Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
7 Malware Families Ready to Ruin Your IoT's Day
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
UK Watchdog Criticizes Huawei for Lax Software Security, Development
Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.
Microsoft Takes Down 99 Hacker-Controlled Websites
A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.
Quantum Computing and Code-Breaking
Prepare today for the quantum threats of tomorrow.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
Inside Cyber Battlefields, the Newest Domain of War
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
GAO Finds Deficiencies in Systems for Handling National Debt
IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.
The 'Twitterverse' Is Not the Security Community
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Russia Regularly Spoofs Regional GPS
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
Under Attack: Over Half of SMBs Breached Last Year
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
87% of Cloud Pros Say Lack of Visibility Masks Security
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Ret. Admiral Michael Rogers – who served as head of the NSA and the US Cyber Command from 2014 to 2018 – on how to handle the risk of insiders exposing an organization's sensitive data.
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards—just like the real marketplace.
IT Leaders, Employees Divided on Data Security
Execs and employees have dramatically different ideas of how much information is being lost and why – a gap that puts enterprise data in grave danger.
Two Found Guilty in Online Dating, BEC Scheme
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Security Lessons from My Game Closet
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Businesses Manage 9.7PB of Data but Struggle to Protect It
What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
Hacker AI vs. Enterprise AI: A New Threat
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
The Insider Threat: It's More Common Than You Think
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
Google Photos Bug Let Criminals Query Friends, Location
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
Less Than 3% of Recycled Computing Devices Properly Wiped
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
Microsoft Office Dominates Most Exploited List
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
DDoS Attack Size Drops 85% in Q4 2018
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
The Case of the Missing Data
The latest twist in the Equifax breach has serious implications for organizations.
Norsk Hydro Shuts Plants Amid Ransomware Attack
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
Crowdsourced vs. Traditional Pen Testing
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
Are You Prepared for a Zombie (Domain) Apocalypse?
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
On Norman Castles and the Internet
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Anomaly Detection Techniques: Defining Normal
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
Businesses Increase Investments in AI and Machine Learning
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
New Malware Shows Marketing Polish
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
GPS Spoof Hits Geneva Motor Show
Incident leaves GPS units showing a location in England and a date 17 years in the future.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
There May Be a Ceiling on Vulnerability Remediation
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
Web Apps Are Becoming Less Secure
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
How the Best DevSecOps Teams Make Risk Visible to Developers
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
Box Mistakes Leave Enterprise Data Exposed
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
5 Essentials for Securing and Managing Windows 10
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
|
Special Report: Computing's New NormalThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Tweet This
2 Comments
