Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Driven by Ransomware, Cyber Claims Rise in Number & Value
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Baltimore County Public Schools Closed Due to Ransomware Attack
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
Industrial Computer Maker Confirms Ransomware, Data Theft
Advantech reports the stolen data was confidential but did not contain high-value documents.
Why Vulnerable Code Is Shipped Knowingly
The business priority of speed of development and deployment is overshadowing the need for secure code.
Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
Do You Know Who's Lurking in Your Cloud Environment?
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
Why Security Awareness Training Should Be Backed by Security by Design
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
Latest Version of TrickBot Employs Clever New Obfuscation Trick
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
Baidu Apps Leaked Location Data, Machine Learning Reveals
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
CISA Warns of Holiday Online Shopping Scams
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
Printers' Cybersecurity Threats Too Often Ignored
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Facebook Messenger Flaw Enabled Spying on Android Callees
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Cybercriminals Get Creative With Google Services
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
The Yellow Brick Road to Risk Management
Beginning the journey to risk management can be daunting, but protecting your business is worth every step.
2021 Cybersecurity Spending: How to Maximize Value
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
How to Identify Cobalt Strike on Your Network
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
EFF, Security Experts Condemn Politicization of Election Security
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
Vulnerability Prioritization Tops Security Pros' Challenges
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
Researchers Scan for Supply-Side Threats in Open Source
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
Security Risks Discovered in Tesla Backup Gateway
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
Breakdown of a Break-in: A Manufacturer's Ransomware Response
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
A Call for Change in Physical Security
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
Apple Issues Security Updates
Vulnerabilities found in three most recent versions of macOS.
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
Credential Stuffing Fills E-commerce Pipeline in 2020
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
New 'CostaRicto' Hack-for-Hire Group Targets Global Businesses
The group of APT mercenaries uses bespoke malware and strong operation security to target a range of organizations, located primarily in Southeast Asia.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at this week's virtual event.
DARPA and Academia Jumpstart 5G IoT Security Efforts
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
3 Tips For Successfully Running Tech Outside the IT Department
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
Former Microsoft Software Engineer Sentenced to 9 Years in Prison
The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.
How to Avoid Getting Killed by Ransomware
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Flaws in Privileged Management Apps Expose Machines to Attack
The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.
Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
Microsoft Patches Windows Kernel Flaw Under Active Attack
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.
Overlooked Security Risks of the M&A Rebound
Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.
How Hackers Blend Attack Methods to Bypass MFA
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
