Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Medical Devices on the IoT Put Lives at Risk
Device security must become as important a product design feature as safety and efficacy.
Active Directory Attacks Hit the Mainstream
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The Wild, Wild West(world) of Cybersecurity
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Vulnerability Management Isn't Just a Numbers Game
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Security Ratings Are a Dangerous Fantasy
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
TrickBot Module Takes Aim at Remote Desktops
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Law-abiding folks like us applauded Texas for its bravery — but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
How the Rise of IoT Is Changing the CISO Role
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
How Network Metadata Can Transform Compromise Assessment
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Threat Awareness: A Critical First Step in Detecting Adversaries
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
3 Ways to Strengthen Your Cyber Defenses
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
6 Truths About Disinformation Campaigns
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
What Your Company Needs to Know About Hardware Supply Chain Security
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
Ensure Your Cloud Security Is as Modern as Your Business
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
Solving the Cloud Data Security Conundrum
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Don't Let Iowa Bring Our Elections Back to the Stone Age
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
5 Common Errors That Allow Attackers to Go Undetected
Make these mistakes and invaders might linger in your systems for years.
Why Ransomware Will Soon Target the Cloud
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
China's Military Behind 2017 Equifax Breach: DoJ
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.
6 Factors That Raise the Stakes for IoT Security
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Day in the Life of a Bot
A typical workday for a bot, from its own point of view.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Embracing a Prevention Mindset to Protect Critical Infrastructure
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
Securing Containers with Zero Trust
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Why DPOs and CISOs Must Work Closely Together
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
New Report Spotlights Changes in Phishing Techniques
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
Dustman Attack Underscores Iran's Cyber Capabilities
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
Will This Be the Year of the Branded Cybercriminal?
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
Operationalizing Threat Intelligence at Scale in the SOC
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
2020 & Beyond: The Evolution of Cybersecurity
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
7 Tips to Keep Your Family Safe Online Over the Holidays
Security experts offer key cyber advice for family members.
Why Enterprises Buy Cybersecurity 'Ferraris'
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
Get Organized Like a Villain
What cybercrime group FIN7 can teach us about using agile frameworks.
Intel's CPU Flaws Continue to Create Problems for the Tech Community
We can't wait out this problem and hope that it goes away. We must be proactive.
4 Tips to Run Fast in the Face of Digital Transformation
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
Application & Infrastructure Risk Management: You've Been Doing It Backward
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
How to Get Prepared for Privacy Legislation
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
DDoS: An Underestimated Threat
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
A Security Strategy That Centers on Humans, Not Bugs
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
BSIMM10 Shows Industry Vertical Maturity
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
|
Latest Comment: This comment is waiting for review by our moderators.
6 Emerging Cyber Threats That Enterprises Face in 2020This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Tweet This
7 Comments
