Sign up for our weekly newsletter!
REGISTER NOW
Blogs
Latest Content
Page 1 / 2   >   >>
Unpatched MikroTik Routers Vulnerable to Cryptomining Malware
Larry Loeb  
10/22/2018   Post a comment
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
MIT Researchers Have a DAWG in the Fight Against Spectre & Meltdown
Larry Loeb  
10/19/2018   2 comments
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
McAfee: Seasalt Malware Raises Its Head Again
Jeffrey Burt  
10/19/2018   Post a comment
Code from the Seasalt malware that was last seen in 2010 has been found in new campaigns in North Korea and North America, according to McAfee.
Your People Can't Secure Your Network? Try Tier 0 Automation
Alan Zeichick  
10/18/2018   Post a comment
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
Why Killing Off TLS 1.0 & 1.1 Is a Good Thing
Larry Loeb  
10/17/2018   1 comment
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
Living With Compromised Technology Supply Chains in a Post-Supermicro World
Joe Stanganelli  
10/15/2018   1 comment
In the wake of Bloomberg's jarring exposé on tainted motherboards from mega-manufacturer Supermicro, practical questions remain for enterprise organizations on how they can cope with the scary prospect of compromised hardware.
Gallmaker Attackers Living Off the Land, Symantec Finds
Jeffrey Burt  
10/15/2018   Post a comment
Gallmaker, a new state-sponsored threat group, eschews custom malware for legitimate hacking tools and techniques to run under the radar while attacking government and military organizations in eastern Europe and the Middle East, according to recent research from Symantec.
Intel's 9th Gen Processors Offer Protections Against Spectre & Meltdown
Larry Loeb  
10/12/2018   10 comments
While talking up its 9th Gen processors this week, Intel offer some subtle hints about plans to protect its CPUs against the Spectre and Meltdown vulnerabilities that have plague x86 processors.
DHS Raps Juniper Over the Knuckles for 40 Junos OS Vulnerabilities
Larry Loeb  
10/12/2018   3 comments
The Department of Homeland Security felt it necessary to take Juniper Networks to the woodshed for 40 vulnerabilities, many critical, that affected the company's Junos OS.
Gemalto: 4.5B Records Breached in First Half of 2018
Larry Loeb  
10/10/2018   1 comment
Gemalto's Breach Level Index showed a staggering 133% increase in data breaches between the first half of 2017 and the first six months of this year. However, most of this malicious activity is attributable to two incidents – one involving Facebook.
Rotten Fruit: 4 Insider Threats to Watch Out For
Alan Zeichick  
10/8/2018   2 comments
When it comes to insider threats, it's best not to trust anyone. However, different employees pose different types of threats to the network. Here are the four types of 'rotten fruit' to look out for in your business.
DanaBot Banking Trojan Is Now Finding Its Way to the US
Jeffrey Burt  
10/8/2018   Post a comment
The DanaBot Trojan first targeting organizations in Australia earlier this year has expanded into Europe and now is aiming at US, according to Proofpoint.
US Voting Machines Riddled With Vulnerabilities & Security Flaws
Larry Loeb  
10/5/2018   7 comments
The highly anticipated report form the DEF CON Voting Machine Hacking Village finds that any number of voting machines used in US elections are vulnerable to any number of attacks or hacks.
Microsoft Is Waking Up to 'Fileless' Malware Threats
Larry Loeb  
10/3/2018   Post a comment
It took a while, but Microsoft's security engineers are starting to address concerns about 'fileless' malware. Redmond is looking to build additional defenses into Windows Defender ATP.
Torii Is a New Evolution in Botnet Malware
Larry Loeb  
10/1/2018   Post a comment
Move over Mirai. A Bulgarian security researcher and Avast have found a new botnet dubbed Torii, which can bring these types of attacks to a new level.
USB Devices Still a Threat to Businesses, Kaspersky Finds
Jeffrey Burt  
10/1/2018   Post a comment
The use of removable storage media to deliver malware is declining, but threat actors are putting coin miners into USB devices and targeting emerging areas, a new study by Kaspersky finds.
Magecart Group Likely Behind Increase in Formjacking Attacks
Larry Loeb  
9/28/2018   4 comments
A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.
Verizon Study Finds PCI DSS Compliance Falls Worldwide
Jeffrey Burt  
9/27/2018   8 comments
Verizon's report says that fewer businesses are complying with the PCI DSS payment standard despite the rising threat of security breaches and consumer data theft.
Adwind RAT Squeaks Past Linux, Windows, macOS Defenses
Larry Loeb  
9/26/2018   6 comments
A newer version of the Adwind 3.0 Trojan can elude the AV defenses of Linux, Windows and macOS systems, according to Talos and ReversingLabs.
iOS 12: How Apple Keeps Getting Mobile Security Wrong
Joe Stanganelli  
9/25/2018   Post a comment
Are iOS updates for suckers? Apple's iOS 12 may represent the latest in a series of flawed releases that could compound user mistrust – further training the company's users to delay updates and patches.
Malicious Bot-Enabled, Credential-Stuffing Jamming Networks
Larry Loeb  
9/24/2018   2 comments
A research report from Akamai finds the number of bot-enabled, credential-stuffing incidents has spiked in recent months, jamming networks with malicious traffic.
Cloudflare Looks to Take the Pain Out of DNSSEC Protocol Adoption
Larry Loeb  
9/21/2018   Post a comment
Uptake of the newer DNSSEC protocol has been slow, but a new tool from Cloudflare looks to make it easier to ensure secure websites and more control over DNS.
Xbash Malware: Dangerous Mix of Threats
Jeffrey Burt  
9/21/2018   Post a comment
The Xbash malware includes ransomware and cryptomining functions as well as botnet and self-propagation capabilities and will delete Linux databases.
Ransomware Developers Embrace Politics, Targeting Obama, Trump & Merkel
Jeffrey Burt  
9/20/2018   1 comment
Recent malware campaigns have used names such as Barak Obama, Angela Merkel and Donald Trump to entice unsuspecting users to download the ransomware, McAfee researchers have found.
Data Breach Can Affect Company's Long-Term Stock Price
Larry Loeb  
9/19/2018   6 comments
A recent study by CompariTech finds that data breaches can have some long-term effects when it comes to a company's stock price, but most of the financial damage diminishes over time.
California Looks to Pass Rudimentary IoT Security Legislation
Joe Stanganelli  
9/19/2018   2 comments
A California bill specific to IoT cybersecurity measures sits on Gov. Jerry Brown's desk, ready for him to sign it into law. The wording and limits of the law, however, leaves questions as to just how big an effect it will have.
PyLocky Ransomware Can Get Around Machine Learning Solutions
Jeffrey Burt  
9/18/2018   Post a comment
The PyLocky ransomware, detected by Trend Micro, puts a focus on the ongoing machine learning race between cybersecurity experts and bad actors.
Fuji's Electric V-Server Susceptible to Numerous Vulnerabilities
Larry Loeb  
9/17/2018   5 comments
Another industrial control system is shown to have a series of serious flaws. This time, it's Fuji's Electric V-Server, according to warnings from ICS-CERT.
Why CISOs Need a Seat at the IoT Projects Table
Dawn Kawamoto  
9/17/2018   Post a comment
Only 38% of CISOs and IT security professionals are asked for their input when IoT projects are launched, despite frequent attacks against IoT devices, according to a recent Trend Micro report.
Iran Targeting ISIS Supporters, Kurds With Spyware
Jeffrey Burt  
9/14/2018   Post a comment
Check Point researchers found that victims of Iran's campaign were enticed to download mobile apps that were packed with spyware.
OpenSSL 1.1.1 Released With TLS 1.3 Support
Larry Loeb  
9/14/2018   Post a comment
The 1.1.1 version of OpenSSL, the popular cryptography library for encrypted communications, has been released with support for TLS 1.3, as well as other improvements.
Lock Up Your Laptops: Cold Boot Attacks Are Back
Joe Stanganelli  
9/14/2018   Post a comment
Researchers at F-Secure have developed a workaround to nullify the popular ten-year-old patch that was thought to have solved the problem of cold-boot attacks. Encryption keys and other sensitive data on millions of laptops could be affected.
Cobalt Group Returns With Downloader Malware
Jeffrey Burt  
9/13/2018   Post a comment
Proofpoint found new campaigns by the notorious cybercrime gang using its CobInt modular downloader.
NordVPN & ProtonVPN Offerings Vulnerable to Code Execution Attack
Larry Loeb  
9/12/2018   4 comments
A report from Cisco Talos found that VPNs developed by NordVPN and ProtonVPN were each vulnerable to the same code execution attack.
Will Charges Against WannaCry & Sony Cybercrimes Suspect Temper Future Attacks?
Dawn Kawamoto  
9/11/2018   Post a comment
The Justice Department has charged North Korean national Park Jin Hyok with conspiracy to commit wire fraud and computer-related fraud in several high-profile cases, including the WannaCry ransomware virus attack and Sony Pictures Entertainment hack. Will cases like this temper future cyber attacks?
Cryptominers Rush to Exploit Apache Struts 2 Vulnerability
Larry Loeb  
9/10/2018   2 comments
The Apache Struts 2 vulnerability was revealed about two weeks ago. Now F5 Labs has found that it's being used in a Monero cryptomining exploit.
US Is No. 1 in Malicious Web Addresses
Larry Loeb  
9/7/2018   4 comments
Palo Alto Network's Unit 42 has found that from April to June 2018 the US was numero uno in hosting malicious domains and exploit kits.
Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018
Jeffrey Burt  
9/7/2018   Post a comment
The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.
Attackers Snoop on MikroTik Router Traffic
Larry Loeb  
9/6/2018   3 comments
Researchers at Qihoo 360 Netlab report that unknown attackers have eavesdropped on the traffic of thousands of MikroTik routers.
Leaders & Employees Confess Cybersecurity Mistakes – Switchfast Report
Larry Loeb  
9/5/2018   6 comments
Leaders of small and midsized business are making common cybersecurity goofs and failing to model the right behaviors.
Android Spyware BusyGasper: Small With Unusual Capabilities
Jeffrey Burt  
9/5/2018   4 comments
Kaspersky researchers said the malware is not sophisticated, but it comes packed with a broad array of interesting features and capabilities.
Get Ready for Realistic Attacks on the Internet of Things
Alan Zeichick  
9/4/2018   3 comments
Good news: We haven't seen a widespread action against IoT devices. Bad news: IoT devices are shockingly vulnerable.
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  
8/31/2018   2 comments
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  
8/29/2018   24 comments
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  
8/28/2018   26 comments
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.
Kaspersky: Lazarus Takes Aim at macOS in Cryptocurrency Campaign
Jeffrey Burt  
8/28/2018   4 comments
Kaspersky researchers said users of Apple and Linux systems should see the AppleJesus campaign as a warning not to get lax in their cybersecurity efforts.
Five IoT Endpoint Security Recommendations for the Enterprise
Alan Zeichick  
8/27/2018   9 comments
It's 2:00 a.m. Do you know where your devices are? Find out five IoT security tips to help you sleep at night.
Apache Struts Critical Weakness Found, Patched
Larry Loeb  
8/24/2018   7 comments
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
Vulnerable Web Apps Top Threat to Enterprises
Jeffrey Burt  
8/22/2018   2 comments
A report by Kaspersky researchers found that 73% of successful network perimeter breaches in 2017 were committed via web apps, while inside threats continue to put companies at risk.
Microsoft Yanks Suspected Russian-Intelligence Domains
Larry Loeb  
8/22/2018   8 comments
Microsoft has pulled the plug on domains it suspected as fronts for Russian Intelligence. The company says the targets were US conservative groups.
Page 1 / 2   >   >>




Latest Articles
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
Code from the Seasalt malware that was last seen in 2010 has been found in new campaigns in North Korea and North America, according to McAfee.
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
Flash Poll
Video
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application.
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2018 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with