Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
Pen Testing ROI: How to Communicate the Value of Security Testing
There are many reasons to pen test, but the financial reasons tend to get ignored.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
How to Assess More Sophisticated IoT Threats
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
3 Ways to Flatten the Health Data Hacking Curve
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
7 Tips for Effective Deception
The right decoys can frustrate attackers and help detect threats more quickly.
Lucifer Malware Aims to Become Broad Platform for Attacks
The recent spread of the distributed denial-of-service tool attempts to exploit a dozen web-framework flaws, uses credential stuffing, and is intended to work against a variety of operating systems.
Average Cost of a Data Breach: $116M
Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches.
Rethinking Enterprise Access, Post-COVID-19
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
Cybercrime Infrastructure Never Really Dies
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
What's Anonymous Up to Now?
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
Too Big to Cyber Fail?
How systemic cyber-risk threatens US banks and financial services companies
The Hitchhiker's Guide to Web App Pen Testing
Time on your hands and looking to learn about web apps? Here's a list to get you started.
Asset Management Mess? How to Get Organized
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based "ethical hacking" firm that works on behalf of commercial clients.
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
Valak Malware Retasked to Steal Data from US, German Firms
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
Data Loss Spikes Under COVID-19 Lockdowns
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
6 Steps Consumers Should Take Following a Hack
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
6 Free Cybersecurity Training and Awareness Courses
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Rule of Thumb: USB Killers Pose Real Threat
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
The Price of Fame? Celebrities Face Unique Hacking Threats
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Is CVSS the Right Standard for Prioritization?
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
It Was 20 Years Ago Today: Remembering the ILoveYou Virus
The worm infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.
Best Practices for Managing a Remote SOC
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
The Rise of Deepfakes and What That Means for Identity Fraud
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Fraud Predictions in the Wake of the Coronavirus
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.
4 Ways to Get to Defensive When Faced by an Advanced Attack
To hold your own against nation-state-grade attacks, you must think and act differently.
Continued Use of Python 2 Will Heighten Security Risks
With support for the programming language no longer available, organizations should port to Python 3, security researches say.
Attackers Target Sophos Firewalls with Zero-Day
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Cybercrime Group Steals $1.3M from Banks
A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.
11 Tips for Protecting Active Directory While Working from Home
To improve the security of your corporate's network, protect the remote use of AD credentials.
Attackers Aim at Software Supply Chain with Package Typosquatting
Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.
7 Steps to Avoid the Top Cloud Access Risks
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
5 Things Ransomware Taught Me About Responding in a Crisis
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
DHS Issues Alert for New North Korean Cybercrime
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Hackers are upping their game, especially as they target mobile devices.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
The pandemic has driven more of our personal and work lives online – and for the bad guys, business is booming. Here's how you can protect yourself.
Cybercrime May Be the World's Third-Largest Economy by 2021
The underground economy is undergoing an industrialization wave and booming like never before.
Medical Devices on the IoT Put Lives at Risk
Device security must become as important a product design feature as safety and efficacy.
Active Directory Attacks Hit the Mainstream
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The Wild, Wild West(world) of Cybersecurity
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Vulnerability Management Isn't Just a Numbers Game
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
|
Special Report: Computing's New Normal, a Dark Reading PerspectiveThis special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Tweet This
17 Comments
