Content posted in May 2018
Hands-Off Security: Automating & Virtualizing the Enterprise Network
Joe Stanganelli  
5/31/2018   8 comments
A series of recent tech events demonstrate that enterprises are increasingly using virtualized automation to improve their network-security posture – but perhaps no tool is perfect.
FBI & DHS Warn About 2 North Korea Malware Threats
Jeffrey Burt  
5/31/2018   4 comments
The FBI and Department of Homeland Security are warning about North Korea's Hidden Cobra group, which is suspected of being behind the Joanap and Brambul threats that have targeted multiple countries for almost a decade.
Public Cloud, Part of the Network or Not, Remains a Security Concern
Alan Zeichick  
5/30/2018   27 comments
Security in the public cloud is like asking who is responsible for securing your rented apartment – you or the building owner?
Researchers Bypass AMD's SEV Hypervisor & Cause More Chip Concerns
Larry Loeb  
5/30/2018   3 comments
Intel is not the only chip maker being tested these days. A group of German researchers have found a way around AMD's SEV hypervisor, leaving these processors open to attack.
Z-Shave Attack Shows Why IoT Security Need More Attention
Larry Loeb  
5/29/2018   6 comments
Pen Test Partners have discovered a new IoT vulnerability that researchers call Z-Shave. This shows why manufactures need to think much harder about building security into connected devices.
IoT Security Concerns Include Pet Trackers, Kaspersky Finds
Jeffrey Burt  
5/24/2018   20 comments
Kaspersky Lab researchers found BLE and weaknesses in the Android apps running on pet trackers can enable attackers to access user data from the IoT devices.
GDPR Should Change Your Thinking About Network Firewalls
Alan Zeichick  
5/24/2018   8 comments
Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.
FBI Knocks Out VPNFilter Malware That Infected 500K Routers
Larry Loeb  
5/24/2018   3 comments
The VPNFilter botnet malware spread to 500,000 globally before the FBI knocked it out late in the day on May 23. However, it's another skirmish in the cyberfight between Russia and Ukraine.
Spectre Number 4 Disclosure Raises Fresh Hardware Alarms
Larry Loeb  
5/23/2018   5 comments
The latest side-channel vulnerability, dubbed Spectre Number 4, is raising new alarms about widespread issues in chips, beyond x86. However, this time, Intel is trying a different approach.
Roaming Mantis Android Malware Expands Its Reach to iOS, Cryptomining
Jeffrey Burt  
5/22/2018   5 comments
The rapidly evolving campaign that is Roaming Mantis now includes iOS devices, expansion into new regions around the world, additional cryptomining capabilities and it is becoming even more evasive.
Satori Botnet Plays Hidden Role in Cryptomining Scheme, Researchers Find
Larry Loeb  
5/21/2018   2 comments
Several different researchers have found that recent attempts on TCP port 3333 is the work of a cryptomining scheme where the Satori botnet is playing a hidden part.
Check Point: Cryptomining Malware Targeting Vulnerable Servers
Jeffrey Burt  
5/21/2018   1 comment
As the incidence of ransomware wanes, attackers are shifting to cryptocurrency mining malware as a less noisy, more lucrative alternative, according to a new Check Point study.
Throwhammer & Nethhammer Show How Chips Are Vulnerable to Bit Flips
Larry Loeb  
5/18/2018   4 comments
In a pair of papers released over the last week, researchers have shown how two different types of attacks, Throwhammer and Nethhammer, can cause a bit flip in chips by sending packets across a standard network.
WannaCry: How the Notorious Worm Changed Ransomware
Jeffrey Burt  
5/17/2018   6 comments
This week marked the one-year anniversary of the WannaCry ransomware attacks and its impact can still be seen in the form of such encrypting malware as NotPetya, BadRabbit and Olympic Destroyer.
Relax: PGP Is Still Secure
Larry Loeb  
5/16/2018   3 comments
Talk about overreacting. After researchers claimed to have found some flaws in PGP, the industry lost its collective mind. Here's what is really happening.
Next-Generation Firewalls: Poorly Named but Essential to the Enterprise Network
Alan Zeichick  
5/16/2018   1 comment
They may be stupidly named but they are essential for protecting enterprise assets that span on-premises servers, IaaS and PaaS clouds, as well as virtual machines.
UNC Researchers Pitch Framework to Fight Password Reuse
Jeffrey Burt  
5/15/2018   2 comments
The proposal from two security researchers at the University of North Carolina would entail creating a protocol that would enable websites and service providers to block attempts by individuals trying to use the same password for multiple sites.
Radware: Nigelthorn Malware Hiding in Google Chrome Extensions
Larry Loeb  
5/14/2018   3 comments
A new type of malware called Nigelthorn is hiding in Google Chrome extensions and hijacking victims as part of an elaborate cryptomining scheme, Radware reports.
ZooPark Malware Targets Android Users in Middle East, Kaspersky Finds
Jeffrey Burt  
5/11/2018   2 comments
The ZooPark malware that has infected Android phones has evolved rapidly over the past three years and can now steal data ranging from browser histories to photos, videos and keylogs as well as information from external apps.
Microsoft's JavaScript Update for Excel Is a Gift to Cryptominers
Larry Loeb  
5/11/2018   3 comments
At Build 2018, Microsoft revealed a new JavaScript features that is supposed to add new functionality into Excel. However, it's also a gift for those who want to indulge in cryptomining schemes.
Cisco: As Business Users Go Mobile, So Do Attackers
Jeffrey Burt  
5/10/2018   1 comment
Cisco monitored the wireless traffic at the MWC show in February and found more than 32,000 security events and high use of encryption, though some applications used outdated protocols.
Phishers Are Finding Ways Around Office 365's ATP Feature
Larry Loeb  
5/9/2018   8 comments
Security researchers at Avanan have seen phishers using a new method to circumvent Microsoft Office 365's ATP technology, which is allowing them to send malicious emails.
China's Cyberspies Are Changing Tactics, Techniques & Targets
Larry Loeb  
5/7/2018   6 comments
A new report from 401TRG about the Winnti Umbrella group finds that cyberspies in China are changing their techniques as they zero in on new targets.
Endpoint Security: A Never-Ending Battle to Keep Up
Simon Marshall  
5/7/2018   1 comment
Endpoint security has evolved over the last several years as the BYOD trend has slowed, but enterprises are still uploading more data to the cloud, which is accessible on more devices. Even the notion of what an endpoint is has changed. What can enterprise security do?
ICS Network Managers: Time for a Wake-Up Call
Larry Loeb  
5/4/2018   Post a comment
A report from Positive Technologies shows that despite the best efforts to wall and secure Industrial Control Systems from the wider Internet, attackers are still able to target and exploit this equipment.
Microsoft's 4-Step Plan for Eliminating Passwords
Jeffrey Burt  
5/3/2018   1 comment
Microsoft is on a campaign to replace passwords with other authentication methods and it points to its Windows Hello and Authenticator app as examples of viable alternatives.
Microsoft's TCPS Project Looks to Secure IIoT & ICS
Larry Loeb  
5/2/2018   5 comments
As industrial systems continue to grow and ICS and IIoT get more connected, Microsoft is looking for a new way to lock down data within these systems. At a recent show, Redmond detailed TCPS, which offers new ways to protect data through the cloud.
AI: Not the Cure-All for IT Security Skill Shortage
Jeffrey Burt  
5/1/2018   3 comments
A new report by DomainTools and the Ponemon Institute finds that while automation will replace low-level security tasks, it will only increase the demand for highly skilled pros.

Latest Articles
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with