Sign up for our weekly newsletter!
REGISTER NOW
News & Views
Content posted in June 2018
Mobile Malware Group Hits Google Play a Third Time
Jeffrey Burt  
6/29/2018   17 comments
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
Larry Loeb  
6/29/2018   13 comments
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Equifax Agrees to Implement New Security Measures
News Analysis  
6/28/2018   24 comments
Equifax and eight states have signed an agreement that will have the company implement new security rules, following one of the largest data breaches in history. The news comes as a Florida firm may have exposed the records of millions to the open Internet.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Jeffrey Burt  
6/28/2018   19 comments
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
CenturyLink Enhances Log Management for Hybrid Networks
News Analysis  
6/28/2018   3 comments
CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.
Massive Bot Armies Target the Hospitality Industry
News Analysis  
6/27/2018   10 comments
Research from Akamai finds that the entire hospitality industry is under assault from armies of bots that are conducting DDOS attacks and attempting to steal data from websites.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  
6/27/2018   8 comments
After 20 years, the Wi-Fi Alliance has released a new WiFi standard – WPA3 – which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Jeffrey Burt  
6/26/2018   11 comments
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Cloud-Based Identity Management Systems: What to Look For
Alan Zeichick  
6/26/2018   Post a comment
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
Phishing Attacks Are Increasing & Gaining in Sophistication
News Analysis  
6/25/2018   6 comments
Reports from Palo Alto Networks and Barracuda Networks show that different types of phishing attacks are increasing, and becoming more sophisticated and deceptive.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  
6/25/2018   7 comments
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  
6/25/2018   1 comment
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
Tesla Lawsuit Claims Insider Breached Company Security
News Analysis  
6/22/2018   6 comments
Tesla has filed a lawsuit against a former employee, claiming he violated company policies, damaged equipment and stole data. The truth is more complicated but the incident shows the threats insiders can pose.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  
6/22/2018   20 comments
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Satori Botnet Targeting D-Link Routers in Latest Attack
News Analysis  
6/21/2018   1 comment
The Mirai-based Satori botnet is targeting a widely used router and modem device from D-Link in an attack discovered this week, according to an analysis from Radware.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  
6/21/2018   5 comments
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Olympic Destroyer Returns With Attacks in Europe
Jeffrey Burt  
6/20/2018   2 comments
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
Cyber Criminals Using Hidden Tunnels to Attack Banks, Financial Institutions
News Analysis  
6/20/2018   1 comment
A new study from Vecta finds that cyber criminals are using so-called hidden tunnels to carry out sophisticated command and control attacks designed to steal personal data from banks and other financial institutions.
Betabot Trojan Reborn in New Sophisticated Form
Larry Loeb  
6/20/2018   Post a comment
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
Blockchain & Cryptocurrency Becoming Greater Security Concerns
News Analysis  
6/19/2018   6 comments
The rise of schemes targeting cryptocurrencies is starting to raise concerns about blockchain security, according to a new study conducted by McAfee.
World Cup Penalty: Phishing Campaign Targets Soccer Fans
News Analysis  
6/19/2018   1 comment
Check Point has uncovered a phishing campaign targeting fans of the FIFA World Cup, with cybercriminals attempting to get people to download a schedule of fixtures and a result tracker that hide malicious software.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  
6/18/2018   1 comment
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  
6/18/2018   4 comments
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds
News Analysis  
6/15/2018   3 comments
A report from CyberSeek finds that there are currently over 300,000 open positions for cybersecurity professionals in the US, which includes more than 13,000 positions in the public sector.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  
6/15/2018   7 comments
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Cisco: Companies More Proactive About Cybersecurity
Jeffrey Burt  
6/14/2018   1 comment
The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.
IPS: A Key Network Protection in an Age of Increasing Threats
Simon Marshall  
6/14/2018   Post a comment
Intrusion prevent systems or IPS have had a checkered history in the enterprise, but increases in malicious activity across business networks have shown the technology can make a big security difference.
iOS App Store Guidelines Effectively Ban Cryptomining
News Analysis  
6/13/2018   7 comments
Apple has issued new guidelines for iOS developers that effectively ban cryptomining apps from the company's App Store. The move follows similar changes from Google.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
Larry Loeb  
6/13/2018   7 comments
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
Talos: VPNFilter Malware Still Stands at the Ready
Jeffrey Burt  
6/12/2018   1 comment
Rebooting routers and the FBI's takeover of the C&C server may have mothballed the threat that infected more than 500,000 routers, but attackers could get it going again, Talos's Craig Williams said at Cisco Live in Orlando.
Email-Based Attacks Still Wreaking Havoc on Enterprises, Study Finds
News Analysis  
6/12/2018   5 comments
A recent study by Barracuda Networks found that 87% of businesses have sustained at least one email-based attack in the past year, and most times it's poor training that allows these breaches to happen.
Bitcoin & Other Cryptocurrency Prices in Flux Following Hack
News Analysis  
6/12/2018   1 comment
A hack of a South Korean cryptocurrency exchange over the weekend sent the price of Bitcoin and other cryptocurrencies into flux on Monday, upsetting an already volatile market.
ISF: Balance Is Key to Mobile Security
Jeffrey Burt  
6/11/2018   2 comments
As the workforce becomes more mobile, companies can't lock everything down but also can't risk leaving their mobile environments wide open, Information Security Forum finds.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Larry Loeb  
6/11/2018   2 comments
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
Operation Prowli Infects 40,000 Systems for Cryptomining
Jeffrey Burt  
6/8/2018   9 comments
GuardiCore researchers uncover a campaign that has comprised vulnerable servers at more than 9,000 companies worldwide for cryptojacking and traffic manipulation purposes.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
Larry Loeb  
6/8/2018   7 comments
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Over 100K Drupal Sites Still Exposed to Critical RCE Vulnerability
News Analysis  
6/7/2018   11 comments
While many companies have patched their Drupal CMS platforms to protect against an RCE vulnerability, a new analysis finds that more than 100,000 websites remain exposed.
VPNFilter Malware Targets More Routers Than Originally Thought
News Analysis  
6/7/2018   3 comments
In an update to its research into the VPNFilter botnet malware, Cisco Talos researchers increased the number of routers that were targeted.
MyHeritage Data Breach of 92M Accounts Raises Many Questions
News Analysis  
6/6/2018   8 comments
After being contacted by a security researcher, MyHeritage announced that as many as 92 million of its accounts may have been compromised. However, there are more questions that need to be asked about this data breach.
Microsoft's GitHub Deal: Following Developers & Security Into the Cloud
Larry Loeb  
6/6/2018   4 comments
Microsoft's $7.5 billion deal for GitHub this week means different things to different people, but for Redmond, it's all about developers, cloud and securing all that data. And that's not a bad thing.
North Korean-Linked Group Stops Targeting US Ahead of Summit
News Analysis  
6/5/2018   8 comments
Covellite, which has been linked to North Korea, has stopped targeting facilities in the US and other parts of North America ahead of a planned summit later this month.
Security Pros Have Double Standards When It Comes to Breaches
News Analysis  
6/5/2018   3 comments
Security professionals are eager to know more about data breaches, except in their own organizations, where mum's the word, according to a new report.
Trojan Campaign Uses US & North Korea Summit to Lure Victims
Jeffrey Burt  
6/5/2018   1 comment
The hackers behind the NavRAT malware are targeting South Koreans with a spear-phishing effort that refers to the upcoming meeting between the US and North Korean leaders, Talso says.
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Joe Stanganelli  
6/4/2018   2 comments
Enterprise IT networks represent an encrypted two-way street; just as encryption is a critical defensive measure, network attackers are increasingly relying upon encrypting the malicious network traffic that they send out so as to mask their do-baddery.
RIG Exploit Finds New Home in Cryptomining
Larry Loeb  
6/4/2018   2 comments
The RIG exploit kit has found a new, more lucrative home in cryptomining.
BackSwap Banking Trojan Shows How Malware Evolves
Larry Loeb  
6/1/2018   4 comments
The newly discovered BackSwap baking Trojan is designed to avoid the security protections that vendors and businesses have created to stop these types of malware attacks.
Vulnerability Remediation: Best Practice or Best Guess?
Simon Marshall  
6/1/2018   2 comments
A new study from Kenna Security and the Cyentia Institute finds that even the most well-thought-out vulnerability remediation strategy is no better than a good guess. However, machine learning could lead to better results.




Latest Articles
The Internet is going to run out of address space sometime this month.
Confiant has spotted the known threat actor eGobbler back in action.
Israeli-based Cyberint has found evidence of remote access Trojans being used in attacks on financial entities in the United States as well as worldwide.
Sources say that the company was being used as the start of 'digital fishing expeditions targeting at least a dozen Wipro customer systems.'
Bromium has uncovered US-based web servers that are being used to host and distribute these kinds of malware including banking trojans, information stealers and ransomware.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with