Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
Malware Developers Refresh Their Attack Tools
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
Even Small Nations Have Jumped into the Cyber Espionage Game
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.
China's APT Groups May Be Looking to Cash In
Two campaigns have resulted in encrypted drives and ransom notes, suggesting that some China-linked nation-state advanced persistent threat groups have added financial gain as a motive, researchers say.
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
Defending the COVID-19 Vaccine Supply Chain
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
10 Benefits of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
Quarterbacking Vulnerability Remediation
It's time that security got out of the armchair and out on the field.
Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force
Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.
NSA, CISA Warn of Attacks on Federated Authentication
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
'SocGholish' Attack Framework Powers Surge in Drive-By Attacks
Menlo Labs research team says framework's social engineering toolkit helps criminals impersonate software updates.
Why the Weakest Links Matter
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.
7 Security Tips for Gamers
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Black Hat Europe: Dark Reading Video News Desk Coverage
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Navigating the Security Maze in a New Era of Cyberthreats
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Attackers Know Microsoft 365 Better Than You Do
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Avoiding a 1984-Like Future
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
Malicious or Vulnerable Docker Images Widespread, Firm Says
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
Driven by Ransomware, Cyber Claims Rise in Number & Value
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
Look Beyond the 'Big 5' in Cyberattacks
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Out With the Old Perimeter, in With the New Perimeters
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
How to Identify Cobalt Strike on Your Network
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Vulnerability Prioritization Tops Security Pros' Challenges
Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at this week's virtual event.
How to Avoid Getting Killed by Ransomware
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Preventing and Mitigating DDoS Attacks: It's Elementary
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
7 Online Shopping Tips for the Holidays
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
Reworking the Taxonomy for Richer Risk Assessments
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
6 Cybersecurity Lessons From 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
Microsoft & Others Catalog Threats to Machine Learning Systems
Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.
Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach
As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
How Healthcare Organizations Can Combat Ransomware
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
Cybercriminals Aim BEC Attacks at Education Industry
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
How to Increase Voter Turnout & Reduce Fraud
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
Rethinking Security for the Next Normal -- Under Pressure
By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
MITRE Shield Matrix Highlights Deception & Concealment Technology
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
Microsoft's Kubernetes Threat Matrix: Here's What's Missing
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
A Pause to Address 'Ethical Debt' of Facial Recognition
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
|
2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Tweet This
0 Comments
