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
Lenovo NAS Firmware Flaw Exposes Stored Data
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
Security Snapshot: OS, Authentication, Browser & Cloud Trends
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
FBI Publishes GandCrab Decryption Keys
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.
How Attackers Infiltrate the Supply Chain & What to Do About It
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
New BitPaymer Ransomware Discovered Hunting Big Game
New variant shares most of its code with the BitPaymer ransomware operated by INDRIK SPIDER.
US Mayors Commit to Just Saying No to Ransomware
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
Symantec Builds Out Cloud Portfolio to Enforce 'Zero Trust'
New additions to its Integrated Cyber Defense Platform aim to give businesses greater control over access to cloud resources and applications.
Data Protection in the Cloud Is Still a Big Issue in the EU
Building trust is key to the success of the European cloud market.
Is 2019 the Year of the CISO?
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Flaws in Telegram & WhatsApp on Android Put Data at Risk
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
|
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
