News & Views - Content posted in February 2018

ABTV

Application

Cloud

Endpoint

News & Views

Content posted in February 2018

View Content by Month

OMG: Mirai Botnet Finds New Life, Again
Larry Loeb 2/28/2018 14 comments
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.

GDPR: The New Price We Pay for Data Privacy
Simon Marshall 2/28/2018 3 comments
When the EU's GDPR regulations come into effect in May, the rules around how companies and individuals regard data privacy will change forever. Even for those outside Europe, this could be an expensive journey to take.

4 Steps to Make Your Website GDPR Compliant
Dawn Kawamoto 2/27/2018 16 comments
Three months remain to whip your website into shape before the May 25 GDPR compliance deadline. Here are several steps to help you get there.

Attackers Sell Growing Number of Legitimate SSL Certificates
Dawn Kawamoto 2/27/2018 7 comments
Network security applications performing deep packet inspections are increasingly getting duped by these rogue legitimate certificates, according to a new report.

GDPR: Your Enterprise Security Checklist
News Analysis 2/26/2018 5 comments
With GDPR looming, Security Now wants to help security pros create their checklist to meet the new data privacy rules.

US Government Leads World in Data Breaches
Larry Loeb 2/26/2018 9 comments
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.

GDPR Non-Compliance: Will Your Enterprise Get Busted?
Dawn Kawamoto 2/26/2018 8 comments
GDPR enforcement begins May 25 and regulators are likely to focus on particular industries and types of companies, according to attorneys and analysts.

Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb 2/23/2018 18 comments
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.

EU's NIS Directive Compounding GDPR Burdens & Confusion
News Analysis 2/23/2018 2 comments
With the eyes of the tech world focused on the day GDPR goes into effect, many have been missing the compounding factor of separate EU member-state InfoSec rules that will coincide with GDPR. Here's a look at the NIS Directive.

Cisco: 'Ransomware' Seeks Destruction, Not Ransom
News Analysis 2/22/2018 13 comments
The Cisco 2018 Annual Cybersecurity report rounds up the state of the threat landscape, including the changing nature of ransomware.

GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan
Dawn Kawamoto 2/22/2018 4 comments
Cybercriminals' targeted attacks may also include extortion fees to keep their breaches quiet and out of the view of GDPR enforcers, researchers find.

Intel Offering New Microcode to Fix Spectre & Meltdown
News Analysis 2/22/2018 4 comments
Intel is releasing new microcode to OEMs to fix the Spectre and Meltdown flaws found in the company's 6th, 7th and 8th Generation processors.

Coldroot RAT Sends Mac Antivirus Down a Maze
Larry Loeb 2/21/2018 5 comments
A new blog by a Digita Security researchers finds that Coldroot RAT, which specifically targets Mac and macOS users, is still eluding detection from different antivirus engines, even though it's available on GitHub.

Verizon Mobility Security Index Shows Enterprises Not Doing Enough
News Analysis 2/21/2018 2 comments
The Verizon Mobility Security survey shows enterprises are aware of the growing risk that smartphones and tablets present but aren't doing enough to address it.

Intel Faces 32 Lawsuits Over Spectre & Meltdown Vulnerabilities
News Analysis 2/20/2018 3 comments
In a filing with the SEC, Intel disclosed that it faces 32 different class action lawsuits related to the Spectre and Meltdown vulnerabilities.

Cryptocurrency Crime: The Internet's New Wild West
Simon Marshall 2/20/2018 6 comments
The popularity of Bitcoin and other cryptocurrencies has opened the floodgates to different cybercrimes, scams and outright theft. A pair of reports from Cisco and Digital Shadows paints a portrait of this new Wild West of the Internet.

Microsoft Vulnerabilities More Than Doubled in 2017 – Report
Larry Loeb 2/19/2018 17 comments
A comprehensive exam by security vendor Avecto found that the number of vulnerabilities in Microsoft's products increased from 234 to 685 between 2016 and 2017.

DDoS Today: No Safety Inside the Perimeter
Naim Falandino 2/19/2018 1 comment
For years, protecting the perimeter was believed to be the safest way to guard against DDoS. However, the cloud, IoT and new botnets have changed that thinking. Here's how CISOs and security pros should respond.

DoubleDoor IoT Botnet Is a Harbinger of Exploits to Come
Larry Loeb 2/16/2018 3 comments
NewSky researchers are looking into DoubleDoor, a new type of IoT botnet that combines two exploits together. It also shows what kind of security challenges lie ahead for the enterprise.

GDPR Territorial Scope: Location, Location, Location?
News Analysis 2/16/2018 3 comments
Disagreement over Article 3, Section 2, of the GDPR rules has left the realm of data-privacy practice in confusion as to who is protected and under what circumstances.

UK Accuses Russia of Launching NotPetya Attacks
Dawn Kawamoto 2/16/2018 2 comments
The Kremlin and the Russian military used the NotPetya ransomware attack to target Ukrainian financial, energy and government centers, according to allegations the UK government made this week.

Oracle Boosting Cloud Security With Zenedge Acquisition
News Analysis 2/15/2018 1 comment
Oracle is continuing to expand its cloud presence and with that comes security concerns. Its acquisition of Zenedge will address web app security and DDoS issues.

Kaspersky: Phishing Attack Attempts Soared 59% in 2017
Dawn Kawamoto 2/15/2018 4 comments
There has been dramatic, year-over-year growth in phishing attacks, following only a slight increase in 2016 and a two-digit decline in 2015, according to a report released by Kaspersky Lab.

Mobile Malware Increases, While Hiding in Porn Sites
Simon Marshall 2/15/2018 3 comments
Porn and other adult content sites are helping to disguise an increase in mobile malware, which is targeting users embarrassed by their online browsing habits, according to new information from Kaspersky Labs.

Intel Boosts Bug Bounties in Wake of Spectre & Meltdown
News Analysis 2/15/2018 1 comment
Intel is increasing its bug bounty program in the wake of the controversy surrounding the Spectre and Meltdown vulnerabilities found within the company's x86 CPUs.

Mozilla Leads the Way to Safer Browser Development
Larry Loeb 2/14/2018 Post a comment
Mozilla is looking to make web browsers safer by adding new developer features into Firefox that should make the HTTPS protocol a must-have way to transmit for websites.

Equifax Taps Former Home Depot Security Chief as New CISO
Dawn Kawamoto 2/14/2018 Post a comment
Equifax, the embattled credit monitoring company is hoping the former Home Depot CISO can turn the beleaguered company's security around. After all, he's previously played cleanup man.

A World Made Possible by the Promise of the Pervasive Network
Sponsored Video 2/13/2018 1 comment
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video

Oracle's Mark Hurd Touts Automation for Security & Patching Concerns
News Analysis 2/13/2018 1 comment
Oracle CEO Mark Hurd came to New York City to tout the benefits of automation and artificial intelligence to help tackle concerns of security and patching.

Why You Should Never Add Another User to Your Network
News Analysis 2/13/2018 1 comment
Old-fashioned rules about who gets access to the network no longer apply in the era of cloud computing. Instead, security pros need to match specific users to specific applications. Here's why.

Windows 10 Bypassing Passwords With Fujitu's PalmSecure Biometrics
Larry Loeb 2/12/2018 5 comments
Microsoft is looking to overcome the password dilemma by incorporating Fujitsu's PalmSecure biometric technology into Windows 10.

Cyberattacks Soared 113% During Fourth Quarter – Report
News Analysis 2/12/2018 Post a comment
The three-month period marks the largest year-over-year quarterly jump in recent years, according to ThreatMetrix.

2018 Winter Olympics Websites Hit by Cyberattack – Reports
News Analysis 2/12/2018 1 comment
During the opening ceremonies of the 2018 Winter Olympics in PyeongChang, South Korea, the games' website was hit by a cyberattack by an unknown attacker.

Forcepoint Finds New Malware Hiding in PoS Machines
Larry Loeb 2/9/2018 Post a comment
The malware, which resembles a LogMeIn service pack, can capture data from credit cards and then reproduce the card or other information. However, Forcepoint believes this strain of malware is still under development.

GDPR Readiness Goes Beyond Security Controls
News Analysis 2/9/2018 Post a comment
IT security and privacy professionals face challenges in designing a comprehensive compliance program to meet the upcoming GDPR regulations that the EU is implementing, a Forrester Research report finds.

Rogue Employees Mine Cryptocurrency Using Company Hardware
News Analysis 2/8/2018 1 comment
As Bitcoin has become more popular, the temptation for rogue employees to use company equipment and hardware to mine cryptocurrency has also increased. Here's what security pros need to know.

Check Point & Palo Alto Tackle Multicloud Security
News Analysis 2/8/2018 Post a comment
Enterprises need more sophisticated protection in multicloud environments, and Check Point and Palo Alto Networks are looking to fill those requirements.

Fidelis Researchers Demo Dangerous Covert Channel in Digital Certificates
Larry Loeb 2/7/2018 2 comments
Researchers at Fidelis have found a way to exploit a flaw in the X.509 certificate protocol to create a covert data exchange channel.

Data Breaches Topped 5,200 in 2017, Smashing Records
News Analysis 2/7/2018 1 comment
A look back at 2017 by Risk Based Security finds that there were more than 5,200 data breaches during those 12 months – a new and frightening record.

Apple & Cisco Look to Ease Burden of Cybersecurity Insurance
News Analysis 2/6/2018 1 comment
Apple and Cisco, along with insurance broker Allianz and risk assessor Aon, are looking to make cybersecurity insurance in the enterprise more affordable in the age of ransomware.

North Korea Stole 'Billions' in Cryptocurrency Heist, Official Claims
News Analysis 2/6/2018 11 comments
A South Korean official claims that North Korea used a phishing scheme to steal 'billions' in cryptocurrency, according to a published report.

Trend Micro Finds 89 Malicious Chrome Extensions Dispensing 'Malvertising'
Larry Loeb 2/5/2018 6 comments
All 89 of these malicious Google Chrome Extensions come from one group calling itself Droidclub.

Can Machine Learning Overcome the Threat Intelligence Gap?
Simon Marshall 2/5/2018 1 comment
Threat intelligence is a major concern for enterprises. Security firm Recorded Future believes machine learning can help overcome the gap between the haves and the have-nots.

Strava Data Leaks Show Limit of What We Can Protect
Larry Loeb 2/2/2018 15 comments
When news spread this week that data leaking from Strava's fitness app could pinpoint where soldiers were training, it showed that sometimes even the best security practices have their limits.

Allure Seed Round Funds AI Security
Simon Marshall 2/2/2018 3 comments
Flush with $5.3 million in funding, Allure Security is taking a novel approach to data security by using AI and machine learning. CTO Dr. Salvatore J. Stolfo sat down with Security Now to explain how it works.

Why CASBs Are On the Rise
News Analysis 2/1/2018 1 comment
Cloud access security broker (CASB) software is becoming a critical tool to ensure that SaaS applications don't become major security problems.

AMD CEO Says Zen 2 Chips Will Have Spectre Fix
News Analysis 2/1/2018 7 comments
During a call with analysts to discuss financial results, AMD CEO Dr. Lisa Su said that the company's upcoming Zen 2 chips will have fixes for Spectre.

Endangered Virtualization Species Forced to Evolve
News Analysis 2/1/2018 Post a comment
To protect their place in a virtualized HPC network, basic virtualization tools have had to evolve – and yet they might become extinct anyway.

View Content by Month

Latest Articles

Unit 42 Finds the First Cryptojacking Docker Container

Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.

Artificial Intelligence & Cybersecurity: Making It Work for Your Organization

Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.

Even RATs Need Marketing

Palo Alto Networks' Unit 42 researchers have discovered a new and previously undocumented Remote Access Tool (RAT).

Don't Get Burned by Your Sophos Firewall

Researcher finds Sophos firewalls can allow net-based RCE without authentication.

CISO No Longer the Last Word on Security – Radware

The rise of DevSecOps may be the reason that 70% of respondents to Radware's survey stated that the CISO was not the top influencer in deciding on security software policy.

More Blogs

Information Resources

•

Special Report: SD-Wan Security

•

Zero Trust: Organizations can begin to trust users, devices and transactions starting with a high level of IAM services and support

•

How to Unite Your Active Directories: Mergers, Acquisitions and Divestitures

•

Deliver a True Omni-Channel Experience

•

The Smart Way to Simplify PCI Compliance

•

Versa SD-WAN – Simple, Secure and Reliable Branch to Multi-Cloud Connectivity

•

Fortifying Your Branch Security

•

The Essential Guide to Understanding Risk and Quantification

•

7 Experts on Threat and Vulnerability Management

•

A CISO’S Guide to Hybrid Cloud Security

All resources

upcoming Webinars

Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization

Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London

More Webinars Webinar Archives

Podcasts

Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.

Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.

Podcast archive

Analysts Corner

Ovum Resources

•

Ovum 2018 Trends to Watch: IT & Cybersecurity

•

Ovum IoT Security: Technology Strategies & Vendor Profiles

•

Ovum 2018 Trends to Watch: Managed Security Services

•

Ovum's Mini-Guide to GDPR

Analysts Corner archive

Flash Poll

All polls

Video

In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...

CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...

You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...

Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...

Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...

All Videos