Sign up for our weekly newsletter!
News & Views
Content posted in October 2018
Page 1 / 2   >   >>
Carbon Black: 20 Voter Databases for Sale on the Dark Web
News Analysis  
10/31/2018   2 comments
On the eve of the 2018 US election, Carbon Black released its quarterly threat report, which found 20 voter databases for sale on the Dark Web, including ones that contain information on voters in Florida, New York, Colorado and Connecticut.
Google's reCAPTCHA Version 3 Offers Better Bot-Fighting Capabilities
Larry Loeb  
10/31/2018   17 comments
Google is rolling out the third version of reCAPTCHA software, which the company claims can better fight spam and bots with less user input.
Satori Botnet Resurfaces & Targets Android Devices
News Analysis  
10/30/2018   2 comments
Despite that fact its author has been sent back to jail, the Satori botnet has recently resurfaced and seems to be targeting Android devices, according to a research note from CenturyLink.
Kaspersky: Most CISOs Say Cyber Attacks Are Inevitable
Jeffrey Burt  
10/30/2018   3 comments
The Kaspersky Lab report says that while the relationship between executives and CISOs is improving, there continues to be a disconnect around such issues as budgets and the risk of threats.
IBM's $34B Bid for Red Hat Will Upend Cloud As We Know It
News Analysis  
10/29/2018   10 comments
Over the weekend, IBM announced that it would acquire Red Hat for $34 billion. The deal will likely upend the cloud computing market for good.
DemonBot Botnet Takes Advantage of Hadoop Flaw to Create DDoS Attacks
Larry Loeb  
10/29/2018   4 comments
Radware has found a new botnet called DemonBot that is taking advantage of a flaw in Hadoop servers to create large-scale DDoS attacks.
Want a Sustainable Security Workforce? Start Getting Innovative
News Analysis  
10/29/2018   11 comments
Security is a never-ending struggle to keep up. Staffing your team is no exception. However, the old method of finding talented InfoSec people are no longer working. It's time to get innovative.
Multiple Phishing Attacks Target Top Universities
News Analysis  
10/26/2018   6 comments
Kaspersky Labs sent out a warning this week that multiple phishing campaigns have targeted more than 100 universities and schools over the past year, including the University of Washington, Cornell University and others.
IoT Device Adoption Hampered by Consumer's Security Concerns
Larry Loeb  
10/26/2018   53 comments
For companies looking to jump on the IoT bandwagon, the adoption of these devices is being slowed by consumers' concerns over safety and security, a new report finds.
Check Point, Fortinet Add Cloud Security Depth With Acquisitions
News Analysis  
10/26/2018   2 comments
This week, Check Point announced a deal to acquire Dome9, and Fortinet is buying ZoneFox. The two agreements look to strengthen the companies' cloud security portfolios.
Trump's Numerous iPhones Creating Security Headache – Report
News Analysis  
10/25/2018   4 comments
The New York Times reports that President Donald Trump uses up to three different iPhones and that his habits have left his calls open to spying from China and Russia.
Managed Security Service Providers: Good Idea, but What's the Catch?
Alan Zeichick  
10/25/2018   22 comments
Managed security service providers are a good idea for businesses struggling with creating their own InfoSec division. However, there are some drawbacks to consider.
Security Researcher Finds Second Zero-Day Exploit in Windows 10
News Analysis  
10/25/2018   1 comment
For the second time, an independent security researcher has found a zero-day exploit in Windows 10 that can also affect some of the newer versions of Window Server.
Apple's Tim Cook: Privacy Is a Fundamental Human Right
News Analysis  
10/25/2018   Post a comment
Apple CEO Tim Cook addressed the ICDPPC conference in Europe this week, offered praise for GDPR and spoke about how consumer privacy is a fundamental human right.
FireEye Links Triton Malware to Russian Research Institute
News Analysis  
10/24/2018   1 comment
Triton appeared in late 2017, designed to target industrial control systems. Now, FireEye has linked the malware to a Russian research facility.
iPhones Increasingly Vulnerable to Coinhive Cryptomining Malware
Jeffrey Burt  
10/24/2018   Post a comment
In their most recent Global Threat Index, Check Point researchers found a 400% increase in Coinhive attacks against iPhones by bad actors using the popular cryptomining malware.
Industrial Systems Suffer From Poor Patching, Bad Password Practices – Study
Larry Loeb  
10/24/2018   Post a comment
Industrial control systems are riddled with outdated software that is in need of patching, while passwords are stored in plain text and endpoints are left open to attack, according to a report from CyberX.
Biometrics: How to Balance Security, Privacy & Data Protection
News Analysis  
10/23/2018   4 comments
Biometrics is a way to strengthen security within the enterprise, while doing away with older methods such as passwords. However, collecting this highly personal data has its own security risk.
Enterprises Face a Large, & Growing, Cybersecurity Skills Gap
News Analysis  
10/23/2018   1 comment
As enterprise cybersecurity becomes complex and businesses scramble to invest more in their defenses, there's a shortage of workers with the right set of skills that businesses need. Is it possible to overcome this particular gap?
Unpatched MikroTik Routers Vulnerable to Cryptomining Malware
Larry Loeb  
10/22/2018   1 comment
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity
News Analysis  
10/22/2018   Post a comment
For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.
MIT Researchers Have a DAWG in the Fight Against Spectre & Meltdown
Larry Loeb  
10/19/2018   7 comments
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
McAfee: Seasalt Malware Raises Its Head Again
Jeffrey Burt  
10/19/2018   Post a comment
Code from the Seasalt malware that was last seen in 2010 has been found in new campaigns in North Korea and North America, according to McAfee.
GreyEnergy Group Tied to Power Plant Attacks in Ukraine & Poland
News Analysis  
10/18/2018   Post a comment
Research from ESET has uncovered a new group called GreyEnergy, which appears to have targeted power plants in the Ukraine and Poland. The malware has also been linked to a previous group dubbed BlackEnergy.
Your People Can't Secure Your Network? Try Tier 0 Automation
Alan Zeichick  
10/18/2018   Post a comment
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
Why Killing Off TLS 1.0 & 1.1 Is a Good Thing
Larry Loeb  
10/17/2018   Post a comment
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
IBM's Ginni Rometty: We're the Blockchain & Quantum Computing Leader
News Analysis  
10/17/2018   1 comment
At the Gartner Symposium/ITXPO, IBM CEO Ginni Rometty talked a lot about the cloud, but also how Big Blue is leading in two cutting-edge developments: Quantum computing and blockchain.
Gartner: Cybersecurity & AI Are Top Spending Priorities for CIOs
News Analysis  
10/17/2018   Post a comment
Gartner's latest survey of CIOs finds that spending on cybersecurity and artificial intelligence is increasing.
Security Needs to Start Speaking the Language of Business
News Analysis  
10/16/2018   Post a comment
At the Gartner Symposium/ITXPO, upcoming security trends for the next year include learning to speak the language of business.
Privacy & AI Changing the Digital Transformation Game
News Analysis  
10/16/2018   Post a comment
At Gartner's Symposium/ITXPO, analysts have come up with the term 'ContinuousNEXT' to show how digital transformation is evolving. However, businesses need to address concerns over privacy and AI.
IBM's Cybersecurity Operations Center Hits the Road
News Analysis  
10/16/2018   Post a comment
Big Blue has converted a 23-ton Mercedes tractor trailer into a mobile security command center.
Living With Compromised Technology Supply Chains in a Post-Supermicro World
Joe Stanganelli  
10/15/2018   2 comments
In the wake of Bloomberg's jarring exposé on tainted motherboards from mega-manufacturer Supermicro, practical questions remain for enterprise organizations on how they can cope with the scary prospect of compromised hardware.
Gallmaker Attackers Living Off the Land, Symantec Finds
Jeffrey Burt  
10/15/2018   Post a comment
Gallmaker, a new state-sponsored threat group, eschews custom malware for legitimate hacking tools and techniques to run under the radar while attacking government and military organizations in eastern Europe and the Middle East, according to recent research from Symantec.
Facebook Revises Data Breach Number Down to 30M Users
News Analysis  
10/12/2018   4 comments
Facebook updated some details of the data breach where attackers stole users' security tokens. The social media giant now believes 30 million users were affected as opposed to the 50 million originally thought.
Intel's 9th Gen Processors Offer Protections Against Spectre & Meltdown
Larry Loeb  
10/12/2018   10 comments
While talking up its 9th Gen processors this week, Intel offer some subtle hints about plans to protect its CPUs against the Spectre and Meltdown vulnerabilities that have plague x86 processors.
DHS Raps Juniper Over the Knuckles for 40 Junos OS Vulnerabilities
Larry Loeb  
10/12/2018   3 comments
The Department of Homeland Security felt it necessary to take Juniper Networks to the woodshed for 40 vulnerabilities, many critical, that affected the company's Junos OS.
Senators Demand More Information on Google+ Vulnerability
News Analysis  
10/12/2018   1 comment
A letter from the Senate's Commerce Committee chairman is asking Google CEO Sundar Pichai for additional information about a bug in Google+ social media platform that may have exposed data on 500,000 users.
Russian & Chinese Hacking Forums Have Distinct Characteristics
News Analysis  
10/11/2018   2 comments
A year-long deep dive by Recorded Future finds that Russian and Chinese hacking forums differ in many respects.
GAO: Pentagon's New Weapons Systems Vulnerable to Cyber Attacks
News Analysis  
10/11/2018   1 comment
A report from the Government Accountability Office finds that the Defense Department is buying and developing new weapons that are vulnerable to numerous cyber attacks.
Gemalto: 4.5B Records Breached in First Half of 2018
Larry Loeb  
10/10/2018   1 comment
Gemalto's Breach Level Index showed a staggering 133% increase in data breaches between the first half of 2017 and the first six months of this year. However, most of this malicious activity is attributable to two incidents – one involving Facebook.
Magecart Attempted Supply Chain Attack Against Shopper Approved
News Analysis  
10/10/2018   Post a comment
RiskIQ has identified yet another attack by the Magecart group against Shopper Approved, third-party provider of reviews and other services to larger e-commerce sites.
Bloomberg: Major Telecom Also Found Hacked Supermicro Servers
News Analysis  
10/10/2018   2 comments
As questions swirled around a Bloomberg story about hardware hacked by Chinese spies, a second story finds that a major telecom also discovered compromised Supermicro servers.
Bloomberg Hardware Hacking Story Faces Fierce Backlash From Apple & DHS
News Analysis  
10/9/2018   7 comments
Over the weekend, Apple, Amazon, the Department of Homeland Security and others began to strongly push back against a Bloomberg story that reported Chinese hackers implanted chips in hardware to spy on companies.
Google+ Bug Exposed Personal Data of 500K Users – Report
News Analysis  
10/9/2018   12 comments
The Wall Street Journal reported that a security flaw in Google's social network exposed the records of thousands of users to third-party developers. The company did not disclose the leak because it feared data privacy regulations and additional scrutiny.
Rotten Fruit: 4 Insider Threats to Watch Out For
Alan Zeichick  
10/8/2018   4 comments
When it comes to insider threats, it's best not to trust anyone. However, different employees pose different types of threats to the network. Here are the four types of 'rotten fruit' to look out for in your business.
DanaBot Banking Trojan Is Now Finding Its Way to the US
Jeffrey Burt  
10/8/2018   Post a comment
The DanaBot Trojan first targeting organizations in Australia earlier this year has expanded into Europe and now is aiming at US, according to Proofpoint.
US Voting Machines Riddled With Vulnerabilities & Security Flaws
Larry Loeb  
10/5/2018   7 comments
The highly anticipated report form the DEF CON Voting Machine Hacking Village finds that any number of voting machines used in US elections are vulnerable to any number of attacks or hacks.
7 Russian Spies Indicted in US for Hacking Anti-Doping Agencies
News Analysis  
10/5/2018   1 comment
The Justice Department has indicted seven Russian spies for attempting to hack into and spread false information about anti-doping agencies. It appears to be a retaliatory campaign following the 2014 Winter Olympics in Russia.
China Hacks Hardware in Spying Attempt on Apple, Amazon & Others – Report
News Analysis  
10/5/2018   3 comments
Bloomberg dropped a bombshell report this week, claiming that servers produced by Supermicro contained a specialized chip designed to allow China to spy on the industrial secrets of Apple, Amazon and others, as well as the US government.
Attackers Can Compromise Corporate Email Accounts for $150
News Analysis  
10/4/2018   1 comment
With corporate email account hacking tools available on criminal forums for as little as $150, a report from Digital Shadows finds that this has led to an increase in Business Email Compromise and Email Account Compromise attacks.
Page 1 / 2   >   >>

Latest Articles
Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.
Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.
Palo Alto Networks' Unit 42 researchers have discovered a new and previously undocumented Remote Access Tool (RAT).
Researcher finds Sophos firewalls can allow net-based RCE without authentication.
The rise of DevSecOps may be the reason that 70% of respondents to Radware's survey stated that the CISO was not the top influencer in deciding on security software policy.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with