Blogs
Latest Content
Page 1 / 2   >   >>
Cisco: Privacy Efforts Pay Off Directly
Larry Loeb  
1/31/2020   6 comments
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
All Your Intel L1 Cache Belongs to CacheOut
Larry Loeb  
1/30/2020   1 comment
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
RDG Gets Fooled by UDP
Larry Loeb  
1/28/2020   Post a comment
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
Ransomware Costs More in Q4
Larry Loeb  
1/27/2020   2 comments
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
GE Medical Instrumentation on the Critical List
Larry Loeb  
1/24/2020   3 comments
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
EFS Ransomware Slips by AV Products
Larry Loeb  
1/23/2020   Post a comment
Inside of Windows is a methodology called Encrypting File System. It works on individual files or folders, rather than at the whole disk level like BitLocker does.
Reusing Code? Inspect It First
Larry Loeb  
1/21/2020   Post a comment
Microsoft is doing something concrete about container security with the release of the Microsoft Application Inspector, a cross-platform tool whose primary objective is to identify source code features in a systematic and scalable way.
FireEye Finds Mitigation of CVE-2019-19781 Comes With a Price
Larry Loeb  
1/20/2020   Post a comment
One threat actor is taking advantage of the current problems with Citrix ADC/Netscaler for their own advantage.
German Companies Want Even More Local Clouds
Oliver Schonschek  
1/16/2020   1 comment
The European data infrastructure GAIA-X can help connect thedisparate needs of German firms and create market access for providers from the EU and beyond.
NSA Schools Microsoft About Crypto
Larry Loeb  
1/16/2020   Post a comment
In an unprecedented move, the National Security Agency advised Microsoft about a bug in one of the CryptoAPI libraries used since NT 4.0 days.
Donors to Australia Fire Site Treated as Suckers by Magecart
Larry Loeb  
1/15/2020   2 comments
E-commerce fraud has no morals.
Things Get Intense for Citrix ADC/Gateway
Larry Loeb  
1/14/2020   5 comments
Scans have found that there are almost 10,000 vulnerable Internet-facing hosts in the US, with 2500 in Germany and 2000 in the UK.
Despite Google's Efforts, Bread Isn't Toast
Larry Loeb  
1/13/2020   1 comment
The authors of the Bread malware have proven themselves to be unrelenting in their efforts to avoid being first discovered by and then dumped from Google's Play Store.
Cheap Phone Has Cheap Security
Larry Loeb  
1/9/2020   2 comments
Phone looks a steal a $35 but it comes with free, pre-installed malware!
Cloud Monitoring: The New 'Alert Overload' Problem & How to Fix It
Joe Vadakkan  
1/8/2020   1 comment
While cloud computing offers a variety of proven business benefits, from a security perspective, IT teams are often still wavering in uncharted territory – and cloud monitoring is one such area.
Researcher Proven Right, but It Took 10 Years
Larry Loeb  
1/7/2020   Post a comment
After a decade of trying, security researcher Thierry Zoller has finally seen the generalized vulnerability he found in some AV products patched.
Why Cisco's DCNM Is in a World of Trouble
Larry Loeb  
1/6/2020   Post a comment
Vendor's Data Center Network Manager (DCNM) has racked up three critical authentication bypass vulnerabilities at the top of the list of 12 separate problems that were announced on January 2.
FPGAs Do It Faster Than CPUs
Larry Loeb  
1/3/2020   Post a comment
Researchers' use of a 'Jackhammer' exploit has shown again how one problem can be exploited in many ways, with each iteration of an attack becoming faster and more efficient.
Fortinet Finds Loader Uses Updated Version of Backdoor
Larry Loeb  
1/2/2020   9 comments
Security firm Fortinet has found traces of how the financially motivated FIN7 group manages to keep on delivering the Carbanak backdoor malware.
Mac Malware Breaks Into Top 5 Threats of 2019 – Malwarebytes Labs
Larry Loeb  
12/30/2019   Post a comment
Of the top 25 detections across all platforms, six were Mac threats, the researchers discovered.
New Botnet Uses DHT as Its Foundation
Larry Loeb  
12/24/2019   1 comment
Security researchers at 360 Netlab have been watching a new botnet they call Mozi for the last four months. It's a new P2P botnet with implementation that is based on the Distributed Hash Table protocol.
5G Security Rests on an Unstable Base
Larry Loeb  
12/23/2019   2 comments
Positive Technologies has issued a report on the emerging security problems of 5G signaling networks.
Crystal Ball: The Top 3 Global Cybersecurity Threats for 2020
Steve Durbin  
12/23/2019   2 comments
In the year ahead, organizations of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high-impact cybersecurity events.
Happier Holidays as Ad Threat Declines
Larry Loeb  
12/20/2019   1 comment
DEVCON report finds that the number of ad-threat JavaScript attacks in the US diminished year-over-year, but what attacks there were increased in sophistication.
RST Gets Fixed
Larry Loeb  
12/18/2019   Post a comment
Peleg Hadar of SaveBreach Labs has posted about the vulnerability he found in Intel's Rapid Storage Technology Service.
TrickBot Drops an Anchor
Larry Loeb  
12/17/2019   Post a comment
New threat has been used in campaigns against financial, manufacturing, and retail businesses across the US and Europe.
With Plundervolt, an Intel Processor's Secure Enclave Is No Longer Secure
Larry Loeb  
12/16/2019   Post a comment
Major hardware vulnerability can allow the changing of information that is supposedly stored as secure in the chip’s Secure Enclave.
Hardware Is the New Attack Surface – Forrester
Larry Loeb  
12/12/2019   Post a comment
Attackers have already begun to breach security at the BIOS level, according to a new report on BIOS security from Forrester Consulting.
Snatch Is Both Novel & Evil
Larry Loeb  
12/11/2019   Post a comment
The Sophos Managed Threat Response team found out that, where the Snatch ransomware is concerned, things just more ugly.
FBI's Portland Office Spies IoT Education Opportunity
Larry Loeb  
12/10/2019   1 comment
The Federal Bureau of Investigation's office in Portland, Ore., uses 'Tech Tuesday' to offer IoT security advice.
CISA Alerts the Financial Sector About Dridex
Larry Loeb  
12/9/2019   1 comment
One of the most prevalent threats to the financial sector, the Dridex Trojan, was the subject of a recent alert.
Zero-Day Vulnerabilities Discovered in Enterprise-Grade VPN
Larry Loeb  
12/6/2019   Post a comment
Aviatrix, an enterprise VPN company with customers that include NASA, Shell and BT, has recently dealt with a vulnerability that was uncovered by Immersive Labs researcher and content engineer Alex Seymour.
Europe Starts to Build Its Own Secure Cloud
Oliver Schonschek  
12/5/2019   Post a comment
The German Federal Government wants to join forces with other European partners to create a secure cloud for Europe called GAIA-X.
Azure OAuth 2.0 Vulnerability Grabs Tokens
Larry Loeb  
12/5/2019   1 comment
Security firm CyberArk is now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services.
Spear Phishing: Don't Rise to the Bait, Says Microsoft
Larry Loeb  
12/4/2019   2 comments
Be alert, be aware, and be careful about what you reveal of your company's internal processes on social media.
ATP Rises to the Polymorphic Malware Challenge
Larry Loeb  
12/3/2019   Post a comment
The Microsoft Defender ATP Research Team has begun to discuss a polymorphic threat, Dexphot, that it has been tracking for over a year.
The Top 25 Most Dangerous Software Errors
Larry Loeb  
11/29/2019   1 comment
'Improper Restriction of Operations within the Bounds of a Memory Buffer' tops this year's list.
Solr Search Tool Can Allow Remote Code Execution (RCE) by Default
Larry Loeb  
11/28/2019   1 comment
A security vulnerability affecting the Linux enterprise search tool Apache Solr has been reclassified by Tenable as 'high severity status.'
False Training Information Can Dupe Machine Learning Models
Larry Loeb  
11/27/2019   1 comment
Researchers from Boston University have shown how really small amounts of disinformation can taint the learning process used by many AI programs.
Dangerous 'RIPlace' Exploit Able to Bypass AV & EDR Protections
Larry Loeb  
11/26/2019   Post a comment
Researchers discover way that ransomware can bypass the protections which operating system vendors have built into their products.
DePriMon: A New & Unique Way to Download Malware
Larry Loeb  
11/25/2019   Post a comment
ESET calls it 'a powerful, flexible and persistent tool.'
Artisans & Commercials Gang Up on Third Parties
Larry Loeb  
11/22/2019   Post a comment
Cybersecurity and intelligence firm AdvIntel has reported about a trend it has seen happening in the ransomware arena.
Phoenix Keylogger Rises & Steals Information
Larry Loeb  
11/21/2019   Post a comment
Keylogger first emerged in July 2019, and is packed with myriad information-stealing features.
MSFT Jumps on DoH
Larry Loeb  
11/20/2019   Post a comment
Microsoft has announced that an upcoming version of Windows 10 will have support for DNS over HTTPS.
Security & the Internet of Things: What You Need to Know
Steve Durbin  
11/19/2019   1 comment
The Internet of Things (IoT) has burst into the connected world and promises much: from enabling the digital organization, to making domestic life richer and easier. However, with those promises come inevitable risks: the rush to adoption has highlighted serious deficiencies in both the security design of IoT devices and their implementation.
Iran Rustles Up Its Own VPN to Hide Itself
Larry Loeb  
11/18/2019   Post a comment
Trend Micro has found recent traces of APT33 operations, with about a dozen Command and Control servers being used for extremely narrow targeting.
Problems With EU Payment Security Persist
Oliver Schonschek  
11/14/2019   Post a comment
Proposed new security procedures within the EU have troubled some payment service providers, leading to the postponement of their implementation.
Keeping It Real Can Pay Off for Old-School Attacks
Larry Loeb  
11/14/2019   2 comments
Even a previously known attack can fool the security team if it is well crafted.
How PureLocker Ransomware Bypasses AV Checks
Larry Loeb  
11/13/2019   Post a comment
Intezer and IBM X-Force have found a new ransomware targeted at production servers. And it's sneaky...
TCP DDoS Reflection Attacks on the Rise
Larry Loeb  
11/12/2019   Post a comment
Radware report picks up on a change in attacker strategy.
Page 1 / 2   >   >>




Latest Articles
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with