Dark Reading

GandCrab Ransomware Goes 'Agile'

03/21/2018
GandCrab ransomware's developers have iterated the code rapidly, researchers found.

Gartner Expects 2018 IoT Security Spending to Reach $1.5 Billion

03/21/2018
Regulations, breach concerns will push spending to over $3 billion by 2021, analyst firm says.

SOC in Translation: 4 Common Phrases & Why They Raise Flags

03/21/2018
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.

DHS Chief: Election Security Now Top Priority Among Critical Systems

03/21/2018
Homeland Security Secretary Kirstjen Nielsen told Congress today that her department is working to assist states with their election systems' security.

Puerto Rico's Electric Utility Hacked in Weekend Attack

03/21/2018
Service was disrupted but no customer records compromised, officials said.

How Serverless Computing Reshapes Security

03/21/2018
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.

Online Sandboxing: A Stash for Exfiltrated Data?

03/21/2018
SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.

Cybersecurity Spring Cleaning: 3 Must-Dos for 2018

03/21/2018
Why 'Spectre' and 'Meltdown,' GDPR, and the Internet of Things are three areas security teams should declutter and prioritize in the coming months.

A Look at Cybercrime's Banal Nature

03/20/2018
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.

Azure Guest Agent Design Enables Plaintext Password Theft

03/20/2018
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.

Critical Infrastructure: Stop Whistling Past the Cyber Graveyard

03/20/2018
An open letter to former colleagues in Homeland Security, peers in private sector cybersecurity firms, those who own and operate critical systems, academics, and politicians.

Hackers Steal Payment Card Data on 880K from Expedia Orbitz

03/20/2018
Expedia announces a breach exposing 880,000 customer records to the world.

Facebook CISO Stamos to Depart from the Social Media Firm: Report

03/20/2018
Stamos will remain in his position through August, according to a report in The New York Times.

The Case for Integrating Physical Security & Cybersecurity

03/20/2018
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.

7 Spectre/Meltdown Symptoms That Might Be Under Your Radar

03/20/2018
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.

AMD Processor Flaws Real, But Limited

03/19/2018
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.

New Method Proposed for Secure Government Access to Encrypted Data

03/19/2018
'Crumple Zones' in crypto mechanisms can make it possible - but astronomically expensive - to access encrypted data, say researchers from Boston University and Portland State University.

Russian APT Compromised Cisco Router in Energy Sector Attacks

03/19/2018
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.

Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens

03/19/2018
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.

Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws

03/19/2018
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.