Researchers spot gaps in users’ and IT practitioners’ security habits, and between security tools and user preferences. Advertise on IT Security News. Read the complete article: User Have Risky Security Habits, but Security Pros Aren’t Much Better
Tag: Dark Reading:
Zero-Factor Authentication: Owning Our Data
Are you asking the right questions to determine how well your vendors will protect your data? Probably not. Advertise on IT Security News. Read the complete article: Zero-Factor Authentication: Owning Our Data
44% of Security Threats Start in the Cloud
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud. Advertise on IT Security News. Read the complete article: 44% of Security Threats Start in the Cloud
DHS’s CISA Warns of New Critical Infrastructure Ransomware Attack
An attack on a natural gas compression facility sent the operations offline for two days. Advertise on IT Security News. Read the complete article: DHS’s CISA Warns of New Critical Infrastructure Ransomware Attack
Don’t Let Iowa Bring Our Elections Back to the Stone Age
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let’s not allow one bad incident stop us from finding new ways to achieve this. Advertise on IT Security News.…
The Trouble with Free and Open Source Software
Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes. Advertise on IT Security News. Read the complete article: The Trouble with Free and Open Source Software
Dell Sells RSA to Private Equity Firm for $2.1B
Deal with private equity entity Symphony Technology Group revealed one week before the security industry’s RSA Conference in San Francisco. Advertise on IT Security News. Read the complete article: Dell Sells RSA to Private Equity Firm for $2.1B
Lumu to Emerge from Stealth at RSAC
The new company will focus on giving customers earlier indications of network and server compromise. Advertise on IT Security News. Read the complete article: Lumu to Emerge from Stealth at RSAC
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan. Advertise on IT Security News. Read the complete article: Cyber Fitness Takes More Than a Gym Membership & a…
1.7M Nedbank Customers Affected via Third-Party Breach
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. Advertise on IT Security News. Read the complete article: 1.7M Nedbank Customers Affected via Third-Party Breach
Firmware Weaknesses Can Turn Computer Subsystems into Trojans
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants. Advertise on IT Security News. Read the complete article: Firmware Weaknesses Can Turn…
Staircase to the Cloud: Dark Reading Caption Contest Winners
A humorous nod to the lack of gender equity in cybersecurity hiring was our judges’ unanimous choice. And the winners are … Advertise on IT Security News. Read the complete article: Staircase to the Cloud: Dark Reading Caption Contest…
The Road(s) to Riches
You could be making millions in just two years! Advertise on IT Security News. Read the complete article: The Road(s) to Riches
8 Things Users Do That Make Security Pros Miserable
When a user interacts with an enterprise system the result can be productivity or disaster. Here are 8 opportunities for the disaster side to win out over the productive. Advertise on IT Security News. Read the complete article: 8…
Martin and Dorothie Hellman on Love, Crypto & Saving the World
Martin Hellman, co-creator of the Diffie-Hellman key exchange, and his wife of 53 years, Dorothie, talk about the current state of cryptography and what making peace at home taught them about making peace on Earth. Advertise on IT Security…
Phishing Campaign Targets Mobile Banking Users
Consumers in dozens of countries were targeted, Lookout says. Advertise on IT Security News. Read the complete article: Phishing Campaign Targets Mobile Banking Users
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Palm Beach County’s elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida. Advertise on IT Security News. Read the complete article: Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Ovum to Expand Cybersecurity Research Under New Omdia Group
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research. Advertise on IT Security News. Read the complete article: Ovum to Expand Cybersecurity Research Under New Omdia Group
DHS Warns of Cyber Heartbreak
Fraudulent dating and relationship apps and websites raise the risks for those seeking online romance on Valentine’s Day. Advertise on IT Security News. Read the complete article: DHS Warns of Cyber Heartbreak
The 5 Love Languages of Cybersecurity
When it comes to building buy-in from the business, all cybersecurity needs is love — especially when it comes to communication. Advertise on IT Security News. Read the complete article: The 5 Love Languages of Cybersecurity
Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec
What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones? Advertise on IT Security News. Read the complete article: Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
The new threat model hones in on ML security at the design state. Advertise on IT Security News. Read the complete article: Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter. Advertise on IT Security News. Read the complete article: DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
Babel of IoT Authentication Poses Security Challenges
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say. Advertise on IT Security News. Read the complete article: Babel of IoT Authentication Poses Security Challenges
Huawei Charged with RICO Violations in Federal Court
A new set of indictments adds conspiracy to violate RICO statutes to a list of existing charges against the Chinese telecommunications giant. Advertise on IT Security News. Read the complete article: Huawei Charged with RICO Violations in Federal Court
Small Business Security: 5 Tips on How and Where to Start
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better. Advertise on IT Security News. Read the complete article: Small Business Security: 5…
7 Tax Season Security Tips
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe. Advertise on IT Security News. Read the complete article: 7 Tax Season Security Tips
Apps Remain Favorite Mobile Attack Vector
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks. Advertise on IT Security News. Read the complete article: Apps Remain Favorite Mobile Attack Vector
Forget Hacks… Ransomware, Phishing Are Election Year’s Real Threats
As we gear up for the voting season, let’s put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security. Advertise on IT Security News. Read the complete article: Forget…
Third-Party Breaches – and the Number of Records Exposed – Increased Sharply in 2019
Each breach exposed an average of 13 million records, Risk Based Security found. Advertise on IT Security News. Read the complete article: Third-Party Breaches – and the Number of Records Exposed – Increased Sharply in 2019
Avast Under Investigation by Czech Privacy Agency
The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot. Advertise on IT Security News. Read the complete article: Avast Under Investigation by Czech Privacy Agency
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up. Advertise on IT Security News. Read the complete article: FBI: Business Email Compromise Cost Businesses $1.7B in 2019
Stop Defending Everything
Instead, try prioritizing with the aid of a thorough asset inventory. Advertise on IT Security News. Read the complete article: Stop Defending Everything
Chaos & Order: The Keys to Quantum-Proof Encryption
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy. But first, your current crypto needs some tidying up. Advertise on IT Security News. Read the complete article: Chaos & Order:…
5G Adoption Should Change How Organizations Approach Security
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications. Advertise on IT Security News. Read the complete article: 5G Adoption Should Change How Organizations Approach…
Chaos May Be the Key to Quantum-Proof Encryption
The implications of chaos form the basis of a new approach to encryption that promises quantum-proof perfect secrecy. Advertise on IT Security News. Read the complete article: Chaos May Be the Key to Quantum-Proof Encryption
5 Common Errors That Allow Attackers to Go Undetected
Make these mistakes and invaders might linger in your systems for years. Advertise on IT Security News. Read the complete article: 5 Common Errors That Allow Attackers to Go Undetected
Healthcare Ransomware Damage Passes $157M Since 2016
Researchers found the total cost far exceeded the amount of ransom paid to attackers. Advertise on IT Security News. Read the complete article: Healthcare Ransomware Damage Passes $157M Since 2016
Microsoft Patches Exploited Internet Explorer Flaw
This month’s Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild. Advertise on IT Security News. Read the complete article: Microsoft Patches Exploited Internet Explorer Flaw
Why Ransomware Will Soon Target the Cloud
As businesses’ daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud. Advertise on IT Security News. Read…
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019. Advertise on IT Security News. Read the complete article: Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Macs See More Adware, Unwanted Apps Than PCs
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce. Advertise on IT Security News. Read the complete article: Macs See More Adware,…
What Are Some Foundational Ways to Protect My Global Supply Chain?
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on. Advertise on IT Security News. Read the complete article: What Are Some Foundational Ways to Protect My Global Supply Chain?
CIA’s Secret Ownership of Crypto AG Enabled Extensive Espionage
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA. Advertise on IT Security News. Read the complete article: CIA’s Secret Ownership of Crypto AG Enabled Extensive Espionage
Keeping a Strong Security Metrics Framework Strong
Don’t just report metrics — analyze, understand, monitor, and adjust them. These 10 tips will show you how. Advertise on IT Security News. Read the complete article: Keeping a Strong Security Metrics Framework Strong
How North Korea’s Senior Leaders Harness the Internet
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions. Advertise on IT Security News. Read the complete article: How North Korea’s Senior Leaders Harness the Internet
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds. Advertise on IT Security News. Read the complete article: Some Democrats Lead Trump in Campaign Domain-Security Efforts
Israel’s Entire Voter Registry Exposed in Massive Incident
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app. Advertise on IT Security News. Read the complete article: Israel’s Entire Voter Registry Exposed in Massive…
China’s Military Behind 2017 Equifax Breach: DoJ
Four members of China’s People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens. Advertise on IT Security News. Read the complete article: China’s Military Behind 2017 Equifax Breach: DoJ
Unlocked S3 Bucket Lets 36,077 Jail Files Escape
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states’ correctional facilities. Advertise on IT Security News. Read the complete article: Unlocked S3 Bucket Lets 36,077 Jail Files Escape
Unlocked S3 Bucket Lets 36,077 Prison Files Escape
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states’ correctional facilities. Advertise on IT Security News. Read the complete article: Unlocked S3 Bucket Lets 36,077 Prison Files Escape
6 Factors That Raise The Stakes For IoT Security
Developments that exacerbate the risk and complicate making Internet of Things devices more secure. Advertise on IT Security News. Read the complete article: 6 Factors That Raise The Stakes For IoT Security
Day in the Life of a Bot
A typical workday for a bot, from its own point of view. Advertise on IT Security News. Read the complete article: Day in the Life of a Bot
Google Takeout Serves Up Video Files to Strangers
A limited number of user videos were shared with others in a five-day incident from November. Advertise on IT Security News. Read the complete article: Google Takeout Serves Up Video Files to Strangers
CCPA and GDPR: The Data Center Pitfalls of the ‘Right to be Forgotten’
Compliance with the new privacy rules doesn’t always fall on data center managers, but when it does, it’s more difficult than it may sound. Advertise on IT Security News. Read the complete article: CCPA and GDPR: The Data Center…
RobbinHood Kills Security Processes Before Dropping Ransomware
Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files. Advertise on IT Security News. Read the complete article: RobbinHood Kills Security Processes Before Dropping Ransomware
From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide
Although radio frequency energy (RF) communications are increasingly essential to modern wireless networking and IoT, the security of RF is notoriously lax. Advertise on IT Security News. Read the complete article: From 1s & 0s to Wobbly Lines: The…
From 1s & 0s to Wobbly Lines: The Security Pro’s Radio Frequency Starter Kit
Although radio frequency energy (RF) communications are increasingly essential to modern wireless networking and IoT, the security of RF is notoriously lax. Advertise on IT Security News. Read the complete article: From 1s & 0s to Wobbly Lines: The…
5 Measures to Harden Election Technology
Voting machinery needs hardware-level security. The stakes are the ultimate, and the attackers among the world’s most capable. Advertise on IT Security News. Read the complete article: 5 Measures to Harden Election Technology
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
New exploit builds on previous research involving Philips Hue Smart Bulbs. Advertise on IT Security News. Read the complete article: Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
90% of CISOs Would Cut Pay for Better Work-Life Balance
Businesses receive $30,000 of ‘free’ CISO time as security leaders report job-related stress taking a toll on their health and relationships. Advertise on IT Security News. Read the complete article: 90% of CISOs Would Cut Pay for Better Work-Life…
Phishing Personified
What makes these scams so completely obvious in the physical form? Advertise on IT Security News. Read the complete article: Phishing Personified
Forescout Acquired by Private Equity Team
The deal, valued at $1.9 billion, is expected to close next quarter. Advertise on IT Security News. Read the complete article: Forescout Acquired by Private Equity Team
Cybersecurity Vendor Landscape Transforming as Symantec, McAfee Enter New Eras
Two years ago, Symantec and McAfee were both primed for a comeback. Today, both face big questions about their future. Advertise on IT Security News. Read the complete article: Cybersecurity Vendor Landscape Transforming as Symantec, McAfee Enter New Eras
Facebook Tops Imitated Brands as Attackers Target Tech
Brand impersonators favor Facebook, Yahoo, Network, and PayPal in phishing attempts to steal credentials from victims. Advertise on IT Security News. Read the complete article: Facebook Tops Imitated Brands as Attackers Target Tech
A Matter of Trust
Has working in the cybersecurity industry affected your ability to trust? Take the poll now. Advertise on IT Security News. Read the complete article: A Matter of Trust
Invisible Pixel Patterns Can Communicate Data Covertly
University researchers show that changing the brightness of monitor pixels can communicates data from air-gapped systems in a way not visible to human eyes. Advertise on IT Security News. Read the complete article: Invisible Pixel Patterns Can Communicate Data…
How Can We Make Election Technology Secure?
In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well. Advertise on IT Security News. Read the complete article: How Can We Make Election Technology Secure?
RSAC Sets Finalists for Innovation Sandbox
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year. Advertise on IT Security News. Read the complete article: RSAC Sets Finalists for Innovation Sandbox
Vixie: The Unintended Consequences of Internet Privacy Efforts
Paul Vixie says emerging encryption protocols for endpoints could ‘break’ security in enterprise – and even home – networks. Advertise on IT Security News. Read the complete article: Vixie: The Unintended Consequences of Internet Privacy Efforts
Majority of Network, App-Layer DDoS Attacks in 2019 Were Small
Attacks turned to cheaper, shorter attacks to try and disrupt targets, Imperva analysis shows. Advertise on IT Security News. Read the complete article: Majority of Network, App-Layer DDoS Attacks in 2019 Were Small
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
The decoys and lures will help redirect attacks away from devices that can’t be protected through traditional means. Advertise on IT Security News. Read the complete article: Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
IoT Malware Campaign Infects Global Manufacturing Sites
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites. Advertise on IT Security News. Read the complete article: IoT Malware Campaign Infects Global Manufacturing Sites
Emotet Preps for Tax Season with New Phishing Campaign
Malicious emails in a new attack campaign contain links and attachments claiming to lead victims to W-9 forms. Advertise on IT Security News. Read the complete article: Emotet Preps for Tax Season with New Phishing Campaign
What is a Privileged Access Workstation (PAW)?
What is a Privileged Access Workstation (PAW)? Advertise on IT Security News. Read the complete article: What is a Privileged Access Workstation (PAW)?
Keeping Compliance Data-Centric Amid Accelerating Regulation
As the regulatory landscape transforms, it’s still smart to stay strategically focused on protecting your data. Advertise on IT Security News. Read the complete article: Keeping Compliance Data-Centric Amid Accelerating Regulation
Hiring Untapped Security Talent Can Transform the Industry
Cybersecurity needs unconventional hires to help lead the next phase of development and innovation, coupled with salaries that aren’t insulting Advertise on IT Security News. Read the complete article: Hiring Untapped Security Talent Can Transform the Industry
Companies Pursue Zero Trust, but Implementers Are Hesitant
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say. Advertise on IT Security News. Read…
8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products
Six of them were the same as from the previous year, according to new Recorded Future analysis. Advertise on IT Security News. Read the complete article: 8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets. Advertise on IT Security News. Read the complete article: SharePoint Bug Proves Popular Weapon for Nation-State Attacks
Microsoft DART Finds Web Shell Threat on the Rise
Various APT groups are successfully using Web shell attacks on a more frequent basis. Advertise on IT Security News. Read the complete article: Microsoft DART Finds Web Shell Threat on the Rise
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
For cities, states and towns, paying up is short-sighted and only makes the problem worse. Advertise on IT Security News. Read the complete article: Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
7 Ways SMBs Can Secure Their Websites
Here’s what small and midsize businesses should consider when they decide it’s time to up their website security. Advertise on IT Security News. Read the complete article: 7 Ways SMBs Can Secure Their Websites
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
The company believes state-sponsored actors may also be involved. Advertise on IT Security News. Read the complete article: Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
Kubernetes Shows Built-in Weakness
A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them. Advertise on IT Security News. Read the complete article: Kubernetes Shows Built-in Weakness
What WON’T Happen in Cybersecurity in 2020
Predictions are a dime a dozen. Here are six trends that you won’t be hearing about anytime soon. Advertise on IT Security News. Read the complete article: What WON’T Happen in Cybersecurity in 2020
Bad Certificate Knocks Teams Offline
Microsoft allowed a certificate to expire, knocking the Office 365 version of Teams offline for almost an entire day. Advertise on IT Security News. Read the complete article: Bad Certificate Knocks Teams Offline
Bad Certificate Knocks Teams Off Line
Microsoft allowed a certificate to expire, knocking the Office 365 version of Teams offline for almost an entire day. Advertise on IT Security News. Read the complete article: Bad Certificate Knocks Teams Off Line
EKANS Ransomware Raises Industrial-Control Worries
Although the ransomware is unsophisticated, the malware does show that some crypto-attackers are targeting certain industrial control products. Advertise on IT Security News. Read the complete article: EKANS Ransomware Raises Industrial-Control Worries
C-Level & Studying for the CISSP
One CTO tells us about his belated pursuit of a foundational infosecurity certification — why he wanted it and what it took. Advertise on IT Security News. Read the complete article: C-Level & Studying for the CISSP
Researchers Find 24 ‘Dangerous’ Android Apps with 382M Installs
Shenzhen Hawk Internet Co. is identified as the parent company behind five app developers seeking excessive permissions in Android apps. Advertise on IT Security News. Read the complete article: Researchers Find 24 ‘Dangerous’ Android Apps with 382M Installs
Attackers Actively Targeting Flaw in Door-Access Controllers
There’s been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says. Advertise on IT Security News. Read the complete article: Attackers Actively Targeting Flaw in Door-Access Controllers
Coronavirus Phishing Attack Infects US, UK Inboxes
Cybercriminals capitalize on fears of a global health emergency with phishing emails claiming to offer advice for protecting against coronavirus. Advertise on IT Security News. Read the complete article: Coronavirus Phishing Attack Infects US, UK Inboxes
How Device-Aware 2FA Can Defeat Social Engineering Attacks
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here’s why. Advertise on IT Security News. Read the complete article: How Device-Aware 2FA Can Defeat Social Engineering Attacks
‘George’ the Most Popular Password That’s a Name
A new study of stolen passwords reflects the consequences of password overload. Advertise on IT Security News. Read the complete article: ‘George’ the Most Popular Password That’s a Name
What It’s Like to Be a CISO: Check Point Security Leader Weighs In
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software. Advertise on IT Security News. Read the complete article: What It’s Like to Be a CISO: Check Point Security…
Ashley Madison Breach Returns with Extortion Campaign
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach. Advertise on IT Security News. Read the complete article: Ashley Madison Breach Returns with Extortion Campaign
Name That Toon: Private (Button) Eye
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. Advertise on IT Security News. Read the complete article: Name That Toon: Private (Button) Eye
AppSec Concerns Drove 61% of Businesses to Change Applications
According to new Dark Reading research, some respondents have even left behind commercial off-the-shelf software and migrated to open-source or in-house homegrown applications. Click image to read more. Advertise on IT Security News. Read the complete article: AppSec Concerns…
Embracing a Prevention Mindset to Protect Critical Infrastructure
Embracing a Prevention Mindset to Protect Critical Infrastructure Advertise on IT Security News. Read the complete article: Embracing a Prevention Mindset to Protect Critical Infrastructure