Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
10 Women in Security You May Not Know But Should
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
FBI IC3: Tech Support Scam Losses Rose 86% in 2017
Most victims are in the US, but FBI IC3 has logged cases from 85 different countries.
US Election Swing States Score Low Marks in Cybersecurity
C and D grades for Florida, Michigan, New Hampshire, Nevada, and Ohio, SecurityScorecard assessment shows.
Destructive and False Flag Cyberattacks to Escalate
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Grossman, 'RSnake' Launch Website Asset Inventory Startup
Bit Discovery gets $2.7 million in seed-round funding; Alex Stamos, Jeff Moss among the investors.
Bad Bots Increasingly Hide Out in Cloud Data Centers
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Facebook Adds Machine Learning to Fraud Fight
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
City of Atlanta Hit with Ransomware Attack
FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant.
New Survey Illustrates Real-World Difficulties in Cloud Security
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Is Application Security Dead?
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
Hunting Cybercriminals with AWS Honey Tokens
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
5 Ways to Get Ready for Public Cloud Deployment
Syncing security and product development early is now a "must do."
7 Ways to Protect Against Cryptomining Attacks
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Supply Chain Cyberattacks Surged 200% in 2017
Symantec's annual Internet Security Threat Report also shows that zero-day exploits fizzled and cryptocurrency mining exploded.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
DHS Chief: Election Security Now Top Priority Among Critical Systems
Homeland Security Secretary Kirstjen Nielsen told Congress today that her department is working to assist states with their election systems' security.
How Serverless Computing Reshapes Security
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Online Sandboxing: A Stash for Exfiltrated Data?
SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.
Azure Guest Agent Design Enables Plaintext Password Theft
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Stamos will remain in his position through August, according to a report in The New York Times.
The Case for Integrating Physical Security & Cybersecurity
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
AMD Processor Flaws Real, But Limited
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Cybercriminals Launder Up to $200B in Profit Per Year
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
Who Does What in Cybersecurity at the C-Level
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
Google Rolls Out New Security Features for Chrome Enterprise
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
The Containerization of Artificial Intelligence
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Critical Start to Buy Advanced Threat Analytics
Firms previously had teamed up in SOC services.
Palo Alto Buys Evident.io to Secure the Cloud
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
What CISOs Should Know About Quantum Computing
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Disappearing Act: Dark Reading Caption Contest Winners
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is …
CyberArk Buys Vaultive for Privileged Account Security Technology
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
7 University-Connected Cyber Ranges to Know Now
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
6 Questions to Ask Your Cloud Provider Right Now
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Millions of Office 365 Accounts Hit with Password Stealers
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
How & Why the Cybersecurity Landscape Is Changing
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
What Enterprises Can Learn from Medical Device Security
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Journey to the Cloud: Overcoming Security Risks
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
