Sign up for our weekly newsletter!
Most Commented Content posted in June 2018
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  
6/22/2018   20 comments
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Jeffrey Burt  
6/28/2018   19 comments
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
Mobile Malware Group Hits Google Play a Third Time
Jeffrey Burt  
6/29/2018   17 comments
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
Larry Loeb  
6/29/2018   13 comments
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Jeffrey Burt  
6/26/2018   11 comments
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Operation Prowli Infects 40,000 Systems for Cryptomining
Jeffrey Burt  
6/8/2018   9 comments
GuardiCore researchers uncover a campaign that has comprised vulnerable servers at more than 9,000 companies worldwide for cryptojacking and traffic manipulation purposes.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  
6/27/2018   8 comments
After 20 years, the Wi-Fi Alliance has released a new WiFi standard – WPA3 – which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  
6/25/2018   7 comments
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
Larry Loeb  
6/13/2018   7 comments
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  
6/15/2018   7 comments
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
Larry Loeb  
6/8/2018   7 comments
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  
6/21/2018   5 comments
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Microsoft's GitHub Deal: Following Developers & Security Into the Cloud
Larry Loeb  
6/6/2018   4 comments
Microsoft's $7.5 billion deal for GitHub this week means different things to different people, but for Redmond, it's all about developers, cloud and securing all that data. And that's not a bad thing.
BackSwap Banking Trojan Shows How Malware Evolves
Larry Loeb  
6/1/2018   4 comments
The newly discovered BackSwap baking Trojan is designed to avoid the security protections that vendors and businesses have created to stop these types of malware attacks.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  
6/18/2018   4 comments
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
RIG Exploit Finds New Home in Cryptomining
Larry Loeb  
6/4/2018   2 comments
The RIG exploit kit has found a new, more lucrative home in cryptomining.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Larry Loeb  
6/11/2018   2 comments
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
ISF: Balance Is Key to Mobile Security
Jeffrey Burt  
6/11/2018   2 comments
As the workforce becomes more mobile, companies can't lock everything down but also can't risk leaving their mobile environments wide open, Information Security Forum finds.
Vulnerability Remediation: Best Practice or Best Guess?
Simon Marshall  
6/1/2018   2 comments
A new study from Kenna Security and the Cyentia Institute finds that even the most well-thought-out vulnerability remediation strategy is no better than a good guess. However, machine learning could lead to better results.
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Joe Stanganelli  
6/4/2018   2 comments
Enterprise IT networks represent an encrypted two-way street; just as encryption is a critical defensive measure, network attackers are increasingly relying upon encrypting the malicious network traffic that they send out so as to mask their do-baddery.
Olympic Destroyer Returns With Attacks in Europe
Jeffrey Burt  
6/20/2018   2 comments
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  
6/25/2018   1 comment
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  
6/18/2018   1 comment
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Trojan Campaign Uses US & North Korea Summit to Lure Victims
Jeffrey Burt  
6/5/2018   1 comment
The hackers behind the NavRAT malware are targeting South Koreans with a spear-phishing effort that refers to the upcoming meeting between the US and North Korean leaders, Talso says.
Talos: VPNFilter Malware Still Stands at the Ready
Jeffrey Burt  
6/12/2018   1 comment
Rebooting routers and the FBI's takeover of the C&C server may have mothballed the threat that infected more than 500,000 routers, but attackers could get it going again, Talos's Craig Williams said at Cisco Live in Orlando.
Cisco: Companies More Proactive About Cybersecurity
Jeffrey Burt  
6/14/2018   1 comment
The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.

Latest Articles
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with