Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Natural Language Processing Fights Social Engineers
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 – So Far
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
65% of Resold Memory Cards Still Pack Personal Data
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Redefining Security with Blockchain
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
How to recruit, retrain, and retain with creativity and discipline.
Insider Dangers Are Hiding in Collaboration Tools
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Secure by Default Is Not What You Think
The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
8 Security Tips for a Hassle-Free Summer Vacation
It's easy to let your guard down when you're away. Hackers know that, too.
Cracking Cortana: The Dangers of Flawed Voice Assistants
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
Artificial Intelligence & the Security Market
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Privacy and security can experience tension at a number of points in the enterprise. Here are seven — plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
The Best and Worst Tasks for Security Automation
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
CrowdStrike Secures $200M Funding Round
The new funding round brings the company's valuation to more than $3 billion.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Modern Cybersecurity Demands a Different Corporate Mindset
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Containerized Apps: An 8-Point Security Checklist
Here are eight measures to take to ensure the security of your containerized application environment.
DDoS Amped Up: DNS, Memcached Attacks Rise
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Microsoft Fixes 11 Critical, 39 Important Vulns
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
Fewer Phishing Attacks Hit More Diverse Targets
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
CrowdStrike Launches $1 Million Security Breach Warranty
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
Dark Reading Launches Second INsecurity Conference
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Web Application Firewalls Adjust to Secure the Cloud
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Google Groups Misconfiguration Exposes Corporate Data
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Cybercrime Is Skyrocketing as the World Goes Digital
If cybercrime were a country, it would have the 13th highest GDP in the world.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
