Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
New Credential-Theft Attack Weaponizes DNS
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
Google Uncovers Massive iPhone Attack Campaign
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Three steps for relieving the pressure of picking the right tools.
Retadup Worm Squashed After Infecting 850K Machines
An operation involving French law enforcement, the FBI, and Avast forces Retadup to delete itself from victim machines.
Google Announces New, Expanded Bounty Programs
The company is significantly expanding the bug-bounty program for Google Play and starting a program aimed at user data protection.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
Privacy 2019: We're Not Ready
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
Facebook Patches Second Account-Takeover Flaw in Instagram
The password-recovery mechanism once again puts users of the photo- and video-sharing platform at risk.
Magecart Shops for Victims as E-Commerce Market Grows
In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.
TrickBot Comes to Cellular Carriers
A new malicious campaign seeks cell account PINs from victims.
Malware Found in Android App with 100M Users
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Imperva Customer Database Exposed
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
New 'Lyceum' Threat Group Eyes Critical Infrastructure
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
WannaCry Remains No. 1 Ransomware Weapon
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
Apple Releases Emergency Patch for iPhone Jailbreak Flaw
iOS version 12.4.1 fixes the "use after free" vulnerability.
More Than Half of Social Media Login Attempts Are Fraud
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
3 Arrested in Transnational Fraud Indictments
According to the indictments, the accused impersonated government officials when they demanded money from their victims.
IRS Alerts Taxpayers to New Email Scam
A spoofed IRS.gov link leads victims to a fraudulent Web page where they are prompted to download malware.
Cryptography & the Hype Over Quantum Computing
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
80 Charged in Massive BEC Operation Bust
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
Capital One Breach: What Security Teams Can Do Now
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
New Malware Variant Targets Old Adobe, Office Vulnerabilities
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
LinkedIn Details Features of Fight Against Fakes
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
5 Identity Challenges Facing Today’s IT Teams
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
Ransomware Hits Fortnite Players
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
'Phoning Home': Your Latest Data Exfiltration Headache
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
7 Big Factors Putting Small Businesses At Risk
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
Apple Misstep Leaves iPhones Open to Jailbreak
Newest version of iOS contains a critical bug that the company had previously already patched.
Cyberthreats Against Financial Services Up 56%
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
Who Gets Privileged Access & How to Enforce It
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
5 Ways to Improve the Patching Process
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
Instagram Added to Facebook Data-Abuse Bounty Program
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Towns Across Texas Hit in Coordinated Ransomware Attack
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
Tough Love: Debunking Myths about DevOps & Security
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
European Central Bank Website Hit by Malware Attack
The website was infected with malware that stole information on subscribers to a bank newsletter.
Beat the Heat: Dark Reading Caption Contest Winners
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Behind the Scenes at ICS Village
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
NSA Researchers Talk Development, Release of Ghidra SRE Tool
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
New Research Finds More Struts Vulnerabilities
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
The Flaw in Vulnerability Management: It's Time to Get Real
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
68% of Companies Say Red Teaming Beats Blue Teaming
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
|
Latest Comment: We need more votes, check the obituaries.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
