Dark Reading

Phishers Target Social Media

03/01/2018
Financial institutions still the number one target, according to a new report by RiskIQ.

ICS Under Fire in 2017

03/01/2018
New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws.

Equifax Finds 2.4 Million Additional US Victims of its Data Breach

03/01/2018
Total of victims now at 147.9 million customers.

What Enterprises Can Learn from Medical Device Security

03/01/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.

Journey to the Cloud: Overcoming Security Risks

03/01/2018
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.

The State of Application Penetration Testing

02/28/2018
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.

Zero-Day Attacks Major Concern in Hybrid Cloud

02/28/2018
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.

New Android Malware Family Highlights Evolving Mobile Threat Capabilities

02/28/2018
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.

FTC Settles with Venmo on Security Allegations

02/28/2018
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.

Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples

02/28/2018
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Grey's Anatomy, hacking themes now run deep in today's TV shows.

Why Cryptocurrencies Are Dangerous for Enterprises

02/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.

How to Secure 'Permissioned' Blockchains

02/28/2018
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.

Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters

02/28/2018
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.

Virtual Private Networks: Why Their Days Are Numbered

02/28/2018
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.

Nation-State Hackers Adopt Russian 'Maskirovka' Strategy

02/27/2018
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.

Memcached Servers Being Exploited in Huge DDoS Attacks

02/27/2018
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.

NSA's Rogers: No White House Request for Action Against Russian Hacking

02/27/2018
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.

SAML Flaw Lets Hackers Assume Users' Identities

02/27/2018
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.

Security Starts with the User Experience

02/27/2018
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.

Incident 'Management': What IT Security Can Learn from Public Safety

02/27/2018
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.