Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
The Coolest Hacks of 2018
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
IoT Bug Grants Access to Home Video Surveillance
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
Attackers Use Google Cloud to Target US, UK Banks
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap
By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.
7 Business Metrics Security Pros Need to Know
These days, security has to speak the language of business. These KPIs will get you started.
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
Amazon Slip-Up Shows How Much Alexa Really Knows
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
3 Reasons to Train Security Pros to Code
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
How to Optimize Security Spending While Reducing Risk
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
2018 In the Rearview Mirror
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware — and a new world's record for data breaches.
Automating a DevOps-Friendly Security Policy
There can be a clash of missions between security and IT Ops teams, but automation can help.
How to Remotely Brick a Server
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
Privacy Futures: Fed-up Consumers Take Their Data Back
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
DOJ Announces Indictment in Nigerian Banking Scam
International investment scam laundered funds through US bank accounts before being sent to Nigeria.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
When Cryptocurrency Falls, What Happens to Cryptominers?
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Trend Micro Finds Major Flaws in HolaVPN
A popular free VPN is found to have a very high cost for users.
Twitter Hack May Have State-Sponsored Ties
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
How to Engage Your Cyber Enemies
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
Cyber Readiness Institute Launches New Program for SMBs
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Facebook: Photo API Bug Exposed 6.8M User Photos
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didn’t post.
Shhhhh! The Secret to Secrets Management
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Email Bomb Threats Follow Sextortion Playbook
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Retailers: Avoid the Hackable Holidaze
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
2019 Attacker Playbook
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Universities Get Schooled by Hackers
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Cybercrime Is World's Biggest Criminal Growth Industry
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
The Economics Fueling IoT (In)security
Attackers understand the profits that lie in the current lack of security. That must change.
Worst Password Blunders of 2018 Hit Organizations East and West
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Deception: Honey vs. Real Environments
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Mac Malware Cracks WatchGuard’s Top 10 List
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Forget Shifting Security Left; It's Time to Race Left
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Battling Bots Brings Big-Budget Blow to Businesses
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
Grammarly Takes Bug Bounty Program Public
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
|
How Cybersecurity Incident Response Programs Work (and Why Some Don't)This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Tweet This
15 Comments
