Content posted in June 2018
Mobile Malware Group Hits Google Play a Third Time
Jeffrey Burt  
6/29/2018   17 comments
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
Larry Loeb  
6/29/2018   13 comments
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Jeffrey Burt  
6/28/2018   19 comments
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  
6/27/2018   8 comments
After 20 years, the Wi-Fi Alliance has released a new WiFi standard – WPA3 – which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Jeffrey Burt  
6/26/2018   11 comments
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Cloud-Based Identity Management Systems: What to Look For
Alan Zeichick  
6/26/2018   Post a comment
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  
6/25/2018   7 comments
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  
6/25/2018   1 comment
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  
6/22/2018   20 comments
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  
6/21/2018   5 comments
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Olympic Destroyer Returns With Attacks in Europe
Jeffrey Burt  
6/20/2018   2 comments
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
Betabot Trojan Reborn in New Sophisticated Form
Larry Loeb  
6/20/2018   Post a comment
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  
6/18/2018   1 comment
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  
6/18/2018   4 comments
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  
6/15/2018   7 comments
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Cisco: Companies More Proactive About Cybersecurity
Jeffrey Burt  
6/14/2018   1 comment
The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.
IPS: A Key Network Protection in an Age of Increasing Threats
Simon Marshall  
6/14/2018   Post a comment
Intrusion prevent systems or IPS have had a checkered history in the enterprise, but increases in malicious activity across business networks have shown the technology can make a big security difference.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
Larry Loeb  
6/13/2018   7 comments
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
Talos: VPNFilter Malware Still Stands at the Ready
Jeffrey Burt  
6/12/2018   1 comment
Rebooting routers and the FBI's takeover of the C&C server may have mothballed the threat that infected more than 500,000 routers, but attackers could get it going again, Talos's Craig Williams said at Cisco Live in Orlando.
ISF: Balance Is Key to Mobile Security
Jeffrey Burt  
6/11/2018   2 comments
As the workforce becomes more mobile, companies can't lock everything down but also can't risk leaving their mobile environments wide open, Information Security Forum finds.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Larry Loeb  
6/11/2018   2 comments
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
Operation Prowli Infects 40,000 Systems for Cryptomining
Jeffrey Burt  
6/8/2018   9 comments
GuardiCore researchers uncover a campaign that has comprised vulnerable servers at more than 9,000 companies worldwide for cryptojacking and traffic manipulation purposes.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
Larry Loeb  
6/8/2018   7 comments
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Microsoft's GitHub Deal: Following Developers & Security Into the Cloud
Larry Loeb  
6/6/2018   4 comments
Microsoft's $7.5 billion deal for GitHub this week means different things to different people, but for Redmond, it's all about developers, cloud and securing all that data. And that's not a bad thing.
Trojan Campaign Uses US & North Korea Summit to Lure Victims
Jeffrey Burt  
6/5/2018   1 comment
The hackers behind the NavRAT malware are targeting South Koreans with a spear-phishing effort that refers to the upcoming meeting between the US and North Korean leaders, Talso says.
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Joe Stanganelli  
6/4/2018   2 comments
Enterprise IT networks represent an encrypted two-way street; just as encryption is a critical defensive measure, network attackers are increasingly relying upon encrypting the malicious network traffic that they send out so as to mask their do-baddery.
RIG Exploit Finds New Home in Cryptomining
Larry Loeb  
6/4/2018   2 comments
The RIG exploit kit has found a new, more lucrative home in cryptomining.
BackSwap Banking Trojan Shows How Malware Evolves
Larry Loeb  
6/1/2018   4 comments
The newly discovered BackSwap baking Trojan is designed to avoid the security protections that vendors and businesses have created to stop these types of malware attacks.
Vulnerability Remediation: Best Practice or Best Guess?
Simon Marshall  
6/1/2018   2 comments
A new study from Kenna Security and the Cyentia Institute finds that even the most well-thought-out vulnerability remediation strategy is no better than a good guess. However, machine learning could lead to better results.

Latest Articles
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2020 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with