Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Things Keeping CISOs Up at Night During the COVID-19 Pandemic
Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
The Rise of Deepfakes and What That Means for Identity Fraud
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Fraud Predictions in the Wake of the Coronavirus
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
4 Ways to Get to Defensive When Faced by an Advanced Attack
To hold your own against nation-state-grade attacks, you must think and act differently.
5 Big Lessons from the Work-from-Home SOC
Accustomed to working in the same room, security teams now must find ways to operate effectively in the new remote reality.
Increased Credential Threats in the Age of Uncertainty
Three things your company should do to protect credentials during the coronavirus pandemic.
What's Your Cybersecurity Architecture Integration Business Plan?
To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
COVID-19 Quarantine: A Unique Learning Opportunity for Defenders
Use these spare moments at home to master new skills that will help protect your organization and enhance your career.
Find Your Framework: Thinking Fast and Slow
Economist Daniel Kahneman's classic book has lessons for those in security, especially now.
Narrow the Scope of Compliance
Many organizations are doing more than they need regarding compliance.
How the Dark Web Fuels Insider Threats
New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.
Resiliency: The Trait National Sporting Leagues Share with Security & IT Teams
During unprecedented times such as these, both businesses and professional sports are forced to go back to basics.
The Evolving Threat of Credential Stuffing
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
11 Tips for Protecting Active Directory While Working from Home
To improve the security of your corporate's network, protect the remote use of AD credentials.
Making the Case for Process Documentation in Cyber Threat Intel
Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a must
8 Steps to Enhance Government Agencies' Security Posture
Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
Is COVID-19 Intensifying the Need for Security Staffing?
Overall, security practitioners should find themselves in a better working situation than many other professionals. However, we are not immune.
7 Steps to Avoid the Top Cloud Access Risks
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
COVID-19 Caption Contest Winners
It was a tough choice! And the winner is…
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
'Look for the Helpers' to Securely Enable the Remote Workforce
CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.
4 Cybersecurity Lessons from the Pandemic
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.
5 Things Ransomware Taught Me About Responding in a Crisis
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Hackers are upping their game, especially as they target mobile devices.
Cybersecurity Prep for the 2020s
The more things change, the more they stay the same. Much of the world is still behind on the basics.
How Company Cultures Dictated Work-from-Home Readiness
Companies large and small are discovering just how prepared they were for all employees to work remotely
You're One Misconfiguration Away from a Cloud-Based Data Breach
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
Cybercrime May Be the World's Third-Largest Economy by 2021
The underground economy is undergoing an industrialization wave and booming like never before.
10 Ways to Spot a Security Fraud
There is no shortage of people presenting themselves as security experts. Some of them truly are. The others...
No STEM, No Problem: How to Close the Security Workforce Gap
Those who work well with others, learn quickly, and possess a proactive mindset toward the work can make great employees, even if their backgrounds aren't rooted in cybersecurity.
Medical Devices on the IoT Put Lives at Risk
Device security must become as important a product design feature as safety and efficacy.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
Why Threat Hunting with XDR Matters
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.
Using Application Telemetry to Reveal Insider & Evasive Threats
Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.
Why Humans Are Phishing's Weakest Link
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Want to Improve Cloud Security? It Starts with Logging
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
A Hacker's Perspective on Securing VPNs As You Go Remote
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
Best Practices to Manage Third-Party Cyber-Risk Today
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
Why All Employees Are Responsible for Company Cybersecurity
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The SOC Emergency Room Faces Malware Pandemic
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
