Content posted in April 2018
Rubella Macro Builder Crimeware Kit Price Drops to $40
Larry Loeb  
4/30/2018   3 comments
Crime might not pay, but it also doesn't have to be expensive to try. Flashpoint researchers have found that the monthly fee for the Rubella Macro Builder crimeware kit dropped to $40 on the underground market.
Researchers Detail Self-Learning System That Secures IoT Devices
Larry Loeb  
4/27/2018   13 comments
Researchers from several universities have published a new paper describing what they believe is a better way to protect and secure IoT devices and sensors.
Orangeworm Malware Burrows Into Healthcare Industry
Jeffrey Burt  
4/26/2018   4 comments
A group of cybercriminals, known collectively as Orangeworm, are using their own malware and a custom backdoor called Kwampirs in highly targeted attacks against healthcare organizations, according to Symantec.
Microsoft: Tech Support Scams on the Rise
Larry Loeb  
4/25/2018   14 comments
A recent report from Microsoft shows that the number of scams using tech support as a cover is on the increase. However, many times it's up to consumers and companies to protect themselves.
5 New Network Attack Techniques That Will Keep You Awake at Night
Alan Zeichick  
4/25/2018   2 comments
You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.
Smartphones Remain the Most Vulnerable of Endpoints
Simon Marshall  
4/24/2018   4 comments
The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.
Cybercrime: More Like Facebook's Model Than Traditional Criminal Enterprise
Larry Loeb  
4/23/2018   7 comments
As the global economy has changed, so has cybercrime, which resembles something much closer to how Facebook works than a traditional criminal enterprise, according to a new report.
It's the People: 5 Reasons Why SOC Can't Scale
Alan Zeichick  
4/23/2018   5 comments
There are always more security alerts and threats to respond, but the answer isn't to simply throw more money at the SOC to hire additional Tier 1 and Tier 2 security analysts.
Login With Facebook & Watch Your Personal Data Leak
Larry Loeb  
4/20/2018   4 comments
A common feature on many popular websites allows users to login with their Facebook profile. However, a trio of Princeton researchers show that this feature allows personal information to leak and be collected.
Cyber Attacks Have Doubled, but Security Is Getting Better at Blocking Them
Jeffrey Burt  
4/20/2018   1 comment
In a survey, Accenture said the number of targeted attacks like ransomware and DDoS are growing, but organizations are getting better and faster at detecting them.
Microsoft Security Is Channeling the Terminator
Alan Zeichick  
4/19/2018   4 comments
In its own way of channeling the Terminator and Skynet, Microsoft is looking to add more layers of artificial intelligence into its Windows Defender ATP to further reduce remediation and increase automation of security.
In Wake of Spectre & Meltdown, Intel Shifts Memory Scanning to GPU
Jeffrey Burt  
4/19/2018   3 comments
At the RSA Conference this week, Intel introduced several silicon-level security technologies, including moving memory scanning from the CPU to the GPU, as part of its larger 'security-first' strategy following the Spectre and Meltdown issues.
Alert Warns Russian Actors Are Targeted Unsecured Network Devices
Larry Loeb  
4/18/2018   Post a comment
A join statement from UK and US law enforcement and security agencies are warning that Russian actors are targeting older and unpatched network infrastructure as part of an ongoing cyberespionage campaign.
Endpoint Security: 3 Big Obstacles to Overcome
Joe Stanganelli  
4/17/2018   Post a comment
Two recent reports highlight three major challenges in enterprise endpoint security.
Ransomware: Still a Security Threat & Still Evolving
Jeffrey Burt  
4/17/2018   5 comments
While ransomware may have faded from the headlines a bit during the first four months of 2018, a bevy of reports from Verizon, Symantec and Webroot find that not only does it remain a top security threat, but it continues to evolve as well.
'PowerHammer' Exploit Can Steal Computer Data Across Electrical Lines
Larry Loeb  
4/16/2018   10 comments
Researchers at Ben-Gurion University have created a new exploit called 'PowerHammer' that can steal data from PCs and other systems through electrical lines.
Data Breach Increase Shows Endpoints Are Under Attack
Joe Stanganelli  
4/16/2018   5 comments
The stats and factoids from the latest edition of Verizon's annual Data Breach Investigation Report make clear enterprise endpoints have been far too vulnerable and that explains why data breaches are on the rise.
Misconfigured Routers Could Be Used for Botnets, Espionage
Larry Loeb  
4/13/2018   1 comment
A recent white paper released by Akamai finds that thousands of misconfigured routers using older UPnP protocols could be turned into malicious botnets or used for espionage.
Beyond Bitcoin: How Blockchain Can Benefit IoT Security
Jeffrey Burt  
4/13/2018   7 comments
As the market for the Internet of Things grows, security concerns are increasing. However, a new study shows that blockchain technology can go beyond protecting cryptocurrency to help lock down IoT devices and sensors better than other methods.
Billions of Business Files & Data Are Exposed Online to Anyone
Simon Marshall  
4/12/2018   Post a comment
A report from Digital Shadows finds that more than a billion files, including sensitive data and intellectual property, are exposed to the greater Internet. Much of this is due to antiquated technology.
Bastille's ATI System Warning Raises Its Own Alarm
Larry Loeb  
4/11/2018   5 comments
Bastille Networks made a splash by notifying ATI Systems that its warning systems have a significant vulnerability. However, the timing of the notice leaves a question about motives when public safety is at risk.
IoT Malware-on-the-Fly Expected to Rise
Dawn Kawamoto  
4/11/2018   2 comments
Researchers discover a new Mirai-variant IoT botnet that appears linked to IoTroop or Reaper botnet, allowing attackers to easily update malicious code on the fly.
Cisco Warns of Possible Smart Install Client Hacking
Larry Loeb  
4/9/2018   8 comments
Following an alert by US-CERT about possible hacking by foreign governments, Cisco is warning customers about a port vulnerability in the company's legacy Smart Install Client.
Don't Call AWS' CloudFront Hijacking Problem a Vulnerability
Larry Loeb  
4/6/2018   4 comments
Amazon Web Service might be the biggest of the big cloud providers, but it still has some security concerns. A researcher has noticed the company is open to having its CloudFront service hijacked, but Amazon officials won't call it a vulnerability.
Startup PreVeil Challenging Cloud-Based Encryption Standards
Simon Marshall  
4/6/2018   Post a comment
Boston-based PreVeil is looking to change the way data is encrypted in the cloud, and it is butting heads with the bigger cloud storage providers to prove its point.
Massive Data Breaches & Data Leak Hit Retail Industry in 1-2-3 Punch
Dawn Kawamoto  
4/5/2018   3 comments
Panera Bread, Hudson Bay and Under Armour all took it on the chin within the last two weeks, falling prey to a round of cyber attacks that have hit the retail industry hard.
YouTube Shooting Ignites Debate Over Merging Physical & IT Security
Dawn Kawamoto  
4/4/2018   16 comments
A woman shot and wounded three people at YouTube's headquarters on Tuesday, a tragic event that shines a light on the industry's long-running debate over whether physical and IT security departments should be merged under one roof.
Cloudflare vs. Google: Making DNS Protocol Better, More Secure
Larry Loeb  
4/4/2018   4 comments
With the release of 1.1.1, Cloudflare is looking to make the DNS protocol better and more secure, while speeding up the Internet. Is this helping Google or leaving the company behind?
Android Crypto Mining Attacks Go for Monero
Dawn Kawamoto  
4/3/2018   4 comments
Attackers hijacking Android devices to mine for cryptocurrencies are likely looking to score Monero, rather than other virtual currencies such as Bitcoin.
Red Bull Powers Security Strategy With AI, Automation
Simon Marshall  
4/2/2018   4 comments
When it comes to security, Red Bull is looking to close the gap by turning toward newer technologies, including automation, AI and machine learning.
Drupal RCE Vulnerability Requires Immediate Patching
Larry Loeb  
4/2/2018   Post a comment
A remote code execution vulnerability in several versions of Drupal's content management platform requires immediate patching by users. For its part, Drupal is getting out in front of this problem.

Latest Articles
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with