Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
'Hidden Property Abusing' Allows Attacks on Node.js Applications
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Mimecast Buys MessageControl
The email security provider brings into its fold social engineering and human identity capabilities.
Ill-Defined Career Paths Hamper Growth for IT Security Pros
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
Security Flaws Discovered in OKCupid Dating Service
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
Autonomous IT: Less Reacting, More Securing
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Cybersecurity Lessons from the Pandemic
How does cybersecurity support business and society? The pandemic shows us.
Microsoft 365 Updated with New Security, Risk, Compliance Tools
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
Fortinet Buys Cloud Security Firm OPAQ
The company plans to add zero-trust networking capabilities to its Secure Access Service Edge architecture.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
EU Court Ruling Means New Global Protections for EU Customer Data
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
New Attack Technique Uses Misconfigured Docker API
A new technique builds and deploys an attack on the victim's own system
DevSecOps Requires a Different Approach to Security
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Zero-Trust Efforts Rise with the Tide of Remote Working
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
When WAFs Go Wrong
Web application firewalls are increasingly disappointing enterprises today. Here's why.
Introducing 'Secure Access Service Edge'
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
Anatomy of a Long-Con Phish
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Making Sense of EARN IT & LAED Bills' Implications for Crypto
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
22,900 MongoDB Databases Affected in Ransomware Attack
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Businesses Invest in Cloud Security Tools Despite Concerns
A majority of organizations say the acceleration was driven by a need to support more remote employees.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
