Sign up for our weekly newsletter!
News & Views
Content posted in April 2018
Page 1 / 2   >   >>
Insider Threats Cost Enterprises More Than $8M Every Year – Report
News Analysis  
4/30/2018   17 comments
Insider threats, whether it's an employee with malicious intent or a worker is simply careless, can cost enterprises more than $8 million over the course of 12 months to clean up, according to a new report.
Rubella Macro Builder Crimeware Kit Price Drops to $40
Larry Loeb  
4/30/2018   3 comments
Crime might not pay, but it also doesn't have to be expensive to try. Flashpoint researchers have found that the monthly fee for the Rubella Macro Builder crimeware kit dropped to $40 on the underground market.
North Korea-Linked 'Operation GhostSecret' Found in 17 Countries
News Analysis  
4/27/2018   5 comments
A new report out this week from McAfee has identified a new North Korea-linked cyber operation called 'GhostSecret,' which appears to be active in 17 different countries and targeting a number of different industries.
Researchers Detail Self-Learning System That Secures IoT Devices
Larry Loeb  
4/27/2018   13 comments
Researchers from several universities have published a new paper describing what they believe is a better way to protect and secure IoT devices and sensors.
Orangeworm Malware Burrows Into Healthcare Industry
Jeffrey Burt  
4/26/2018   4 comments
A group of cybercriminals, known collectively as Orangeworm, are using their own malware and a custom backdoor called Kwampirs in highly targeted attacks against healthcare organizations, according to Symantec.
Cryptocurrency Theft Uses Old Exploit to Highjack AWS Traffic
News Analysis  
4/26/2018   2 comments
Earlier this week, attackers stole about $150,000 worth of cryptocurrency by exploiting a flaw in Domain Name System servers that allowed the group to hijack AWS traffic for about two hours.
Microsoft: Tech Support Scams on the Rise
Larry Loeb  
4/25/2018   14 comments
A recent report from Microsoft shows that the number of scams using tech support as a cover is on the increase. However, many times it's up to consumers and companies to protect themselves.
5 New Network Attack Techniques That Will Keep You Awake at Night
Alan Zeichick  
4/25/2018   2 comments
You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.
SEC Slaps Yahoo Successor With $35M Fine for 2014 Data Breach
News Analysis  
4/25/2018   8 comments
The SEC has hit Yahoo's successor, Altaba, with a $35 million fine related to the company's 2014 data breach.
Smartphones Remain the Most Vulnerable of Endpoints
Simon Marshall  
4/24/2018   4 comments
The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.
Atlanta's Ransomware Attack Cost Around $2.6M – Report
News Analysis  
4/24/2018   2 comments
A report indicates that Atlanta spent a little over $2.6 million to defend itself against the SamSam ransomware attack that crippled city services earlier this year.
SunTrust Investigation Shows Continuing Threats Posed by Insiders
News Analysis  
4/24/2018   3 comments
SunTrust Banks investigate a possible data theft by an employee that could have exposed the personal information of 1.5 million customers. The incident shows insider threats remain a significant security issue.
Cybercrime: More Like Facebook's Model Than Traditional Criminal Enterprise
Larry Loeb  
4/23/2018   7 comments
As the global economy has changed, so has cybercrime, which resembles something much closer to how Facebook works than a traditional criminal enterprise, according to a new report.
It's the People: 5 Reasons Why SOC Can't Scale
Alan Zeichick  
4/23/2018   5 comments
There are always more security alerts and threats to respond, but the answer isn't to simply throw more money at the SOC to hire additional Tier 1 and Tier 2 security analysts.
At-Risk Routers & Russian Hacking Plans Stir Talk at RSA
News Analysis  
4/23/2018   Post a comment
At last week's RSA conference, the recent US and UK disclosure that Russia-backed actors have been targeting unpatched and older routers stirred conversations among security experts.
Login With Facebook & Watch Your Personal Data Leak
Larry Loeb  
4/20/2018   4 comments
A common feature on many popular websites allows users to login with their Facebook profile. However, a trio of Princeton researchers show that this feature allows personal information to leak and be collected.
Cyber Attacks Have Doubled, but Security Is Getting Better at Blocking Them
Jeffrey Burt  
4/20/2018   1 comment
In a survey, Accenture said the number of targeted attacks like ransomware and DDoS are growing, but organizations are getting better and faster at detecting them.
Firewall Fail: IT Can't Identify All Network Traffic
News Analysis  
4/19/2018   2 comments
With more and more traffic being encrypted, IT departments are having difficulty identifying the source of traffic coming into their network and past the firewall.
Microsoft Security Is Channeling the Terminator
Alan Zeichick  
4/19/2018   4 comments
In its own way of channeling the Terminator and Skynet, Microsoft is looking to add more layers of artificial intelligence into its Windows Defender ATP to further reduce remediation and increase automation of security.
In Wake of Spectre & Meltdown, Intel Shifts Memory Scanning to GPU
Jeffrey Burt  
4/19/2018   3 comments
At the RSA Conference this week, Intel introduced several silicon-level security technologies, including moving memory scanning from the CPU to the GPU, as part of its larger 'security-first' strategy following the Spectre and Meltdown issues.
DHS Secretary Kirstjen Nielsen: Cybercrime Will Reach $6 Trillion Annually
News Analysis  
4/18/2018   1 comment
Kirstjen Nielsen, the secretary of the US Department of Homeland Security, told this week's RSA Conference that cybercrime will reach $6 trillion annually within the next three years, and that the federal government and private business need to step up their game.
Alert Warns Russian Actors Are Targeted Unsecured Network Devices
Larry Loeb  
4/18/2018   Post a comment
A join statement from UK and US law enforcement and security agencies are warning that Russian actors are targeting older and unpatched network infrastructure as part of an ongoing cyberespionage campaign.
Microsoft's Brad Smith: 2017 Was a Cybersecurity Wake-Up Call
News Analysis  
4/18/2018   Post a comment
Brad Smith, Microsoft's president and chief legal officer, spoke at RSA 2018 about the cybersecurity wake-up call that was 2017, and what improvements the industry could make in 2018.
Endpoint Security: 3 Big Obstacles to Overcome
Joe Stanganelli  
4/17/2018   Post a comment
Two recent reports highlight three major challenges in enterprise endpoint security.
Ransomware: Still a Security Threat & Still Evolving
Jeffrey Burt  
4/17/2018   5 comments
While ransomware may have faded from the headlines a bit during the first four months of 2018, a bevy of reports from Verizon, Symantec and Webroot find that not only does it remain a top security threat, but it continues to evolve as well.
'PowerHammer' Exploit Can Steal Computer Data Across Electrical Lines
Larry Loeb  
4/16/2018   10 comments
Researchers at Ben-Gurion University have created a new exploit called 'PowerHammer' that can steal data from PCs and other systems through electrical lines.
As Public Cloud Use Increases, So Does Data Theft
News Analysis  
4/16/2018   1 comment
Ahead of the RSA conference, McAfee has released its annual cloud security report that finds one in four public cloud users have experienced a data theft over the past year.

Data Breach Increase Shows Endpoints Are Under Attack
Joe Stanganelli  
4/16/2018   5 comments
The stats and factoids from the latest edition of Verizon's annual Data Breach Investigation Report make clear enterprise endpoints have been far too vulnerable and that explains why data breaches are on the rise.
Cloudflare Extends Its Lava Lamp-Powered Protection Internet-Wide
News Analysis  
4/13/2018   1 comment
Cloudflare is going beyond protecting web applications to support protecting anything that runs on the Internet, using a service powered, in part, by lava lamps. And no it is not April Fool's Day.
Misconfigured Routers Could Be Used for Botnets, Espionage
Larry Loeb  
4/13/2018   1 comment
A recent white paper released by Akamai finds that thousands of misconfigured routers using older UPnP protocols could be turned into malicious botnets or used for espionage.
Beyond Bitcoin: How Blockchain Can Benefit IoT Security
Jeffrey Burt  
4/13/2018   7 comments
As the market for the Internet of Things grows, security concerns are increasing. However, a new study shows that blockchain technology can go beyond protecting cryptocurrency to help lock down IoT devices and sensors better than other methods.
APTs Are Rising in the East, Kaspersky Finds
News Analysis  
4/13/2018   Post a comment
A growing number of Advanced Persistent Threats, or APTs, increased in Asia, as well as the Middle East, over the past three months. This includes a cyber attack that targeted the 2018 Winter Olympics in South Korea, a new Kaspersky report found.
More Security Hiring Doesn't Guarantee Better Patching – Study
News Analysis  
4/12/2018   1 comment
A joint study from the Ponemon Institute and ServiceNow finds that hiring more security professionals doesn't guarantee better patching practices as cyberattacks are increasing. However, automation may hold the key.
Billions of Business Files & Data Are Exposed Online to Anyone
Simon Marshall  
4/12/2018   Post a comment
A report from Digital Shadows finds that more than a billion files, including sensitive data and intellectual property, are exposed to the greater Internet. Much of this is due to antiquated technology.
Cisco & Juniper Take Rivalry to Cloud Security
News Analysis  
4/11/2018   Post a comment
Cisco and Juniper are debuting competing cloud security software and services as they transition to new business models.
Bastille's ATI System Warning Raises Its Own Alarm
Larry Loeb  
4/11/2018   5 comments
Bastille Networks made a splash by notifying ATI Systems that its warning systems have a significant vulnerability. However, the timing of the notice leaves a question about motives when public safety is at risk.
IoT Malware-on-the-Fly Expected to Rise
Dawn Kawamoto  
4/11/2018   2 comments
Researchers discover a new Mirai-variant IoT botnet that appears linked to IoTroop or Reaper botnet, allowing attackers to easily update malicious code on the fly.
Quant Loader Trojan Hiding in Email File Extensions
News Analysis  
4/10/2018   Post a comment
Barracuda Networks has released a new report that finds email file extensions are hiding a variation of the Quant Loader Trojan, which is being used to spread ransomware and password stealers.
Verizon: Change the Attacker's Value Proposition
News Analysis  
4/10/2018   5 comments
By creating more difficult paths to reach valued assets, enterprises can flip the odds against attacker success, according to the latest security report from Verizon.
Carbon Black Looks to Raise $100M From IPO
News Analysis  
4/10/2018   Post a comment
Endpoint security specialist Carbon Black has filed paperwork with the SEC for an initial public offer. The company is looking to raise about $100 million as part of the public offering.
Malwarebytes: Cryptomining Surges as Ransomware Declines
News Analysis  
4/9/2018   Post a comment
During the first quarter of 2018, cybercriminals and attackers continued to drift toward cryptomining schemes and away from other malware, such as ransomware, according to a new analysis from Malwarebytes.
Cisco Warns of Possible Smart Install Client Hacking
Larry Loeb  
4/9/2018   8 comments
Following an alert by US-CERT about possible hacking by foreign governments, Cisco is warning customers about a port vulnerability in the company's legacy Smart Install Client.
Don't Call AWS' CloudFront Hijacking Problem a Vulnerability
Larry Loeb  
4/6/2018   4 comments
Amazon Web Service might be the biggest of the big cloud providers, but it still has some security concerns. A researcher has noticed the company is open to having its CloudFront service hijacked, but Amazon officials won't call it a vulnerability.
Startup PreVeil Challenging Cloud-Based Encryption Standards
Simon Marshall  
4/6/2018   Post a comment
Boston-based PreVeil is looking to change the way data is encrypted in the cloud, and it is butting heads with the bigger cloud storage providers to prove its point.
Massive Data Breaches & Data Leak Hit Retail Industry in 1-2-3 Punch
Dawn Kawamoto  
4/5/2018   3 comments
Panera Bread, Hudson Bay and Under Armour all took it on the chin within the last two weeks, falling prey to a round of cyber attacks that have hit the retail industry hard.
AWS Expands Cloud Security Automation
News Analysis  
4/5/2018   2 comments
Amazon wants to make it easier to lock down AWS applications.
Intel Will Leave Some Chips Without Spectre Patch
News Analysis  
4/5/2018   3 comments
Over the last several weeks, Intel has been pushing out microcode updates to patch the Spectre and Meltdown flaws in its chips. However, some CPUs will remain unpatched.
Automation Is a Key to Future Enterprise Security – Report
News Analysis  
4/4/2018   1 comment
A report from McAfee and Vanson Bourne finds that automation, including machine learning and AI, can help improve enterprise security by freeing up human resources. If that doesn't work, there's always gaming.
YouTube Shooting Ignites Debate Over Merging Physical & IT Security
Dawn Kawamoto  
4/4/2018   16 comments
A woman shot and wounded three people at YouTube's headquarters on Tuesday, a tragic event that shines a light on the industry's long-running debate over whether physical and IT security departments should be merged under one roof.
Cloudflare vs. Google: Making DNS Protocol Better, More Secure
Larry Loeb  
4/4/2018   4 comments
With the release of 1.1.1, Cloudflare is looking to make the DNS protocol better and more secure, while speeding up the Internet. Is this helping Google or leaving the company behind?
Page 1 / 2   >   >>

Latest Articles
Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.
Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.
Palo Alto Networks' Unit 42 researchers have discovered a new and previously undocumented Remote Access Tool (RAT).
Researcher finds Sophos firewalls can allow net-based RCE without authentication.
The rise of DevSecOps may be the reason that 70% of respondents to Radware's survey stated that the CISO was not the top influencer in deciding on security software policy.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with