Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
SQL Injection Errors No Longer the Top Software Security Issue
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
New Free Emulator Challenges Apple's Control of iOS
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system — and gives Apple a new headache.
How to Get Prepared for Privacy Legislation
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
Google Details Its Responses to Cyber Attacks, Disinformation
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
Practical Principles for Security Metrics
A proactive approach to cybersecurity requires the right tools, not more tools.
The Implications of Last Week's Exposure of 1.2B Records
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
'Dexphot': A Sophisticated, Everyday Threat
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
On the Border Warns of Data Breach
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
DDoS: An Underestimated Threat
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
Most Organizations Have Incomplete Vulnerability Information
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
T-Mobile Prepaid Hit by Significant Data Breach
The breach, estimated to have affected more than a million customers, came from malicious external actors.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Researchers notice year-end phishing attacks starting in July and ramping up in September.
Time to Warn Users About Black Friday & Cyber Monday Scams
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Researchers Explore How Mental Health Is Tracked Online
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Target Seeks $74M in Data Breach Reimbursement from Insurance Company
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Government Agency Partners on New Tool for Election Security
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
3 Fundamentals for Better Security and IT Management
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Increases Top Android Hacking Prize to $1M
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Employee Privacy in a Mobile Workplace
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
Former White House CIO Shares Enduring Security Strategies
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Why Multifactor Authentication Is Now a Hacker Target
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
Attacker Mistake Botches Cyborg Ransomware Campaign
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
DDoS Attacks Up Sharply in Third Quarter of 2019
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
TPM-Fail: What It Means & What to Do About It
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
Magecart Hits Macy's: Retailer Discloses Data Breach
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
A Security Strategy That Centers on Humans, Not Bugs
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Disney+ Credentials Land in Dark Web Hours After Service Launch
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
Windows Hello for Business Opens Door to New Attack Vectors
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
GitHub Initiative Seeks to Secure Open Source Code
New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.
Human Nature vs. AI: A False Dichotomy?
How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them.
Facebook Discloses WhatsApp MP4 Video Vulnerability
A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
Illegal Booter Connected with DDoSes Sentenced to Prison, Fine
The Illinois-based man operated a criminal service that launched millions of DDoS attacks and brought in hundreds of thousands of dollars.
Attackers' Costs Increasing as Businesses Focus on Security
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.
DevSecOps: The Answer to the Cloud Security Skills Gap
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
Symantec, McAfee Patch Privilege Escalation Bugs
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
BSIMM10 Shows Industry Vertical Maturity
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
Capture the Flag Planned to Find Missing Persons Information
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
Attacks on Healthcare Jump 60% in 2019 - So Far
Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.
5 Cybersecurity CISO Priorities for the Future
Seven chief information security officers share their pain points and two-year spending plans.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
How Does Your Cyber Resilience Measure Up?
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
|
Practical Network Security Approaches for a Multicloud, Hybrid IT WorldThe report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy:
-increase visibility over the environment
-learning cloud-specific skills
-relying on established security frameworks
-re-architecting the network
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
