Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Holiday Hacks: 6 Cyberthreats to Watch Right Now
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Massive Starwood Hotels Breach Hits 500 Million Guests
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Establishing True Trust in a Zero-Trust World
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Dunkin' Donuts Serves Up Data Breach Alert
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Beware the Malware-Laden Brexit News
New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload.
The Return of Email Flooding
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
New Report Details Rise, Spread of Email-based Attacks
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Incorrect Assessments of Data Value Putting Organizations at Risk
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Federal Indictments in SamSam Ransomware Campaign
Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Middle East, North Africa Cybercrime Ups Its Game
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Data Breach Threats Bigger Than Ever
A quarter of IT and security leaders expect a major data breach in the next year.
Atrium Health Breach Exposes 2.65 Million Patient Records
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
Who's the Weakest Link in Your Supply Chain?
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Buckle Up: A Closer Look at Airline Security Breaches
Cyberattacks on airports and airlines are often unrelated to passenger safety – but that's no reason to dismiss them, experts say.
USPS Web Vuln Exposes Data of 60 Million
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
Transforming into a CISO Security Leader
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
7 Real-Life Dangers That Threaten Cybersecurity
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Paper Trail Absence May Still Plague 2020 Election
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
To Stockpile or Not to Stockpile Zero-Days?
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Cybersecurity at the Core
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
A solid response and reputation management program will go a long way in surviving a major breach.
6,500 Dark Web Sites Offline After Hosting Service Attacked
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
8 Security Buzzwords That Are Too Good to Be True
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Leaderboard Shows Adoption of DMARC Email Security Protocol
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Divide Remains Between Cybersecurity Awareness and Skill
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
It's the most wonderful time of the year – and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
Instagram Privacy Tool Exposed Passwords
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
26M Texts Exposed in Poorly Secured Vovox Database
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
95% of Organizations Have Cultural Issues Around Cybersecurity
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
AI Poised to Drive New Wave of Exploits
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
Cyber Crooks Diversify Business with Multi-Intent Malware
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Cloud, China, Generic Malware Top Security Concerns for 2019
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
In addition, most have "unacceptable" privacy policies and "non-existent user support."
From Reactive to Proactive: Security as the Bedrock of the SDLC
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
At the same time, criminal organizations continue to look for new ways to attack their victims.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data – and are fearful of a near-term breach of critical infrastructure.
Airlines Have a Big Problem with Bad Bots
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
Understanding Evil Twin AP Attacks and How to Prevent Them
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
To Click or Not to Click: The Answer Is Easy
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
