Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
Cisco Announces Patches to SaltStack
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.
A Rogues' Gallery of MacOS Malware
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
3 SMB Cybersecurity Myths Debunked
Small and midsize businesses are better at cyber resilience than you might think.
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
Data Loss Spikes Under COVID-19 Lockdowns
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
How Elite Protectors Operationalize Security Protection
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
HackerOne Bounties Hit $100M Milestone
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
Standing Privilege: The Attacker's Advantage
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
What the World's Elite Protectors Teach Us about Cybersecurity
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
6 Steps Consumers Should Take Following a Hack
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
Americans Care About Security But Don't Follow Through
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
Turla Backdoor Adds Gmail Web Interface for Command-and-Control
The latest version of ComRAT is another sign of the threat actor's continued focus on targets in the government, military, and other sectors.
Benefits of a Cloud-Based, Automated Cyber Range
A cyber range is an irreplaceable tool that allows cybersecurity professionals to improve their response capabilities as well as their ability to identify risks.
World Leaders Urge Action Against Healthcare Cyberattacks
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
Content Delivery Networks Adding Checks for Magecart Attacks
Modern web applications make significant use of third-party code to drive innovation, but the software supply chain has also turned into a major source of threat. CDNs aim to change that.
10 iOS Security Tips to Lock Down Your iPhone
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Hackers Serve Up Stolen Credentials from Home Chef
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
How an Industry Consortium Can Reinvent Security Solution Testing
By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.
The Need for Compliance in a Post-COVID-19 World
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
60% of Insider Threats Involve Employees Planning to Leave
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Digital Transformation Risks in Front-end Code
Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.
Offers to Sell Enterprise Network Access Surge on Dark Web
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.
Microsoft Warns of Vulnerability Affecting Windows DNS Server
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
As COVID-19-themed spam rises, phishing—not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Google Chrome Redesign Puts Security & Privacy in Users' Hands
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.
Web Application Attacks Double from 2019: Verizon DBIR
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Long-Term Remote Work: Keeping Workers Productive & Secure
The pandemic has changed how we get work done. Now, data security must catch up.
EasyJet Sees 9 Million Customer Email Addresses Stolen
More than 2,000 customers also had credit card information taken in the attack.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
As DevOps Accelerates, Security's Role Changes
There remains a disconnect between developers and security teams, with uncertainty around who should handle software security.
The 3 Top Cybersecurity Myths & What You Should Know
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
Templates Make Coronavirus Phishing Campaigns Easy
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.
Microsoft Open Sources Its Coronavirus Threat Data
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
4 Challenges with Existing VPNs
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
Microsoft Patch for Reverse RDP Flaw Leaves Room for Other Attacks
Fix released in February is Microsoft's second pass at fully addressing issue that Check Point first disclosed at Black Hat USA last summer.
8 Supply Chain Security Requirements
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
Compliance as a Way to Reduce the Risk of Insider Threats
Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.
79% of Companies Report Identity-Related Breach in Past Two Years
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
Ensuring Business Continuity in Times of Crisis
Three basic but comprehensive steps can help you and your organization get through adversity
New Cyber-Espionage Framework Dubbed Ramsay
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
Attackers Routinely Use Older Vulnerabilities to Exploit Businesses, US Cyber Agency Warns
Security issues in Microsoft products dominate the US government's top 10 list of commonly exploited vulnerabilities, but Apache Struts, Adobe Flash, and Drupal are also routinely targeted.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
