Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Ransomware, Social Scams Lead 2013 SMB Security Fears
Expect the bad guys to spend more time pursuing small and midsize business (SMB) targets on mobile, cloud, and social platforms, Symantec says.
Microsoft Security Essentials Loses AV Certification
Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.
Syria Hits Internet Kill Switch; Blackout Continues
For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.
iPhone, iPad Email Attack Could Compromise Routers
Legitimate-looking email messages opened on iPhone, iPad or OS X systems can be used by hackers to gain control of routers, reports security researcher.
Should LulzSec Suspect Face Life In Prison?
Computer hacking, identity theft, and fraudulent credit card charges could add up to 30 years to life for alleged Stratfor hacker Jeremy Hammond.
US-CERT: Samsung Printer Firmware Contains Backdoor
Samsung printers contain a hard-coded account that could allow a remote attacker to take control
Financial Malware Detects Remote Desktop Environments To Evade Researchers
'Shylock' malware joins the list of malicious programs enhancing their defenses to avoid analysis by researchers
Samsung Printers Have Hidden Security Risk
Some Samsung printers, and Dell-branded printers manufactured by Samsung, can be remotely accessed by attackers. Here's how.
White House Issues Insider Threat Policy
Policy sets minimum standards to deter, detect and respond to insider threats in federal government.
Thanksgiving SCADA Bug Hunt
Researcher scares up more than 20 SCADA vulnerabilities -- one in just seven minutes -- on Thanksgiving Day
Accused LulzSec Hacker Could Face Life Imprisonment
Judge calls alleged Stratfor data breach mastermind 'flight risk,' denies bail; defense attorney suggests FBI entrapment.
Malware Corrupts Iranian Financial Databases
Iran downplays threat of Narilam financial malware, saying it dates from 2009 to 2010, and doesn't bear comparisons to Stuxnet, Duqu or Flame.
A More Courteous Kidnapper? Ransomware Changes Tactics
With an eye to the short term, cybercriminals turn to ransomware, forcing users to pay up or face long clean-up times -- but forgo the full encryption of data that made past attacks so vicious
Anonymous Steps Into Gaza Crisis
Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.
Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities
Meanwhile, businesses more worried about productivity than security threats
Facebook Gift Scams: How They Work
Beware complex scams that promote Costco, Starbucks vouchers, while making it tough for authorities to track down perpetrators.
RSA Upgrades Malware Defenses For Bank Transactions
Latest adaptive authentication technology adds new Trojan and man-in-the-middle defenses, plus risk assessment for ATM machine transactions.
Four Ways To Turn Insiders Into Assets
Stop thinking about employees as threats and train them to make your company harder to attack
Facebook Adopts Secure Web Pages By Default
Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail.
Tech Insight: Better Defense Through Open-Source Intelligence
Corporate defenders can use the same publicly available information sources that attackers do, but to better secure their data
Windows 8 Compatibility Plagues Antivirus Tools
Don't try installing free tools from popular antivirus developer Avira on Windows 8 systems yet.
All Security Technologies Are Not Data Loss Prevention
While security technologies may share the common goal of protecting an organization's sensitive data, not all can -- or should -- be called data loss prevention
Stolen NASA Laptop Had Unencrypted Employee Data
Data breach drives NASA to now require that at minimum, all sensitive files stored on laptops be encrypted.
Most Organizations Unprepared For DDoS Attacks, Study Says
Nearly two-thirds of companies have experienced at least three denial-of-service attacks in the past year, Ponemon study reports
Obama Secret Order Authorizes Cybersecurity Strikebacks
Secret policy details how military units may be used to launch offensive cyber operations in the wake of online attacks against the United States.
Petraeus Mission Impossible: Cloaking Email, Online Identities
So-called security experts making basic information security errors isn't a new occurrence. Arguably, it even led to the rise of the Anonymous hacktivist collective.
Skype Deals With Account Hijacking Exploit
Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.
The Petraeus Affair: Surveillance State Stopper?
Lawmakers, now reminded of their own vulnerability, need to strengthen email privacy protections. Companies need to do more to help customers protect content.
Petraeus Fallout: 5 Gmail Security Facts
Where did the former CIA director and the woman with whom he was having an affair go wrong? Learn from his experience with Gmail.
McAfee Founder Says Belize Framing Him For Murder
Millionaire John McAfee, who founded the eponymous antivirus vendor -- since bought by Intel -- says he's being framed by Belizean authorities in a murder case and is now on the run.
Cyber Weapon Friendly Fire: Chevron Stuxnet Fallout
Malware's jump from Iranian uranium enrichment facility to energy giant highlights the downside to custom-made espionage malware -- its capability to infect friends as well as foes.
Espionage Malware Network Targets Israel, Palestine
Botnet operators have been infecting multiple targets for more than a year using phishing attacks and Xtreme RAT, reports security firm.
Finding Rootkits By Monitoring For 'Black Sheep'
Looking for kernel changes among flocks of computers can help organizations detect rootkits, according to team of researchers
Google Blocked In China
Google gets gagged as China goes through a leadership change.
Windows 8, RT Get First Security Fixes
Microsoft's first set of Windows 8 and Windows RT patches for critical vulnerabilities hits next week.
Twitter Password Security: 5 Things To Know
Twitter's response to compromised accounts teaches us lessons in social (networking) security.
Companies Need Defenses Against Mobile Malware
While infection rates -- at least in the U.S. -- remain low, cybercriminals are writing more malware for Android, Symbian, and other platforms. At some point, they'll find the right recipe for profit
Sophos AV Teardown Reveals Critical Vulnerabilities
Antivirus vendor says it's patched all software flaws disclosed by researcher, some of which could be used to remotely control Windows, Mac, or Linux system.
Malware Tools Get Smarter To Nab Financial Data
New versions of the Gh0st RAT Trojan -- believed to be used by China -- and the Citadel cybercrime kit both advance the malicious state of the art.
Spooky Link Found Between Gh0st RAT, DDoS Botnet
FireEye researchers detail findings of a combination cyberespionage-DDoS Trojan infection
SCADA Security In A Post-Stuxnet World
More SCADA bugs, exploits in the wake of Stuxnet, but gradually improving security in some products, new data shows
More VMware Source Code Leaks To Internet
Does the second release -- in less than a year -- of stolen VMware ESX source code put users at risk?
Hackers Hit Symantec, ImageShack, But Not PayPal
Despite threats, Anonymous did not take down Facebook or Zynga on Monday. But other hackers detailed their own exploits, releasing employee credentials and source code.
Preventing Infrastructure From Becoming An Insider Attack
Vulnerable technology supply chains have become a concern of security professionals and politicians alike, but a few steps could help minimize the possibility of attacks
Ex-NSA Official Heads New Global Consortium Issuing Attack-Driven Security Controls
'Volunteer army' issues Top 20 Critical Security Controls that public- and private-sector organizations should use for locking down their environments from the latest attacks
Tech Insight: Five Steps To Implementing Security Intelligence
Building an initiative to collect and analyze threat and risk information takes some planning. Here's a look at the key steps toward making it happen
Apache Server Setting Mistakes Can Aid Hackers
Numerous large companies that use free Apache server software leave internal status pages visible, which can help hackers exploit networks.
9 Facts: Play Offense Against Security Breaches
Striking back by hacking hackers is a legal and corporate no-no. But IT and security managers can shore up defenses and trick attackers into revealing their identities.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
