Sign up for our weekly newsletter!
News & Views
Content posted in July 2018
SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains
News Analysis  
7/31/2018   5 comments
For the past three years, the person or persons behind the SamSam ransomware have targeted hospitals, healthcare organizations, as well as the city of Atlanta, and have collected nearly $6 million in illicit funds, according to research from Sophos.
PowerGhost Cryptomining Malware Targets Corporate Networks
Jeffrey Burt  
7/31/2018   1 comment
Kaspersky Lab researchers said the malware uses fileless techniques to make it harder to detect and the Eternal Blue exploit to spread to systems across the networks.
New Spectre-Like Vulnerability Allows for Remote Data Theft
Larry Loeb  
7/30/2018   5 comments
Researchers have found new Spectre-like vulnerability in x86 processors called NetSpectre, which allows attackers to steal data remotely.
Zero Trust Means Never Trust & Always Verify
Alan Zeichick  
7/30/2018   3 comments
Enterprise security teams have actually been practicing zero trust policies for a number of years, but new advances and better tools now make the philosophy easier to implement. Still, it's always best to verify.
Symantec: Leafminer Group Is a Dangerous Group of Amateurs
Larry Loeb  
7/27/2018   12 comments
While the Leafminer group has been causing significant problems in the Middle East for well over a year, Symantec notes that the group is doing so using rather amateurish techniques.
Kronos Returns as Banking Trojan Attacks Ramp Up
Jeffrey Burt  
7/27/2018   1 comment
Proofpoint researchers have seen a new version of the four-year-old Kronos emerge in campaigns in Europe and Japan. The report also finds it may be rebranded as 'Osiris.'
DHS Warns of Increasing Attacks on ERP Systems
News Analysis  
7/26/2018   2 comments
Following reports by Digital Shadows and Onapsis, the US Department of Homeland Security has issued a warning to businesses that nation-states and other groups are targeting Enterprise Resource Planning systems.
California's CCPA Law: Why CISOs Need to Take Heed
Joe Stanganelli  
7/26/2018   1 comment
The recently enacted California Consumer Privacy Act, while hardly a sweeping reform of the state's privacy laws, changes the playing field for IT risk and liability where California residents' personal information is concerned.
Google Debuts Hardware Key for Secure Cloud Access
News Analysis  
7/26/2018   4 comments
Google introduces hardware keys to provide priority end users with secure cloud access, as well as rolling out security for virtualized and containerized applications, and new G Suite protections.
Continued Russian Attacks Show Weakness of Industrial Control Systems
News Analysis  
7/25/2018   1 comment
A new report shows that Russian-based attackers are increasingly able to penetrate the Industrial Control Systems of US-based utilities, showing that a new approach to security within critical infrastructure is needed.
Bluetooth Vulnerability Opens Up Man-in-the-Middle Attacks
Larry Loeb  
7/25/2018   3 comments
With almost certainly hypothetical, this vulnerability in Bluetooth's protocol could result in a man-in-the-middle attack and allow the culprits to steal personal data off a device.
Iowa College Learns Education & Policies Are Keys to Endpoint Security
News Analysis  
7/24/2018   Post a comment
Northeast Iowa Community College decided to deal with data breaches by improving endpoint security through a combination of better software, better education and better policies.
Kaspersky: There's No Such Thing as a Free Gift Card Code
Jeffrey Burt  
7/24/2018   Post a comment
Kaspersky Labs is warning that bad actors are using a scheme offering free gift card codes from Amazon, Google, eBay and others to separate consumers from their personal data and money.
Watch Out: The Dark Web Is Really Watching You
Alan Zeichick  
7/23/2018   8 comments
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
DNS Rebinding Attack Could Affect Half a Billion IoT Devices
Larry Loeb  
7/23/2018   4 comments
From smart speakers to printers to IP-connected video equipment, DNS rebinding attacks are targeting a number of IoT-based devices.
DOJ Will Now Alert US Public to Foreign Interference, Attacks
News Analysis  
7/20/2018   9 comments
This week, the Justice Department released a new report on cyber attacks targeting US companies and institutions, and officials now plan to issue alerts to the American public.
LabCorp Investigating Possible Attack & Data Breach
News Analysis  
7/20/2018   1 comment
LabCorp, one of the largest medical and diagnostic companies in the world, is investigating a possible attack against its network and a potential data breach, according to paperwork filed with the SEC.
More Data Breaches in Store for US Retail Industry
Larry Loeb  
7/20/2018   13 comments
A report from Thales eSecurity and 451 Research finds that the security systems of US retailers are getting breached more often than their global counterparts. As a result, IT is rethinking its security spending.
With 'Snowball,' AWS Brings Security Layer to the Edge
News Analysis  
7/19/2018   2 comments
With updates to its "Snowball" device this week, AWS looks to address concerns about how security works at the edge, as well as within the cloud itself.
Gartner: CIOs Need to Hire More Cybersecurity Experts
News Analysis  
7/19/2018   5 comments
New research determined 65% of CIOs have hired a cybersecurity expert to help protect their enterprises, but more of these hires are needed, finds Gartner.
Education Sector CISOs Get High Marks on Security
News Analysis  
7/18/2018   Post a comment
In a surprise outcome, the education sector rises to the top of a SecurityScorecard assessment for its ability to protect data assets despite connecting thousands of unsecured devices and even some determined student hackers.
AWS' Werner Vogels: 'Security Is Everyone's Job'
News Analysis  
7/18/2018   Post a comment
At the AWS New York Summit, CTO Werner Vogels detailed how security is a much wider responsibility, and how automation and encryption are essential to better (and more secure) application development in the cloud.
iPhone Users Targeted in Mobile Malware Attack
News Analysis  
7/17/2018   1 comment
Cisco Talos has found a complex mobile malware attack that tricks users into downloading compromised MDM software onto their iPhones.
Researchers Detail Spoofing Attack Against Vehicle GPS
Larry Loeb  
7/17/2018   3 comments
A new paper shows that with the right amount of hardware and know-how, an attacker can spoof a vehicle's GPS system and change the route.
ZTE Cleared to Return to Business After US Lifts Ban
News Analysis  
7/17/2018   1 comment
Despite hefty fines and concerns about national security, ZTE is cleared to return to business after the US lifted its ban on selling components to the company.
IDT CIO Faces Down New Crop of Global Threats
Simon Marshall  
7/16/2018   Post a comment
IDT CIO Golan Ben-Oni has faced down two serious cyberattacks in the last year and he expects more are on the way. From selecting vendors to thinking about the cloud, here's how Ben-Oi is rethinking the security landscape.
Broadcom's Deal for CA Puts Big Iron in the Spotlight
Larry Loeb  
7/16/2018   Post a comment
With Broadcom buying CA for $18.9 billion, old-time big iron is suddenly cool again. Here's what it means for security and software development.
12 Russian Nationals Indicted in 2016 Hacking of DNC, Clinton Campaign
News Analysis  
7/13/2018   2 comments
The DOJ and the Special Counsel's Office indicted 12 Russian nationals, charging them with hacking into the networks of the Democratic Congressional Campaign Committee, the Democratic National Committee and the Hillary Clinton presidential campaign.
Attackers Increasingly Turning Attention to the Cloud
Jeffrey Burt  
7/13/2018   10 comments
In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.
Bug Bounty Programs Paying Off for Enterprises
Larry Loeb  
7/13/2018   3 comments
The number of bug bounty programs continues to grow, and enterprise security is better for it. A new report urges more businesses to embrace and not squash these initiatives.
IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M
Jeffrey Burt  
7/12/2018   1 comment
For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.
Kaspersky: Asia the Focus of APT Operations in Q2
Jeffrey Burt  
7/12/2018   Post a comment
In their second quarter report, Kaspersky researchers also noted the return of various well-known bad actors and the threats facing networking hardware devices.
'RDP Shops' Proliferate Throughout the Dark Web
News Analysis  
7/11/2018   Post a comment
For as little as $10, McAfee researchers found that they could buy access to the security and building automation systems of a US airport thanks to the proliferation of 'RDP shops' across the dark web.
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
Larry Loeb  
7/11/2018   4 comments
By targeting third-party vendors that Ticketmaster uses to help process payment, the Magecart group appears to be expanding the scope of its cybercrimes, according to RiskIQ.
AT&T Absorbs AlienVault's Cybersecurity Insights
News Analysis  
7/11/2018   1 comment
The new combo of AT&T and AlienVault will power the carrier's new SMB security services but it's not yet certain how reports and research from the Open Threat Exchange will be impacted.
HNS IoT Botnet Evolves, Goes Cross-Platform
Jeffrey Burt  
7/10/2018   2 comments
The Hide 'N Seek malware had previously targeted devices such as home routers and DVRs, but now the botnet is including Apache CouchDB and OrientDB in its expanding list of targets.
Cisco: GDPR Is About More Than Compliance
Jeffrey Burt  
7/10/2018   Post a comment
Cisco's top privacy official says that the EU's new privacy regulations – GDPR – gives forward-thinking companies an opportunity to excel by building new data management and privacy models.
PG&E Allows Substantial Account Access Without a Password, Researcher Finds
News Analysis  
7/9/2018   Post a comment
After checking his own PG&E account, security researcher Justin Troutman found that the utility company allowed users to access accounts without a password. The company claims accounts are safe.
Attackers Combining Smoke Loader & PROPagate in New Campaign
Larry Loeb  
7/9/2018   Post a comment
Cisco Talos researchers have found that attackers have started to combine Smoke Loader and the PROPagate injection in a new campaign delivered through phony Word documents.
APTs: Now's the Time for a New Approach
News Analysis  
7/6/2018   Post a comment
Advanced Persistent Threats, or APTs, are one of the greatest problems that enterprises face today. However, security teams have been taking the wrong approach...
Google, Firefox Pull Stylish After Report Shows How Data Is Collected
Larry Loeb  
7/6/2018   23 comments
A security researcher showed how the Stylish browser extension sent personal data and search results back to the parent company, and this forced Mozilla and Google to yank it off their stores.
How Quantum Physics Will Protect Against Quantum-Busting Encryption
Jeffrey Burt  
7/5/2018   2 comments
The CEO of the startup Quantum Xchange envisions a nationwide dark fiber quantum network that protects encrypted data in transit with an on-demand Quantum Key Distribution service.
How the Cloud Is Changing the Identity & Access Management Game
Simon Marshall  
7/5/2018   Post a comment
Fresh off a $17.5M funding round, startup Preempt is one of several companies that is looking to change the identity and access management game as the enterprise shifts to the cloud.
Researchers Show How Attackers Can Crack LTE Data Link Layer
Larry Loeb  
7/4/2018   4 comments
In a paper, researchers show how an attacker with the right equipment can crack the data link layer of an LTE network. It's mostly theoretical, but it shows why upcoming 5G security standards need to be tougher.
Automated Network Security Is Crucial, but No Panacea
News Analysis  
7/3/2018   1 comment
As attacks get more sophisticated and business gets more mobile and distributed, automation capabilities enable networks to keep up with the rapid pace of change.
Cybercriminals Start Looking Beyond the Dark Web
Simon Marshall  
7/3/2018   2 comments
For years, the Dark Web was seen as a safe haven for cybercrime. Now, a new report finds that cybercriminals are turning toward newer technologies, such as Blockchain DNS, to shield their activities.
Second Equifax Employee Facing Insider Trading Charges
News Analysis  
7/3/2018   1 comment
The SEC, along with the Justice Department, has charged Sudhakar Reddy Bonthu, a former software engineer at Equifax, with insider trading following the 2017 data breach at the credit reporting agency.
RIG Exploit Kit Injects Code That Creates Monero Miner
News Analysis  
7/2/2018   10 comments
Researchers at FireEye have found the first instance of the RIG exploit kits injecting code into machines that creates a malicious Monero miner.
Seamless Cloud Security Depends on Encryption Done Right
Joe Stanganelli  
7/2/2018   3 comments
As the enterprise shift to the cloud, there's a debate about what's best for securing data as it moves from one platform to another. A Boston startup is looking to encrypt data in motion and at rest, and this could be the next big trend.

Latest Articles
Some startups need to shape up or ship out.
Hardware for security may just get hot.
There is a protocol in Windows that has been around since the days of Windows XP, which has been found to be insecure.
Establishing a business-focused security assurance program is a long-term, ongoing investment.
A syntax construct inside the TCL language is allowing injection attacks to occur.
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with