Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Microsoft Announces Ability to Force TLS Version Compliance
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
218M Words with Friends Players Compromised in Data Breach
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
'Harvesting Attacks' & the Quantum Revolution
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
Cloud Vulnerability Could Let One Server Compromise Thousands
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
Apple Patches Multiple Vulnerabilities Across Platforms
Updates address two separate issues in Apple's desktop and mobile operating systems.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Most companies have too many tools, causing increased costs and security issues.
Mass Exploitation of vBulletin Flaw Raises Alarm
The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.
Cloud-Native Applications: Shift to Serverless is Underway
A new report explores changes in cloud-native applications and complexities involved with securing them.
Ransomware Hits Multiple, Older Vulnerabilities
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Voting Machine Systems New & Old Contain 'Design' Flaws
DEF CON Voting Village organizers presented a final report on their findings at the Capitol.
Bridging the Gap Between Security & DevOps
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Why You Need to Think About API Security
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
New Emergency Communications Plan Released by CISA
The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
Microsoft's Azure Sentinel SIEM Now Generally Available
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
The Future of Account Security: A World Without Passwords?
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
Cloudflare Introduces 'Bot Fight Mode' Option for Site Operators
Goal is to help websites detect and block bad bot traffic, vendor says.
Wyoming Hospital the Latest to Be Hit With Ransomware Attack
A attack has had a significant impact on the operations of Wyoming's Campbell County Memorial Hospital.
4 Cybersecurity Best Practices for Electrical Engineers
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
Microsoft Defender Bug Fixed with Emergency Patch
A second out-of-band patch issued this week addresses a denial-of-service vulnerability in Microsoft Defender.
6 Best Practices for Performing Physical Penetration Tests
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
Microsoft Issues Out-of-Band Patch for Internet Explorer
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
7 Ways VPNs Can Turn from Ally to Threat
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
Ransomware Strikes 49 School Districts & Colleges in 2019
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
A Safer IoT Future Must Be a Joint Effort
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Security Pros Value Disclosure ... Sometimes
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Deconstructing an iPhone Spearphishing Attack
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Crowdsourced Security & the Gig Economy
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
How Cybercriminals Exploit Simple Human Mistakes
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
One Arrested in Ecuador's Mega Data Leak
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
24.3M Unsecured Health Records Expose Patient Data, Images
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
How Ransomware Criminals Turn Friends into Enemies
Managed service providers are the latest pawns in ransomware's game of chess.
MITRE Releases 2019 List of Top 25 Software Weaknesses
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
5 Common Cloud Configuration Mistakes
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
15K Private Webcams Could Let Attackers View Homes, Businesses
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
Impersonation Fraud Still Effective in Obtaining Code Signatures
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Data Leak Affects Most of Ecuador's Population
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Preventing PTSD and Burnout for Cybersecurity Professionals
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Malware Linked to Ryuk Targets Financial & Military Data
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
US Sanctions 3 Cyberattack Groups Tied to DPRK
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
6 Questions to Ask Once You’ve Learned of a Breach
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
Taking a Fresh Look at Security Ops: 10 Tips
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
Instagram Bug Put User Account Details, Phone Numbers at Risk
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
A Definitive Guide to Crowdsourced Vulnerability Management
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
NetCAT Vulnerability Is Out of the Bag
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
|
Latest Comment: Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
