Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Database Leaks, Network Traffic Top Data Exfiltration Methods
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
Confluence Vulnerability Opens Door to GandCrab
An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.
California Consumer Privacy Act: 4 Compliance Best Practices
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
How to Help Your Board Navigate Cybersecurity's Legal Risks
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what's at stake and what CISOs can do to mitigate the damage.
Threat Intelligence Firms Look to AI, but Still Require Humans
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.
Researchers Explore Remote Code Injection in macOS
Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
7 Types of Experiences Every Security Pro Should Have
As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.
Unknown, Unprotected Database Exposes Info on 80 Million US Households
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
A Rear-View Look at GDPR: Compliance Has No Brakes
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
Slack Warns of Big, Bad Dangers in SEC Filing
A filing prior to an IPO lists nation-state dangers to Slack's services and customers as a risk for investors.
Malware Makes Itself at Home in Set-Top Boxes
Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.
Go Medieval to Keep OT Safe
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
Security Vulns in Microsoft Products Continue to Increase
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
New EternalBlue Family Member Takes Aim at Asian Web Servers
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
Cyberattackers Focus on More Subtle Techniques
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
55% of SMBs Would Pay Up Post-Ransomware Attack
The number gets even higher among larger SMBs.
How a Nigerian ISP Accidentally Hijacked the Internet
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Enterprise Trojan Detections Spike 200% in Q1 2019
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
Sensitive Data Lingers on Used Storage Drives Sold Online
Four in 10 used hard drives sold on eBay found to contain sensitive information.
Regulations, Insider Threat Handicap Healthcare IT Security
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" — and a lack of talent may not be the sole reason.
Survey Shows a Security Conundrum
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
Two Charged with Economic Espionage, GE Trade Secret Theft
A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.
Attackers Aren't Invincible & We Must Use That to Our Advantage
The bad guys only seem infallible. Use their weaknesses to beat them.
New Twist in the Stuxnet Story
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Google File Cabinet Plays Host to Malware Payloads
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
Microsoft Windows, Antivirus Software at Odds After Latest Update
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
City of Stuart Still Recovering from Ryuk Ransomware Attack
Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.
App Exposes Wi-Fi Credentials for Thousands of Private Networks
A database used by WiFi Finder was left open and unprotected on the Internet.
Exploits for Adobe Vulnerabilities Spiked in 2018
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
When Every Attack Is a Zero Day
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
7 Ways to Get the Most from Your IDS/IPS
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
1 in 4 Workers Are Aware Of Security Guidelines – but Ignore Them
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
Who Gets Targeted Most in Cyberattack Campaigns
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
4 Tips to Protect Your Business Against Social Media Mistakes
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
Free Princeton Application Provides IoT Traffic Insight
The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet'
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
Third-Party Cyber-Risk by the Numbers
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Cisco Issues 31 Mid-April Security Alerts
Among them, two are critical and six are of high importance.
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
Former Student Admits to USB Killer Attack
An Indian national used device to attack computers and peripherals at a New York college.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
New Malware Campaign Targets Financials, Retailers
The attack uses a legitimate remote access system as well as several families of malware.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Four best practices to keep old code from compromising your enterprise environment.
|
Improving Enterprise Cybersecurity With XDREnterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
