Sign up for our weekly newsletter!
REGISTER NOW
Blogs
Content posted in July 2018
PowerGhost Cryptomining Malware Targets Corporate Networks
Jeffrey Burt  
7/31/2018   1 comment
Kaspersky Lab researchers said the malware uses fileless techniques to make it harder to detect and the Eternal Blue exploit to spread to systems across the networks.
New Spectre-Like Vulnerability Allows for Remote Data Theft
Larry Loeb  
7/30/2018   5 comments
Researchers have found new Spectre-like vulnerability in x86 processors called NetSpectre, which allows attackers to steal data remotely.
Zero Trust Means Never Trust & Always Verify
Alan Zeichick  
7/30/2018   3 comments
Enterprise security teams have actually been practicing zero trust policies for a number of years, but new advances and better tools now make the philosophy easier to implement. Still, it's always best to verify.
Symantec: Leafminer Group Is a Dangerous Group of Amateurs
Larry Loeb  
7/27/2018   12 comments
While the Leafminer group has been causing significant problems in the Middle East for well over a year, Symantec notes that the group is doing so using rather amateurish techniques.
Kronos Returns as Banking Trojan Attacks Ramp Up
Jeffrey Burt  
7/27/2018   1 comment
Proofpoint researchers have seen a new version of the four-year-old Kronos emerge in campaigns in Europe and Japan. The report also finds it may be rebranded as 'Osiris.'
California's CCPA Law: Why CISOs Need to Take Heed
Joe Stanganelli  
7/26/2018   1 comment
The recently enacted California Consumer Privacy Act, while hardly a sweeping reform of the state's privacy laws, changes the playing field for IT risk and liability where California residents' personal information is concerned.
Bluetooth Vulnerability Opens Up Man-in-the-Middle Attacks
Larry Loeb  
7/25/2018   3 comments
With almost certainly hypothetical, this vulnerability in Bluetooth's protocol could result in a man-in-the-middle attack and allow the culprits to steal personal data off a device.
Kaspersky: There's No Such Thing as a Free Gift Card Code
Jeffrey Burt  
7/24/2018   Post a comment
Kaspersky Labs is warning that bad actors are using a scheme offering free gift card codes from Amazon, Google, eBay and others to separate consumers from their personal data and money.
Watch Out: The Dark Web Is Really Watching You
Alan Zeichick  
7/23/2018   8 comments
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
DNS Rebinding Attack Could Affect Half a Billion IoT Devices
Larry Loeb  
7/23/2018   4 comments
From smart speakers to printers to IP-connected video equipment, DNS rebinding attacks are targeting a number of IoT-based devices.
More Data Breaches in Store for US Retail Industry
Larry Loeb  
7/20/2018   13 comments
A report from Thales eSecurity and 451 Research finds that the security systems of US retailers are getting breached more often than their global counterparts. As a result, IT is rethinking its security spending.
Researchers Detail Spoofing Attack Against Vehicle GPS
Larry Loeb  
7/17/2018   3 comments
A new paper shows that with the right amount of hardware and know-how, an attacker can spoof a vehicle's GPS system and change the route.
IDT CIO Faces Down New Crop of Global Threats
Simon Marshall  
7/16/2018   Post a comment
IDT CIO Golan Ben-Oni has faced down two serious cyberattacks in the last year and he expects more are on the way. From selecting vendors to thinking about the cloud, here's how Ben-Oi is rethinking the security landscape.
Broadcom's Deal for CA Puts Big Iron in the Spotlight
Larry Loeb  
7/16/2018   Post a comment
With Broadcom buying CA for $18.9 billion, old-time big iron is suddenly cool again. Here's what it means for security and software development.
Attackers Increasingly Turning Attention to the Cloud
Jeffrey Burt  
7/13/2018   10 comments
In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.
Bug Bounty Programs Paying Off for Enterprises
Larry Loeb  
7/13/2018   3 comments
The number of bug bounty programs continues to grow, and enterprise security is better for it. A new report urges more businesses to embrace and not squash these initiatives.
IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M
Jeffrey Burt  
7/12/2018   1 comment
For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.
Kaspersky: Asia the Focus of APT Operations in Q2
Jeffrey Burt  
7/12/2018   Post a comment
In their second quarter report, Kaspersky researchers also noted the return of various well-known bad actors and the threats facing networking hardware devices.
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
Larry Loeb  
7/11/2018   4 comments
By targeting third-party vendors that Ticketmaster uses to help process payment, the Magecart group appears to be expanding the scope of its cybercrimes, according to RiskIQ.
HNS IoT Botnet Evolves, Goes Cross-Platform
Jeffrey Burt  
7/10/2018   2 comments
The Hide 'N Seek malware had previously targeted devices such as home routers and DVRs, but now the botnet is including Apache CouchDB and OrientDB in its expanding list of targets.
Cisco: GDPR Is About More Than Compliance
Jeffrey Burt  
7/10/2018   Post a comment
Cisco's top privacy official says that the EU's new privacy regulations – GDPR – gives forward-thinking companies an opportunity to excel by building new data management and privacy models.
Attackers Combining Smoke Loader & PROPagate in New Campaign
Larry Loeb  
7/9/2018   Post a comment
Cisco Talos researchers have found that attackers have started to combine Smoke Loader and the PROPagate injection in a new campaign delivered through phony Word documents.
Google, Firefox Pull Stylish After Report Shows How Data Is Collected
Larry Loeb  
7/6/2018   23 comments
A security researcher showed how the Stylish browser extension sent personal data and search results back to the parent company, and this forced Mozilla and Google to yank it off their stores.
How Quantum Physics Will Protect Against Quantum-Busting Encryption
Jeffrey Burt  
7/5/2018   2 comments
The CEO of the startup Quantum Xchange envisions a nationwide dark fiber quantum network that protects encrypted data in transit with an on-demand Quantum Key Distribution service.
How the Cloud Is Changing the Identity & Access Management Game
Simon Marshall  
7/5/2018   Post a comment
Fresh off a $17.5M funding round, startup Preempt is one of several companies that is looking to change the identity and access management game as the enterprise shifts to the cloud.
Researchers Show How Attackers Can Crack LTE Data Link Layer
Larry Loeb  
7/4/2018   4 comments
In a paper, researchers show how an attacker with the right equipment can crack the data link layer of an LTE network. It's mostly theoretical, but it shows why upcoming 5G security standards need to be tougher.
Cybercriminals Start Looking Beyond the Dark Web
Simon Marshall  
7/3/2018   2 comments
For years, the Dark Web was seen as a safe haven for cybercrime. Now, a new report finds that cybercriminals are turning toward newer technologies, such as Blockchain DNS, to shield their activities.
Seamless Cloud Security Depends on Encryption Done Right
Joe Stanganelli  
7/2/2018   3 comments
As the enterprise shift to the cloud, there's a debate about what's best for securing data as it moves from one platform to another. A Boston startup is looking to encrypt data in motion and at rest, and this could be the next big trend.




Latest Articles
But to prepare for something usually means you have an idea about what you are preparing for, no?
An emerging and increasingly sophisticated threat campaign is employing obscure file formats.
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
An IoT device carries with it the implicit threat of being used for nefarious purposes if it has not been created with security foremost in mind.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with