Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Apple Shares More Data with US in First Half of 2017
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Analyzing Cybersecurity's Fractured Educational Ecosystem
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
CISOs Offer Soup-to-Nuts C-Suite Strategy
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
Report: Bank Email Fraud Increases since Equifax Breach
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Ransomware Numbers Continue to Look Abysmal
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Equihax: Identifying & Wrangling Vulnerabilities
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Popular Mobile Trading Apps Riddled With Vulnerabilities, Security Firm Warns
IOActive's review of 21 of the most used mobile apps for investment trading shows a majority of them exposing users to various security risks.
Chevron's Jump to the Cloud is a Journey
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Why Your Business Must Care about Privacy
It might not have something to hide, but it definitely has something to protect.
FBI's Freese Shares Risk Management Tips
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
PassGAN: Password Cracking Using Machine Learning
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Security's #1 Problem: Economic Incentives
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
1.4 Million New Phishing Sites Launched Each Month
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Americans Rank Criminal Hacking as Their Number One Threat
Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.
10 Security Product Flaw Scares
CCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.
Where Do Security Vulnerabilities Come From?
There are three major causes: code quality, complexity, and trusted data inputs.
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.
Why Size Doesn't Matter in DDoS Attacks
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
Cisco SMI Still Exposing Network Switches Online
The high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.
Mobile Ransomware Hits Browsers with Old-School Techniques
Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.
Software Assurance: Thinking Back, Looking Forward
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
SecureAuth to Merge with Core Security
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
Get Serious about IoT Security
These four best practices will help safeguard your organization in the Internet of Things.
10 Hot Cybersecurity Funding Rounds in Q3
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
New Spam Campaign Literally Doubles Down on Ransomware
An upgraded spam campaign alternates Locky and FakeGlobe ransomware, forcing victims to pay twice or lose all their data.
Viacom's Secret Cloud Keys Exposed
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Siemens' New ICS/SCADA Security Service a Sign of the Times
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Avast CCleaner Compromised Amid Rise in Supply Chain Threats
Attackers somehow hacked the build system of Avast's CCleaner to deliver malware, potentially affecting millions of users.
Equifax Hit with Lawsuit
Victims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.
To Be Ready for the Security Future, Pay Attention to the Security Past
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Public, Hybrid Cloud Security Fears Abound
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
OurMine Claims Vevo Hack, Releases 3.12TB of Data
Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.
Equifax CIO, CSO Step Down
Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.
Senators Propose US Elections Cybersecurity Commission
The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.
Security Orchestration & Automation: Parsing the Options
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
Attacks on Android Soared 40% in Q2
Despite a rise in attacks, the average number of malicious variants remains surprisingly limited, according to a report from Avast.
Cloud Security's Shared Responsibility Is Foggy
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Microsoft Office Zero-Day Spread Surveillance Software
FireEye discovered CVE-2017-8759 flaw patched by Microsoft this week.
'ExpensiveWall' Attacks More Than 1 Million Android Users
New Android malware variant registers users for paid services without their permission and sends bogus premium SMS messages.
Encryption: A New Boundary for Distributed Infrastructure
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
'Bashware' Undermines Windows 10 Security Via Linux Subsystem
New WSL feature in Windows 10 gives attackers a way to run malware without being detected by any current endpoint security tools, Check Point says.
Trump Orders Removal of Kaspersky Products from Federal Systems
The president cites concern that the Russia-based company could be influenced by the Kremlin.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
