Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
China Shuts Down 13,000 Websites for Breaking Internet Laws
The government says its rules are to protect security and stability, but some say they are repressive.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Rapid Growth in Security Market Raises Question: How to Pick a Startup
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
CISOs Play Rising Role In Business
CISO hiring trends show more external hires, longer tenures, and an increase in MBAs as tech pros are required to understand the business.
Businesses Go on Pre-Holiday Cloud Acquisition Spree
VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.
US Census Bureau: Data Exposed in Alteryx Leak Already Public
The US Census Bureau says no personally identifiable information it collected was compromised in this week's Alteryx leak.
Why Network Visibility Is Critical to Removing Security Blind Spots
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Be a More Effective CISO by Aligning Security to the Business
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
Telegram RAT Escapes Detection via Cloud Apps
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
Top 8 Cybersecurity Skills IT Pros Need in 2018
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Google Sheds Light on Data Encryption Practices
Google explains the details of how it secures information in the cloud and encrypts data in transit.
8 Steps for Building an IT Security Career Path Program
A cybersecurity career-path program can help with talent retention and recruitment.
Microsoft Azure AD Connect Flaw Elevates Employee Privilege
An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
Oracle Product Rollout Underscores Need for Trust in the Cloud
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
Android Ransomware Kits on the Rise in the Dark Web
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
NIST Releases New Cybersecurity Framework Draft
Updated version includes changes to some existing guidelines - and adds some new ones.
Most Retailers Haven't Fully Tested Their Breach Response Plans
More than 20% lack a breach response plan altogether, a new survey shows.
Study: Simulated Attacks Uncover Real-World Problems in IT Security
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Android Developer Tools Contain Vulnerabilities
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
Tips for Writing Better Infosec Job Descriptions
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
'The world as we know it will vanish,' according to Jerry Archer.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
