News & Commentary

Companies with a solid track record of cybersecurity share these practices and characteristics.

'Torii' Breaks New Ground For IoT Malware

News | 9/28/2018 |

Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.

FBI IC3 Warns of RDP Vulnerability

Quick Hits | 9/28/2018 |

Government agencies remind users that RDP can be used for malicious purposes by criminal actors.

Facebook Hacked, 50 Million Users Affected

News | 9/28/2018 |

A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.

How Data Security Improves When You Engage Employees in the Process

Commentary | 9/28/2018 |

When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.

7 Most Prevalent Phishing Subject Lines

Slideshows | 9/28/2018 |

3 comments

The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.

Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild

News | 9/27/2018 |

The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.

Ransomware Attack Hits Port of San Diego

Quick Hits | 9/27/2018 |

The attack began Monday and continues to have an impact on services at the port.

How to Keep Up Security in a Bug-Infested World

Commentary | 9/27/2018 |

Good digital hygiene will lower your risk, and these six tips can help.

Twitter Bug May Have Exposed Millions of DMs

Quick Hits | 9/27/2018 |

The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.

Security Flaw Found in Apple Mobile Device Enrollment Program

News | 9/27/2018 |

Authentication weakness in Apple's DEP could open a window of opportunity for attackers.

Alphabet's Chronicle Releases VirusTotal Enterprise

News | 9/27/2018 |

Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.

Managing Data the Way We Manage Money

Commentary | 9/27/2018 |

In the data-driven enterprise, myriad types of data have become a new form and flow of currency. Why, then, hasn't the CISO achieved parity with the CFO?

Google to Let Users Disable Automatic Login to Chrome

News | 9/27/2018 |

The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.

Critical Linux Kernel Flaw Gives Root Access to Attackers

News | 9/26/2018 |

All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.

Inside Microsoft Azure Sphere

News | 9/26/2018 |

Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.

Uber Agrees to Pay $148 Million in Nationwide Settlement

Quick Hits | 9/26/2018 |

Ride-sharing company settles legal cases with 50 states and the District of Columbia for its handling of 2016 data breach.

VPNFilter Evolving to Be a More Dangerous Threat

Quick Hits | 9/26/2018 |

VPNFilter malware is adding capabilities to become a more fully-featured tool for threat actors.

SEC Slams Firm with $1M Fine for Weak Security Policies

Quick Hits | 9/26/2018 |

7 comments

This is the first SEC enforcement cracking down on violation of the Identity Theft Red Flags Rule, intended to protect confidential data.

A 'Cyber Resilience' Report Card for the Public Sector

Commentary | 9/26/2018 |

Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.

Owning Security in the Industrial Internet of Things

Commentary | 9/26/2018 |

Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.

Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn't

Slideshows | 9/26/2018 |

Courts are getting tougher on the cybercrooks than some might realize.

USB Drives Remain Critical Cyberthreat

News | 9/26/2018 |

8 comments

USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware.

Ex-NSA Developer Gets 5 1/2-Year Prison Sentence

News | 9/25/2018 |

Nghia Hoang Pho, who illegally took home classified NSA information, also sentenced to three years of supervised release after prison term.

The Cyber Kill Chain Gets a Makeover

News | 9/25/2018 |

A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.

Cryptomining Malware Continues Rapid Growth: Report

Quick Hits | 9/25/2018 |

Cryptomining malware is the fastest-growing category of malicious software, according to a new report.

The Cloud Security Conundrum: Assets vs. Infrastructure

Commentary | 9/25/2018 |

The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?

Payment Security Compliance Takes a Turn for the Worse

Quick Hits | 9/25/2018 |

This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.

The Human Factor in Social Media Risk

Commentary | 9/25/2018 |

Your employees need help recognizing the warning signs and understanding how to protect themselves online.

Fault-Tolerant Method Used for Security Purposes in New Framework

News | 9/24/2018 |

A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.

In Quiet Change, Google Now Automatically Logging Users Into Chrome

News | 9/24/2018 |

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

Microsoft Deletes Passwords for Azure Active Directory Applications

News | 9/24/2018 |

At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.

6 Dark Web Pricing Trends

Slideshows | 9/24/2018 |

For cybercriminals, the Dark Web grows more profitable every day.

'Scan4you' Operator Gets 14-Year Sentence

Quick Hits | 9/24/2018 |

The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.

Hacking Back: Simply a Bad Idea

Commentary | 9/24/2018 |

While the concept may sound appealing, it's rife with drawbacks and dangers.

The 'Opsec Fail' That Helped Unmask a North Korean State Hacker

News | 9/21/2018 |

How Park Jin Hyok – charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks – inadvertently blew his cover via email accounts.

Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware

Quick Hits | 9/21/2018 |

Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.

6 Security Training Hacks to Increase Cyber IQ Org-Wide

Slideshows | 9/21/2018 |

Move beyond generic, annual security awareness training with these important tips.

US Approves Cyber Weapons Against Foreign Enemies

Quick Hits | 9/21/2018 |

The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.

Data Manipulation: How Security Pros Can Respond to an Emerging Threat

Commentary | 9/21/2018 |

Industry leaders are scrambling to address the issue, which will take new thinking to overcome.

Executive Branch Makes Significant Progress As DMARC Deadline Nears

News | 9/21/2018 |

The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.

Think Like An Attacker: How a Red Team Operates

News | 9/20/2018 |

Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.

Retail Sector Second-Worst Performer on Application Security

News | 9/20/2018 |

A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.

Account Takeover Attacks Become a Phishing Fave

Quick Hits | 9/20/2018 |

More than three-quarters of ATOs resulted in a phishing email, a new report shows.

3 Drivers Behind the Increasing Frequency of DDoS Attacks

Commentary | 9/20/2018 |

What's causing the uptick? Motivation, opportunity, and new capabilities.

Japanese Cryptocurrency Exchange Hit with $60M Theft

Quick Hits | 9/20/2018 |

The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Commentary | 9/20/2018 |

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO

News | 9/19/2018 |

5 comments

Suit underscores longtime battle between vendors and labs over control of security testing protocols.

Cryptojackers Grow Dramatically on Enterprise Networks

News | 9/19/2018 |

A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.

As Tech Drives the Business, So Do CISOs

News | 9/19/2018 |