Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Iranian Hackers Ensnared Targets via Phony Female Photographer
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
DevOps Security & the Culture of 'Yes'
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
Inside the Investigation and Trial of Roman Seleznev
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Dark Reading News Desk Live at Black Hat USA 2017
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
10 Critical Steps to Create a Culture of Cybersecurity
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Majority of Consumers Believe IoT Needs Security Built In
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
How 'Postcript' Exploits Networked Printers
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
Lessons from Verizon: Managing Cloud Security for Partners
The recent Verizon breach — data exposed by an insecure Amazon S3 bucket — highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
Weather.com, Fusion Expose Data Via Google Groups Config Error
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
Using DevOps to Move Faster than Attackers
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
98% of Companies Favor Integrating Security with DevOps
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
Most Office 365 Admins Rely on Recycle Bin for Data Backup
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
4 Steps to Securing Citizen-Developed Apps
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Dow Jones Data Leak Results from an AWS Configuration Error
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
Apple iOS Malware Growth Outpaces that of Android
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
New IBM Mainframe Encrypts All the Things
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
FBI Issues Warning on IoT Toy Security
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
AWS S3 Breaches: What to Do & Why
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
Cloud AV Can Serve as an Avenue for Exfiltration
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
Study: Backdoors Found on 73% of Compromised Websites
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
US Voters Consider Russia the Largest Security Risk to Elections
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
How Security Pros Can Help Protect Patients from Medical Data Theft
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Cisco Plans to Buy Observable Networks for Cloud Security
Cisco announces plans to acquire Observable Networks as part of a plan to bring its Stealthwatch solution into the cloud.
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
Dealing with Due Diligence
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
Web App Vulnerabilities Decline 25% in 12 Months
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
Securing your Cloud Stack from Ransomware
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats.
HyTrust Raises $36M, Buys DataGravity for Policy Enforcement
Cloud security firm HyTrust closed $36 million in Series E funding and purchased DataGravity to automate policy enforcement for workload data.
The High Costs of GDPR Compliance
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Symantec Snaps Up Skycure in Mobile Security Move
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
IoT Devices Plagued by Lesser-Known Security Hole
Internet of Things devices are security-challenged enough, but they're also being massively exposed on the public Internet – this time via MQTT communications, a researcher will show at Black Hat USA.
Cybercriminal with Ties to Exclusive Russian Hacking Forums Sentenced to Prison
L.A. resident is sentenced to 110 months in prison for stealing and trafficking sensitive information on exclusive Russian-speaking cybercriminal forums.
Two Members of Massive Call Center Scam Operation Plead Guilty
Some 54 members facing charges for targeting US victims.
IRS to Launch Educational Phishing Series
The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
The SOC Is Dead…Long Live the SOC
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Symantec to Buy 'Browser Isolation' Firm Fireglass
Fireglass's emerging Web security technology will become modular component in Symantec's Integrated Cyber Defense Platform.
The Problem with Data
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
