. home.aspx

TRENDING NEWS

home.aspx
   

    TRENDS BEHIND ANTICIPATED $300+ BILLION CYBERSECURITY MARKET

    Mar 19, 2019

    Leading technology companies in the world have experienced and countered cyber-attacks since the advent of the internet, eventually leading to the inception of cybersecurity market. Today, cybercrimes are measured among the most active and loss inducing offences being witnessed globally, enveloping ...

    SMART ENERGY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61756175

    POST-QUANTUM CRYPTOGRAPHY BECOMING RELEVANT IN PRE-QUANTUM WORLD

    Mar 19, 2019

    Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns Arvind Krishna, director of IBM Research. "Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61856185

    HALF OF ORGANISATIONS LACK ENOUGH SECURITY TALENT TO BE SECURE

    Mar 19, 2019

    Those thinking artificial intelligence (AI) will steal their jobs need not worry – the software is only filling the blanks, at the moment. And the blanks, at least when it comes to cybersecurity, are quite large. According to the latest Trend Micro figures, organisations worldwide are faced wi...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61866186

    MICROSOFT AZURE SENTINEL USES DATA ANALYTICS TO IMPROVE SECURITY

    Mar 19, 2019

    Giving a wider range of fresh cyber-attack threats and information to IT security workers 24/7 is the aim of a new Microsoft Azure security tool—Microsoft Azure Sentinel—that was just released by the company in preview mode. Built to streamline the collection of IT security information a...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61876187

    MOZILLA IMPROVES WEB BROWSER SECURITY IN FIREFOX 66 UPDATE

    Mar 19, 2019

    Mozilla released the Firefox 66 update on March 19, providing users of the open-source web browser with new features that enhance user experience and improve security. Among Firefox 66's new features is one that blocks websites from auto-playing sound, which can be an annoyance. Also, the search...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61886188

    ONLY 28% OF GOV.UK DOMAINS SUPPORT DMARC

    Mar 19, 2019

    Only around a quarter of the UK government’s gov.uk domains have been set up to support an industry best practice email validation system, despite the imminent retirement of a previous public sector domain platform, according to Egress. The security vendor found that just 28% of gov.uk domains...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61896189

    SMBS COULD BE THE KEY TO CRACKING DATA BREACHES

    Mar 18, 2019

    If we want to reduce the number of successful cyberattacks that target businesses – we need to turn our attention towards small and medium-sized ones because, if a newly released report is to be believed, they are the weakest link in the chain. The report issued this morning by Business in the...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61766176

    WHY TRUST IS KEY FOR CYBER-SECURITY RISK MANAGEMENT

    Mar 18, 2019

    Trust is an often-overused term, but according to Rohit Ghai, president of RSA Security, trust is the key to understanding and managing digital risk. In a video interview with eWEEK, Ghai discusses his views on trust, where the concept of an artificial intelligence "digital twin" fits in a...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61776177

    TOP LONDON ATTRACTIONS HIT BY MILLIONS OF CYBERATTACKS

    Mar 18, 2019

    The UK's museums and other tourist attractions are being hit by more cyberattacks than ever before, new research has found. A Freedom of Information (FoI) request issued by the Parliament Street think tank to four major tourist attractions in the UK - Kew Gardens, National History Museum, Tate G...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61786178

    SHRED-IT HELPS HOTELIERS PREVENT DATA SECURITY ISSUES

    Mar 18, 2019

    Cyber breaches are a huge security concern for the hotel industry—but they’re not the only security concern. “The industry has seen its fair share of cybersecurity breaches over the last few years and while it is absolutely essential that hotels have their cybersecurity protections...

    HOTEL BUSINESS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61796179

    CBA ASSURES ITSELF OF LANDMARK WHITE'S POST-BREACH INFOSEC

    Mar 18, 2019

    First lender to reinstate valuation firm. CBA has reinstated LandMark White as an option to conduct residential property valuations, after the institution assured itself of the valuer’s information security following a data breach in January. LandMark White said in a financial filing that it a...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61726172

    WOODSIDE BUYS INTO WA CYBER SECURITY FIRM

    Mar 18, 2019

    security firm that specialises in protecting critical infrastructure. The resources company announced today that, subject to conditions precedent, it would buy into Sapien Cyber Ltd. Sapien describes itself as providing a security solution for security both IT and OT. Woodside said that Sapien &ldqu...

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61746174

    SECURITY BUDGETS GET AN SME BOOST IN 2019

    Mar 15, 2019

    Small and medium-sized enterprises will be spending more money on security this year, as well as hiring new staff, according to new research from Armor. Apparently, they’re more aware of the huge importance of having airtight cybersecurity. According to the report, four in five SMEs will be lo...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61736173

    KATHMANDU PROBES POSSIBLE CARD SKIMMING BREACH

    Mar 15, 2019

    In a statement posted to the New Zealand Exchange (NZE), the firm said it was notifying potentially affected customers directly, advising them to contact their banks and card providers. “Kathmandu has recently become aware that between January 8, 2019 NZDT and February 12, 2019 NZDT, an uniden...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61706170

    VMWARE LAUNCHES SERVICE-DEFINED FIREWALL FOR INTRINSIC SECURITY

    Mar 15, 2019

    New Zealand-based outdoor clothing retailer Kathmandu is urgently investigating a potential breach of customer card data harvested from its websites. There are a number of different ways to think about security and how it should be implemented. For Tom Gillis, senior vice president and general manag...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61716171

    THE EUROPEAN COUNCIL HAS ANNOUNCED ITS POSITION ON CYBERSECURITY CENTRES

    Mar 14, 2019

    The European Council has announced that the European Union is stepping up its protection against cybersecurity threats, and is discussing a new structure of European cybersecurity centres. The European Council’s Permanent Representatives Committee have granted a mandate to the Romanian preside...

    SCITECH EUROPA
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61556155

    5 CYBERSECURITY THREATS YOUR DNS LOGS ALREADY REVEAL

    Mar 14, 2019

    Cybersecurity can be an exhausting job. Between the onslaught of ‘silver bullet’ tools that supposedly protect organizations, and the additional layer of tools needed just to make sense of the first group, even the smartest teams are finding themselves stretched thin. There are signals a...

    TECHRADAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61566156

    GEOSCIENCE AUSTRALIA TAKES ACTION AFTER CYBER SECURITY FAIL

    Mar 14, 2019

    Moves to have all Essential Eight in place by June 2020. Geoscience Australia has kicked off a program of work to implement all the government’s mandatory and non-mandatory cyber security requirements by 2020 after being labelled highly exposed to cyber-attack last year. In June 2018 the Austr...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61576157

    CRYPTOJACKING TAKES A NEW TURN IN CRYPTOSINK CAMPAIGN

    Mar 14, 2019

    Researchers from F5 Labs reported on March 14 that they have discovered a new cryptojacking campaign that is abusing unpatched Elasticsearch servers. Unauthorized cryptocurrency mining, commonly referred to as "cryptojacking," is an attack trend that started in 2017 and hit a peak in mid-2...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61586158

    FACEBOOK SUFFERS GLOBAL OUTAGE, CLAIMS DDOS NOT THE CAUSE

    Mar 14, 2019

    Facebook users around the world had a singular question for much of March 13: Is Facebook down? As it turns out, the global social media giant and its related Instagram and WhatsApp services were in fact unavailable and down for much of the day. Some service was restored by March 14, though full glo...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61596159

    PROTECTING APPLICATIONS AGAINST DFA ATTACKS

    Mar 14, 2019

    2001 was an exciting time for cryptography, as the new Advanced Encryption Standard (AES) specification was finalized, making a mathematically secure and performant encryption algorithm available to the public. Designed to replace older cryptographic algorithms that were starting to show weaknesses ...

    HELP NET SECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61476147

    BLOCK IN RUSSIA UNJUSTIFIED, SAYS PROTONMAIL

    Mar 13, 2019

    Claiming that it had received multiple bomb threats via email messages, the Russian government restricted internet access, which resulting in blocking ProtonMail email servers, according to PortSwigger. In a March 12 blog post authored by Andy Yen, ProtonMail founder, Yen called the block "unju...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61486148

    DPI19: OPEN BANKING AND DATA SHARING WILL BENEFIT CONSUMERS

    Mar 13, 2019

    Speaking at the IAPP Data Protection Intensive 2019 conference in London on 'How Privacy & Data Protection are Impacted by Competition Considerations,' Helena Koning, senior managing counsel and data protection officer at Mastercard, said that new rules on open banking are permitting mor...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61496149

    CHINA THREAT OVERBLOWN BY EU CYBERSECURITY ACT

    Mar 13, 2019

    On Tuesday, March 12, Members of the European Parliament (MEPs) adopted the European Union (EU) Cybersecurity certification scheme for products, processes and services.The Cybersecurity Act is a scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity ...

    CGTN
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61396139

    TETRATE EMERGES WITH ENTERPRISE SERVICE MESH PLATFORM

    Mar 13, 2019

    Tetrate officially launched on March 13, announcing its enterprise service mesh platform that is built on top of the open-source Istio and Envoy projects. The concept of a service mesh has been an emerging trend over the past year as an approach that enables networking connectivity and security poli...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61456145

    INSIDERS ARE BIGGEST SECURITY PROBLEM FOR COMPANIES TODAY: CYBER SECURITY EXPERT

    Mar 13, 2019

    Saryu Nayyar is the CEO of Gurucul, a company that specialises in user and entity behavior analytics, identity analytics, fraud analytics and cloud security analytics. Nayyar is an internationally recognised cyber security expert, author, speaker and member of the Forbes Technology Council. She has ...

    THE WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61466146

    GEORGIA COUNTY PAYS $400,000 TO RANSOMWARE ATTACKERS

    Mar 12, 2019

    Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period. Struggling to recover from the outage, local officials reportedly paid a ransom worth $400,000 in bitcoins to restore IT systems and infrastructure. Jackson...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61356135

    EXPERTS EXPRESS CONCERNS AS CYBER SECURITY THREATS LOOM ON SMART CITIES

    Mar 12, 2019

    Cyber security threats loom large on Smart cities as the country embarks on a journey to create about 100 such cities driven by smart solutions, leveraging on cutting edge technology. Together, these Smart cities aim to house 40 per cent of India’s population and contribute about 75 per cent t...

    BUSINESS STANDARD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61366136

    THE MUST-HAVES FOR YOUR DATA CENTER CYBERSECURITY CHECKLIST

    Mar 12, 2019

    The cyberthreat landscape is changing faster than ever for data center managers. Cybercriminals pulled in record hauls last year from ransomware, business email compromise, and other nefarious schemes, and they’re expected to be investing some of that money in new attack methods and platforms....

    DATA CENTER KNOWLEDGE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61376137

    THE MOBILE APPLICATION SECURITY QUANDARY

    Mar 12, 2019

    The need for enhanced mobile application security is being driven by increasingly powerful mobile devices and the ubiquitous availability of bandwidth, says John Aisien of Blue Cedar. "Enterprise computing is not only moving to the cloud at an amazing pace, but some of that compute is also movi...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61386138

    ADDIGY ADDS SINGLE SIGN-ON TO ITS APPLE DEVICE MANAGEMENT PLATFORM

    Mar 11, 2019

    Apple device management platform vendor Addigy has unveiled a wide range of new features for its cloud-based services, including single sign-on capabilities, LANCache peer-to-peer caching and expanded mobile device management (MDM) services. The new features, which were announced here at the Addigy ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61256125

    HOW TO REDUCE ERP SECURITY RISKS

    Mar 11, 2019

    Enterprise resource planning (ERP) systems are among the most critical enterprise applications that an organization operates and as such, they represent a lucrative target for attackers. In a session at the RSA Conference last week, Onapsis CTO JP Perez-Etchegoyen outlined what's behind ERP brea...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61266126

    ERICSSON TESTS FIRST CERTIFIED DEVICE FOR CTIA’S IOT CYBERSECURITY PROGRAM

    Mar 11, 2019

    An aftermarket connected car device is the first to be certified by CTIA’s IoT Cybersecurity Certification Program, which launched last August to help ensure the increasing number of cellular-connected devices have appropriate security capabilities. The device, the Harman Spark, is offered exc...

    ELECTRONIC COMPONENT NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61276127

    HOW SMBS CAN BOLSTER CYBERSECURITY EFFORTS

    Mar 11, 2019

    Keeping current with cyberthreats is an imposing logistics problem facing small- and medium-sized businesses (SMBs)—cybercriminals are constantly changing their tactics. If something stops working or fails to provide sufficient return for their effort, the bad guys move on. That may work well ...

    TECHREPUBLIC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61286128

    SKILLS GAP IS LEADING TO MAJOR SECURITY WORRIES

    Mar 11, 2019

    Finding skilled cybersecurity staff is an increasingly difficult task, new research has claimed. A new report by Tripwire found it’s not just about not having actual people to do the job – it’s also due to the rapidly transforming technology and threat landscapes. Consequently, the...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61296129

    BANKING TROJANS SEE MAJOR RISE IN 2018

    Mar 08, 2019

    Kaspersky Lab has revealed a major rise in the number of banking Trojans, also known as "bankers". The company says it tracked almost 900,000 bankers in 2018, a 15 per cent increase compared to 2017, when it registered 767,000 attacks. Allegedly, there have been ‘increased activities...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61206120

    HUMAN ERROR STILL A MAJOR SECURITY WORRY

    Mar 08, 2019

    For businesses of all sizes, from SMBs to large corporations – human error is still one of the main pain points when it comes to cybersecurity. A new report from BAE Systems found 71 per cent of all recorded incidents started as a phishing attack, and roughly two thirds (65 per cent) were unta...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61226122

    WHAT’S REALLY BEHIND FACEBOOK’S NEW PRIVACY AND ENCRYPTION EFFORT?

    Mar 08, 2019

    On its face, Mark Zuckerberg’s announcement that Facebook plans to move to a more privacy-oriented service seems like welcome news, given how he and his company have run roughshod over his users’ privacy since its founding. But now he’s saying that he wants to make personal interac...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61236123

    BREACHES AND LEAKS SOARED 424% IN 2018

    Mar 08, 2019

    Nearly 15 billion identity records circulated in underground communities in 2018, a 71% increase over the year as hackers targeted smaller organizations more widely, according to a new report from 4iQ. The identity intelligence company scanned the surface, social, deep and dark web for identity rela...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61246124

    VIVA THE REVOLUTION: HOW CYBERSECURITY CAN HELP WITH DIGITAL TRANSFORMATION

    Mar 07, 2019

    We've had the Atomic Age, the Space Age and the Information Age, and now we're on the cusp of what could be called the culmination of all those – the Fourth Industrial Revolution, in which data, devices, and advanced technologies like biotech and nanotech are already bringing major cha...

    TECHRADAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61086108

    OVERCOMING THE 2019 CYBER-THREAT

    Mar 07, 2019

    Over the last couple of years, the dramatic development of digital technologies has fuelled the growth and needs of the mobile workforce. Recent research by Microsoft found that only 11.4 per cent of European employees feel highly productive at work, and, amidst the arrival of innovative technologie...

    TECHRADAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61096109

    FTSE 350 BOARDS STILL STRUGGLING WITH CYBER AWARENESS

    Mar 06, 2019

    UK boards are getting better at understanding cybersecurity as a strategic issue, but still lack crucial awareness of the impact of attacks on their organization, according to a new government report. The FTSE 350 Cyber Governance Health Check 2018 features data collected from interviews with the to...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60986098

    NEW GOOGLE CHROME ZERO-DAY VULNERABILITY FOUND ACTIVELY EXPLOITED IN THE WILD

    Mar 06, 2019

    You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute...

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60996099

    MOBILE MALWARE ATTACKS DOUBLE IN 2018

    Mar 06, 2019

    Smartphones are facing more security threats than ever before, with mobile malware attacks hitting a new high in 2018, new research has found. Findings from Kaspersky Lab report that the number of mobile malware attacks doubled in 2018, topping 116.5 million last year, compared to 66.4 million in 20...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61056105

    MASSIVE SPOILER VULNERABILITY AFFECTS INTEL CPUS

    Mar 06, 2019

    Another major security vulnerability is affecting Intel processors, experts have warned. SPOILER was detected by researchers at Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in Germany, and could be even more dangerous that the infamous Spectre vulnerability. The...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61216121

    RSA SECURITY OUTLINES A PATH FOR THE TRUST FUTURE

    Mar 05, 2019

    Often RSA Conference keynotes detail new technologies or outline existing challenges. At the RSA Conference 2019 here, RSA Security took a different approach this year—predicting a possible future that could be less than ideal for humanity unless the right steps are taken. Rohit Ghai, presiden...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60956095

    MICROSOFT SECURITY SERVICES PUT AI, EXPERTS TO WORK AGAINST THREATS

    Mar 05, 2019

    Microsoft is rolling out a brace of threat fighting capabilities for Windows 10 administrators that promise to bring the big guns of the company’s security experts, as well as its AI capabilities, to bear against attackers. The new services are Microsoft Azure Sentinel and Microsoft Threat Exp...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60966096

    HOW TO STAY AHEAD OF THE NEXT OPERATIONAL TECHNOLOGY THREAT

    Mar 05, 2019

    The daily deluge of negative security headlines and data breaches isn't the whole story when it comes to modern cyber-security, according to Cisco. In a keynote at the RSA Conference here, Cisco executives outlined some key successes against recent threats and detailed a strategy for bridging th...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60976097

    FINANCIAL FIRMS FACING GREATER CYBER THREAT

    Mar 05, 2019

    Banks and other financial businesses are facing a greater cybersecurity threat than ever before, new findings have said. Research from security firm Carbon Black found that over two-thirds (67 per cent) of finance firms have reported an increase in cyberattacks over the past 12 months as hackers goe...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61076107

    LAZARUS GROUP RETURNS WITH MAJOR SPEARPHISHING CAMPAIGN

    Mar 04, 2019

    North Korean hacking outfit Lazarus Group is targeting users around the world with a major new spearphishing campaign. Security firm McAfee says it has found evidence linking Lazarus to the huge Operation Sharpshooter attack first detected last December which uses sophisticated spearphishing emails ...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=61066106

    WHY RANSOMWARE IS STILL AN ACTIVE THREAT

    Mar 04, 2019

    For several years, ransomware was a rising threat, causing hundreds of millions of dollars in damages and disrupting operations around the world. But what is the state of ransomware in 2019?  In a session at the RSA Conference here, a pair of McAfee researchers detailed how the threat landscape...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60856085

    MCAFEE CONFIRMS OPERATION SHARPSHOOTER LINK TO NORTH KOREA

    Mar 04, 2019

    Researchers have confirmed the Operation Sharpshooter APT campaign uncovered in December 2018 is likely the work of North Korean hackers, and has been active for a year longer than previously thought. McAfee revealed today that it was given a rare insight into the inner workings of such a group afte...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60866086

    SECURITY LEADERS SUFFERING FROM CYBER FATIGUE

    Mar 04, 2019

    Cybersecurity professionals are positive about the challenges of dealing with the growing number of threats around today, but many still feel pessimistic about their work, new research has found. A significant number of workers say they are suffering from "cyber fatigue" according to Cisco...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60886088

    IT SECURITY PROGRAMMES BEING DELAYED BY BOARD HOLD-UPS

    Mar 01, 2019

    Two-thirds of UK firms believe their security programme is now "continuously reactive". UK firms are split between a desire protect their products or their business when it comes to security priorities, according to new research. A report from Optiv found that many UK IT security decision ...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60896089

    MASSCYBERCENTER SAYS STATE FACES INCREASED THREATS

    Mar 01, 2019

    The state of Massachusetts is reportedly facing increased cyber threats from adversaries who are trying to steal sensitive information, according to the Gloucester Daily Times. In an interview with Stephanie Helm, director of the MassCyberCenter, State House reporter Christian M. Wade learned that t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60876087

    U.S. CYBER-WARRIORS DISRUPT RUSSIAN ELECTION ATTACKS

    Feb 28, 2019

    It started in mid-October 2018, when Russian operatives of the Internet Research Agency started getting emails and direct messages on social media letting them know that the United States was watching them, that it knew their names and where they worked. Then, on Nov. 6, 2018, everything went dark f...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60726072

    STUDY: BREAKING SILOS COULD REDUCE BREACH COSTS

    Feb 28, 2019

    The cybersecurity industry experienced some ups and downs last year, according to the 3,200 senior security professionals from 18 countries who participated in Cisco’s fifth annual CISO Benchmark Study. The study revealed that security professionals experienced both encouraging gains, with onl...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60736073

    HIRING, THREATS AND BUDGET CAUSE BIGGEST SECURITY HEADACHES

    Feb 28, 2019

    The three biggest challenges faced by IT professionals relate to threats, hiring and budget.. According to a survey of 1500 IT professionals by LogRhythm, the top challenges were divided as follows: Inability to detect the full range of threats – 34%. Difficulty in finding skilled cyber profes...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60746074

    GLOBAL SPAM CALLS HIT 85 BILLION IN 2018

    Feb 28, 2019

    Global spam calls have soared by 325% over 2018 to reach a staggering 85 billion worldwide, according to new findings from Hiya. The Caller ID company claimed in its first Global Robocall Radar report that spam rates in Spain (24%), the UK (22%), Italy (21%) and France (20%) are the highest in the w...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60756075

    SSL-BASED PHISHING SURGES 400% FROM 2017

    Feb 28, 2019

    Hackers are increasingly using encrypted traffic to hide their attacks from security filters, with phishing emails soaring in popularity, according to new data from Zscaler. The cloud security provider processes more than 60 billion transactions per day and claimed that hiding threats in SSL traffic...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60766076

    SYMANTEC ADVANCES INTEGRATED CYBER DEFENSE PLATFORM

    Feb 27, 2019

    No one technology or vendor can protect an organization against all cyber-security risks. That's why Symantec has been pushing forward its vision of an Integrated Cyber Defense platform (ICD) in an effort to bring together multiple technologies with an integrated approach. On Feb. 27, Symantec a...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60776077

    MOST UK IT SECURITY LEADERS FEAR CNI ATTACK

    Feb 27, 2019

    Over half of organizations believe the UK is heading for a major attack on critical infrastructure (CNI) this year, with siloed teams causing dangerous security gaps between IT and OT functions, according to Infosecurity Europe. The region’s leading information security event polled over 12,00...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60716071

    CYBER SECURITY DURING MERGERS AND ACQUISITIONS (M & A)

    Feb 26, 2019

    On face value, one may question what company mergers, acquisitions, or takeovers have to do with cyber security. But for law firms charged with overseeing the safe completion of such transactions, cyber security should be a core consideration, for two key reasons. Firstly, there is a risk that durin...

    TODAY’S CONVEYANCER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60486048

    ORDR RAISES $16.5 MILLION FOR NETWORK-LEVEL CYBERSECURITY

    Feb 26, 2019

    In this day and age, enterprises can’t take a traditional IT approach to security — or so claims Ordr, a Santa Clara, California-based startup developing a network-level cybersecurity platform. It contends that the client-side security suites installed on legacy workstations, laptops, an...

    VENTUREBEAT
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60576057

    GV LEADS $15 MILLION INVESTMENT IN STEALTH CANADIAN CYBERSECURITY STARTUP CMD

    Feb 26, 2019

    A Canadian cybersecurity startup is emerging from stealth today with a fresh $15 million in funding from Alphabet investment arm GV, with participation from startup studio Expa, Amplify Partners, and a host of additional “strategic investors.” Founded in early 2016, Cmd is the brainchild...

    VENTUREBEAT
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60586058

    PRIVILEGED CREDENTIAL ABUSE INVOLVED IN 74% OF DATA BREACHES, SAYS STUDY

    Feb 26, 2019

    Cybercriminals are continuing to target low-hanging fruit; according to a new study from Centrify, the security and identify firm, while 74% of data breaches involved privileged credential abuse, identity and access management resources are severely lacking among enterprises. The survey of 1,000 IT ...

    INFORMATION AGE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60596059

    HOW GAMIFICATION CAN BOOST CYBER SECURITY

    Feb 26, 2019

    Insider threats are costing companies hugely. In fact, according to the Ponemon Institute, the average cost of data breaches caused by employees is more than $8 million (£6.1 million) per year. Many breaches are caused accidentally when employees click on phishing emails or unknowingly open su...

    INFORMATION AGE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60606060

    UCONN HEALTH AMONG THE LATEST PHISHING VICTIM

    Feb 25, 2019

    Phishing and other hacking incidents have led to several recently reported large health data breaches, including one that UConn Health reports affected 326,000 individuals. In describing a phishing attack, UConn Health says that on Dec. 24, 2018, it determined that an unauthorized third party illega...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60616061

    NEW DNS ATTACKS MAKE USE OF DNSSEC MORE CRITICAL THAN EVER

    Feb 25, 2019

    An insidious new series of cyber-attacks that redirect traffic intended for specific websites by changing their DNS records has resulted in the first emergency directive by the Cybersecurity and Infrastructure Security Agency. This directive was followed in February by an alert by ICANN (Internet Co...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60626062

    MAJOR SECURITY FLAWS DISCOVERED IN 4G AND 5G

    Feb 25, 2019

    Researchers have uncovered a number of major security holes in the communications protocols governing 4G and 5G networks. The flaws could allow an attacker, even not one necessarily highly skilled or educated, to intercept phone calls and track the victim's location. The flaw was uncovered by Ni...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60636063

    ICANN: WE NEED DNSSEC EVERYWHERE TO COMBAT HACKERS

    Feb 25, 2019

    ICANN has called on Domain Name System (DNS) stakeholders to urgently improve security across all domains to combat a growing threat from attackers. It wants DNS Security Extensions (DNSSEC) to be rolled out worldwide across all unsecured domain names in response to a wave of new DNS hijacking attac...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60496049

    HACKERS ABUSE LINKEDIN DMS TO PLANT MALWARE

    Feb 25, 2019

    Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware. Researchers at Proofpoint found that the malware campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ o...

    IT PRO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60476047

    A V-CISO’S TAKE ON THE 5 ISSUES FACING CYBERSECURITY

    Feb 25, 2019

    In just 20 years, we’ve seen the cybersecurity field grow from virtually non-existent into a $120 billion industry. But no matter how much it grows, it still feels like the bad guys are always two steps ahead. Why? Because our adversaries are, in fact, at an advantage. This advantage has less ...

    SECURITY BOULEVARD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60336033

    SOME GPS RISK VIOLATING GDPR BY SIGNING UP TO CHANGES IN CHILDHOOD HEALTH DATA SHARING

    Feb 25, 2019

    As many as 3,300 GP practices in England risk violating data protection laws if they sign up to changes in a data sharing agreement for childhood vaccination. Changes to the Child Health Information Service (CHIS), used by general practitioners in the West Midlands, parts of London and the South Wes...

    IT PRO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60436043

    LABOUR REPORTS DATA BREACH TO THE ICO AFTER MPS JOIN THE INDEPENDENT GROUP

    Feb 25, 2019

    The Labour Party has reported an alleged data breach to the Information Commissioner's Office (ICO) over fears the personal data of party members was improperly accessed following the resignation of several MPs this week. It is understood the party has accused at least one of the eight former La...

    IT PRO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60446044

    81 PER CENT OF CANADIANS CONCERNED ABOUT CYBER SECURITY

    Feb 24, 2019

    Eighty-one per cent of Canadians say they are concerned about the security of personal information held by a government department if it experiences a cyber attack. Almost eight out of 10 Canadians are also concerned about cyber attacks against organizations that may have access to their personal in...

    VICTORIA NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60306030

    FLAWS DISCOVERED IN POPULAR PASSWORD MANAGERS, REPORT CLAIMS

    Feb 22, 2019

    An analysis of multiple top password manager products has revealed vulnerabilities in the tools they use that could potentially put the security of user's credentials at risk, according to Independent Security Evaluators (ISE). A new study, Under the Hood of Secrets Management, found that a vari...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60316031

    ENTRUST TO ACQUIRE NCIPHER SECURITY TO APPROVE GEMALTO DEAL

    Feb 22, 2019

    Entrust Datacard has announced a definitive agreement to acquire nCipher Security. Less than a month after nCipher de-merged from Thales, the deal will see nCipher’s identity-based and PKI security solutions become part of Entrust, enabling Thales to complete its acquisition of Gemalto. Operat...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60326032

    19-YEAR-OLD VULNERABILITY IN WINRAR FINALLY FIXED

    Feb 22, 2019

    Security researchers have discovered a bug in the WinRAR file compression application that can allow hackers to execute code remotely. The flaw has existed in all versions of the software for the last 19 years. According to a blog post by researchers at Check Point Software, the exploit works by jus...

    IT PRO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60456045

    MALWARE MINING MONERO DISCOVERED USING HACKING TOOLS TO INFECT WINDOWS SYSTEMS

    Feb 22, 2019

    Security researchers have discovered Monero mining malware that uses hacking tools such as Radmin and Mimikatz to propagate through Windows systems. According to a blog post by security researchers at Trend Micro, the malware scans for open port 445 and exploit a Windows SMB Server Vulnerability MS1...

    IT PRO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60466046

    CYBER SECURITY MARKET COMPETITIVE SCENARIO, DRIVERS AND CHALLENGES ANALYSIS FORECAST 2028

    Feb 22, 2019

    Cyber security is designed to ensure integrity and to protect networks, computer programs, and data from unauthorized access or breaches. Various sectors use cloud services to collect and store confidential data and information, which is transferred across networks. Cyber security software plays a c...

    MARKETWATCH
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60156015

    K2 CYBER SECURITY UNVEILS CLOUD WORKLOAD PROTECTION PLATFORM TO PREVENT ZERO-DAY ATTACKS IN REAL TIME

    Feb 21, 2019

    K2 Cyber Security, Inc. today announced the general availability of its cloud workload security platform, featuring two fundamental innovations that together deliver comprehensive protection for hybrid cloud environments. K2’s Optimized Control Flow Integrity (CFI)™ technology ensures an...

    DARK READING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60166016

    THE CYBERSECURITY 202: ELECTION SECURITY IS GOING TO BE THE HOT NEW DEMOCRATIC CAMPAIGN ISSUE IN 2020

    Feb 21, 2019

    Russian hacking upended Hillary Clinton's 2016 campaign. And it's already impacting the way 2020 Democrats are campaigning this time around. Election security is already emerging as a key talking point on the campaign trail as Democrats offer up policies to secure votes from potential tamper...

    THE WASHINGTON POST
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60176017

    NHS CYBERSECURITY NEEDS TO BE A QUALIFIED SUCCESS

    Feb 21, 2019

    A freedom of information request which revealed a lack of cyber and information governance training may be something of a red herring. But that doesn’t mean there isn’t valuable work to be done on creating a cyber-qualified NHS IT workforce, our expert columnist Davey Winder argues.When ...

    DIGITAL HEALTH
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60186018

    CYBERX WINS CYBERSECURITY EXCELLENCE AWARDS IN THREE CATEGORIES

    Feb 21, 2019

    CyberX, the IIoT and industrial control system (ICS) security company, today announced it is a winner in three distinct product categories of the 2019 Cybersecurity Excellence Awards: IoT Security, ICS/SCADA Security, and Critical Infrastructure Security. These coveted awards recognize CyberX’...

    GLOBENEWSWIRE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60196019

    SYDNEY AIRPORT TO ESTABLISH CYBER SECURITY CENTRE

    Feb 21, 2019

    Lifts defences to reduce threats. Sydney Airport is preparing to establish an around-the-clock cyber security operations centre to protect its systems and data holdings from the threat of cyber-attack. The new centre, which is expected to be up and running by April, is aimed at enhancing “cybe...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60206020

    ERICSSON, NOKIA STRIKE BACK AT 5G READINESS CONCERNS

    Feb 21, 2019

    Ericsson and Nokia are intent on countering the notion that they are not as prepared as China-based rival Huawei to supply operators with 5G network equipment. The push comes just days ahead of the MWC 2019 event in Barcelona, Spain, where 5G will be the hot topic. Executive from both Nordic vendors...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60216021

    TOYOTA AUSTRALIA CONFIRMS 'ATTEMPTED CYBER ATTACK'

    Feb 21, 2019

    Toyota Australia has said it was hit with what it is calling an "attempted cyber attack". "At this stage, we believe no private employee or customer data has been accessed," the company said in a short statement on its site. "The threat is being managed by our IT department,...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60076007

    SYMANTEC'S EMAIL FRAUD PROTECTION OFFERING COMBATS BEC

    Feb 20, 2019

    Today’s topics include Symantec improving email security with fraud protection, and Azure maps getting new SDKs, services and expanded features. On Feb. 14, Symantec announced its Email Fraud Protection offering to help organizations combat Business Email Compromise, which involves attackers s...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60056005

    K2 CYBER SECURITY TAKES DETERMINISTIC APPROACH TO THREAT DETECTION

    Feb 20, 2019

    There are a lot of cyber-security startups that make use of artificial intelligence to help organizations detect new threats, but K2 Cyber Security isn't one of them. K2 officially emerged from stealth on Feb. 20 along with its cloud workload security platform that takes a deterministic real-tim...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60066006

    NORTH KOREAN LAZARUS GROUP STARTS TARGETING RUSSIAN ORGANIZATIONS

    Feb 20, 2019

    In an unusual move, the Lazarus hacking group associated with the North Korean government has recently started targeting organizations from Russia. The group’s primary targets until now have been organizations from countries with which North Korea has geopolitical tensions, such as South Korea...

    SECURITY BOULEVARD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60296029

    SURVEY FINDS SECURITY TEAMS BETTING ON MACHINE LEARNING

    Feb 20, 2019

    A global survey conducted by Enterprise Strategy Group (ESG) of 456 cybersecurity and IT professionals on behalf of Oracle and KPMG has found organizations are being overwhelmed by data and are hoping to get some help via machine learning. According to the survey results, fewer than one-third of res...

    SECURITY BOULEVARD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60346034

    GOOGLE ERRED IN NOT DISCLOSING MICROPHONE IN NEST SECURITY SYSTEM

    Feb 20, 2019

    Google admitted that it didn’t tell users about a built-in microphone in its Nest Secure home security system, according to a report from Reuters. On Wednesday (Feb. 20), the company said it made an error, but that it wasn’t keeping the microphone a secret. “The on-device microphon...

    PYMNTS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60356035

    FORTINET BOOSTS SECURITY MESSAGE FOR CARRIER PUSH TO 5G

    Feb 19, 2019

    Fortinet touted a new proprietary virtual security processing technology a week before the MWC Barcelona trade show in a race to boost security for carriers moving from 4G LTE to 5G. The virtual technology is designed to aid faster connection speeds and secure mobile control at the core and edge clo...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60086008

    LANDMARK WHITE DATA BREACH COULD IMPACT WESTPAC PROPERTY SERVICE CUSTOMERS

    Feb 19, 2019

    Westpac Group has warned customers that those who have conducted a property valuation through its business may have been inadvertently impacted by a separate data breach affecting LandMark White. On Tuesday, the Australian bank and financial services company said the recent security incident at Land...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=60096009

    ISRAEL LAUNCHES CYBERSECURITY HOTLINE FOR SUSPECTED HACKING

    Feb 19, 2019

    Israel has launched a cyber hotline, staffed mostly by veterans of military computing units, to enable businesses and private individuals to report suspected hacking and receive real-time solutions. The 119 call-in number to the Computer Emergency Response Center is being billed by Israel and cybers...

    HAARETZ
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59945994

    FIVE THINGS ENTERPRISES NEED TO KNOW ABOUT THREAT LANDSCAPE

    Feb 19, 2019

    It would be easy to say that 2019 is going to be the year of the state-sponsored hacker, but it would also be easy to say that this year is going to be the year of the cryptojacker. Or I could say that this is the year when cross-site scripting is going to be a major threat. But the reality is that ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59955995

    HOW MACHINE LEARNING-BASED SECURITY SEES RISK FASTER THAN LEGACY TOOLS

    Feb 19, 2019

    Machine learning (ML) and artificial intelligence (AI) are in the process of changing almost every aspect of our lives. My last post focused on how AI can be used to help businesses manage their IT environments better. This post will look at the impact ML has on security. The biggest challenge with ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59965996

    PULSE SECURE ADDS SOFTWARE DEFINED PERIMETER TO SECURE ACCESS PLATFORM

    Feb 19, 2019

    Pulse Secure announced the launch of a new Software Defined Perimeter (SDP) offering on Feb. 19, that integrates with the company's existing Secure Access platform. SDP is an industry standard framework approach led by the Cloud Security Alliance (CSA) that provides access and authentication com...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59975997

    SWEDEN’S PATIENT HOTLINE IN MAJOR PRIVACY SNAFU

    Feb 19, 2019

    Millions of highly sensitive audio files linked to a Swedish healthcare hotline have been left exposed online for several years, in what could be a major breach of the GDPR. The 2.7 million files in question amount to 170,000 hours of calls, dating back to 2013 and left on an open Apache web server ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59985998

    RUSSIAN STATE HACKERS TAKE MINUTES TO MOVE LATERALLY

    Feb 19, 2019

    There was a major rise in Chinese state-sponsored cyber-activity in 2018 while Russian actors were by far the most operationally effective, according to the latest report from CrowdStrike. The security vendor’s 2019 Global Threat Report tracked the relatively new metric of “breakout time...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59995999

    WHY CHINA IS PROBABLY BEHIND THE CANBERRA CYBER-ATTACK

    Feb 19, 2019

    Since Prime Minister Scott Morrison announced a "sophisticated state actor" had tried to hack into Australia's major political parties' networks, the government has shut down any efforts to pin the blame on China. Mr Morrison dodged multiple questions from 3AW broadcaster Neil Mitc...

    9NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59895989

    CHINESE SURVEILLANCE DATABASE EXPOSES MILLIONS OF IDS

    Feb 18, 2019

    Security researchers have spotted a mass data leak from an unsecured database which exposed the personal details of over 2.5 million surveilled Chinese residents. SenseNets Technology uses AI-powered technology in facial recognition cameras to record the movements of millions of minority Uighurs in ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59905990

    TOP 6 COUNTRIES WITH THE BEST CYBER SECURITY MEASURES

    Feb 18, 2019

    Cyber risks represent a genuine risk to governments, economies, organizations and people. In 2015, the US Government’s Office of Personnel Management was breached and traded off, with the organization declaring that 21.5 million social security numbers were stolen from one source, and 4.2 mill...

    ANALYTICS INSIGHT
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59815981

    SYMANTEC IMPROVES EMAIL SECURITY WITH FRAUD PROTECTION

    Feb 15, 2019

    Symantec is looking to reduce the risk of business email compromise attacks with a new offering that makes it easier to implement and manage Domain-based Message Authentication, Reporting and Conformance (DMARC) for email authenticity. Among the most common risks that enterprises face are email frau...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59825982

    HUAWEI RISK CAN BE MANAGED, SAY UK CYBER-SECURITY CHIEFS

    Feb 15, 2019

    Any risk posed by involving the Chinese technology giant Huawei in UK telecoms projects can be managed, cyber-security chiefs have determined. The UK's National Cyber Security Centre's decision undermines US efforts to persuade its allies to ban the firm from 5G communications networks. The ...

    BBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59835983

    CYBER ATTACK ON MALTA'S BANK OF VALLETTA

    Feb 15, 2019

    Malta's largest bank was the target of a cyber attack Feb 13, with hackers attempting to withdraw €13mil (RM59.7mil), Prime Minister Joseph Muscat said. The Bank of Valletta, in which the government is the largest shareholder, shut down its systems, closing branches and ATMs, and suspending...

    THE STAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59885988

    BIG THEMES SET TO EMERGE AT RSA CONFERENCE 2019

    Feb 14, 2019

    With hundreds of specialized sessions, there is always a lot to take in at the annual RSA Conference held in San Francisco. The 2019 event is set to get under way March 4-8 and will tackle all manner of cyber-security topics ranging from new threats, to privacy regulations, emerging technologies and...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59745974

    HACKERS TARGET MALTESE BANK IN €13M CYBER HEIST

    Feb 14, 2019

    A leading Maltese bank is resuming its services today after shutting down operations following a major cyber-attack on Wednesday. The Bank of Valetta (BOV) said in a notice on Thursday morning that customers could once again use ATMs, online banking, mobile Banking and their BOV cards, although at t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59755975

    LOVE BUG FOUND IN OKCUPID ANDROID APP

    Feb 14, 2019

    Only days after Infosecurity reported that OkCupid users said their accounts had been hacked, Checkmarx disclosed that the OkCupid Android App actually posed risks because of security failures in MagicLinks. It’s well known that malicious actors love to exploit a good holiday, which puts users...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59765976

    PATCH TUESDAY ROUNDUP INCLUDES IE ZERO DAY

    Feb 13, 2019

    Microsoft has given system admins plenty of work to do this month with patches for nearly 80 vulnerabilities, including a zero-day flaw in Internet Explorer and a publicly disclosed Exchange server bug. Top of the priority list in this month’s Patch Tuesday security round-up will probably be C...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59675967

    PALO ALTO NETWORKS ACCELERATES SECURITY IN PAN-OS 9.0 UPDATE

    Feb 13, 2019

    Palo Alto Networks is boosting its network security platforms with the new PAN-OS 9.0 update that was announced on Feb. 12. PAN-OS is a hardened operating system based on Linux that provides a secure, enterprise grade environment for executing Palo Alto's network security capabilities. PAN-OS 9....

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59685968

    MILLIONS AFFECTED BY 500PX DATA BREACH

    Feb 13, 2019

    Online photography network 500px has forced a password reset for all users after revealing this week that it suffered a data breach last summer. The site claimed that the incident, which it believes occurred on around July 5 2018, was not discovered until last week, when its engineering team “...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59695969

    ATTIVO NETWORKS ENHANCES DECEPTION PLATFORM WITH FORENSIC COLLECTION

    Feb 13, 2019

    Attivo Networks announced on Feb. 12 that it is expanding its ThreatDefend cyber-security deception platform with its new "The Informer" forensic collection technology. Deception is a class of cyber-security technology that aims to trick attackers with fake services as an approach to help ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59705970

    CDSA RELEASES FIRST TV, FILM CYBERSECURITY GUIDELINES

    Feb 12, 2019

    The Content Delivery and Security Association (CDSA), which advocates for protection of media content, has issued its first TV and film security, notably cybersecurity, guidelines for everything from how to deal with data breaches to keeping costumes and props within the production "perimeter.&...

    BROADCASTING & CABLE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59595959

    QUALYS EXTENDS CLOUD PLATFORM WITH PATCH MANAGEMENT

    Feb 12, 2019

    Qualys announced a new patch management application on Feb. 12, providing organizations with the ability to more easily manage the often-complex process of keeping infrastructure software updated. Qualys Patch Management (PM) is part of the Qualys Cloud Platform service that runs with a single agent...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59605960

    FIRMS URGED TO PATCH SERIOUS CONTAINER RUNTIME FLAW

    Feb 12, 2019

    Enterprises have been urged to patch a serious flaw in runc, the default runtime for Docker and Kubernetes, and ensure they have SELinux enabled. Aleksa Sarai — one of the maintainers for runc — made the initial announcement on Tuesday, attributing the discovery to researchers Adam Iwani...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59615961

    PHISHING, HUMANS ROOT OF MOST HEALTHCARE ATTACKS

    Feb 12, 2019

    Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks, according to findings from the 2019 HIMSS Cybersecurity Survey published by the Healthcare Information and Management Systems Society (HIMSS). The study, whi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59625962

    MUMSNET PRIVACY SNAFU EXPOSES USER INFO

    Feb 11, 2019

    Mumsnet has suffered a serious data leak affecting potentially thousands of users after a software glitch during an IT system migration to the cloud. Justine Roberts, founder and CEO of the popular parenting forum, explained in a blog post late last week that the issue affected users for the best pa...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59515951

    AWS ISSUES ALERT FOR MULTIPLE CONTAINER SYSTEMS

    Feb 11, 2019

    A security issue that affects several open source container management systems, including Amazon Linux and Amazon Elastic Container Service, has been disclosed by AWS. The vulnerabilities (CVE-2019-5736) were reportedly discovered by security researchers Adam Iwaniuk, Borys Poplawski and Aleksa Sara...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59525952

    RESEARCHERS WARN OF MALICIOUS CONTAINER ESCAPE VULNERABILITY

    Feb 11, 2019

    A new vulnerability in the core runc container code could potentially enable a malicious container to get access to the host operating system. Major vendors and cloud providers are already pushing out patches, but there are other things users can do to limit risk. A new serious vulnerability in cont...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59565956

    CHECK POINT REFINING ITS SECURITY OFFERINGS TO MEET EVOLVING DEMANDS

    Feb 08, 2019

    When Check Point Software began its work in the IT security industry in 1993, smartphones, mobile tablets, IoT, and cloud applications and services didn't yet exist. Back then, Check Point's No. 1 job was providing state-of-the-art security to protect hardware, data centers and desktop machi...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59435943

    SECURITY UNICORN ILLUMIO RAISES $65M, HIRES A NEW CFO

    Feb 08, 2019

    Security unicorn Illumio raised $65 million in a Series E round and hired Anup Singh as its chief financial officer. The latest funding brings its total to $332.5 million and follows an even bigger $125 million Series D investment in June 2017. And — perhaps more importantly — it confirm...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59445944

    BLUE HEXAGON USES THE POWER OF DEEP LEARNING TO DETECT NETWORK THREATS

    Feb 08, 2019

    Blue Hexagon emerges from stealth with a cyber-security platform that makes use of deep learning techniques to infer when potential malware is active on a network. As attackers become increasingly sophisticated, there is a need for advanced technologies that can detect attacks that traditional tools...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59455945

    NETOGRAPHY EMERGES WITH AUTONOMOUS FLOW-BASED DDOS DEFENSE SERVICE

    Feb 07, 2019

    Cyber-security startup Netography emerged from stealth on Feb. 7 with a new technology approach to help organizations defend against the risk of distributed denial-of-service (DDoS) attacks. DDoS attacks typically involve large volumes of attack bandwidth that overwhelm services, rendering them unav...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59365936

    SOUTH AFRICAN UTILITY SUFFERS DOUBLE SECURITY BLOW

    Feb 07, 2019

    South Africa’s largest electricity supplier has come under fire for apparently ignoring a serious leak of customer data. Eskom, which claims to transmit and distribute 95% of the electricity used in the country, was called out earlier this week on Twitter by a frustrated security researcher. &...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59375937

    CHINA’S MSS TARGETED MAJOR EUROPEAN MSP: REPORT

    Feb 07, 2019

    Security researchers have discovered another Chinese state-sponsored APT campaign, this time targeting a major European MSP with the likely intent of stealing IP from its customers. Recorded Future and Rapid7 claimed in a new co-authored report that the notorious APT10 group, linked to China’s...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59385938

    DISCONNECT BETWEEN CONSUMERS & BUSINESSES AS COMPANIES CAPITALIZE ON CUSTOMER DATA

    Feb 06, 2019

    There is a growing disconnect between how companies capitalize on customer data and how consumers expect their data to be used, a new report from RSA Security has discovered. The firm polled more than 6000 individuals across France, Germany, the United Kingdom and United States to explore the nuance...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59305930

    BANK IT MANAGER GETS 10 YEARS FOR ATM EXPLOIT

    Feb 06, 2019

    An IT developer at a Chinese bank has been jailed for over a decade after exploiting a vulnerability in its systems to withdraw more than $1m from ATMs. Qin Qisheng, 43, was a manager in Huaxia Bank’s technology development center in Beijing who spotted that a glitch in the lender’s core...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59315931

    MPS HIT BY PHISHING CAMPAIGN: REPORT

    Feb 06, 2019

    MPs have been targeted by a new phishing campaign after a government whip’s accounts were hacked, according to reports. Tory MP Mike Freer told BuzzFeed News that the "parliamentary authorities are currently investigating" following the incident. According to the report, dozens of MP...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59325932

    PASSWORD REUSE REMAINS A BARRIER TO SAFER INTERNET USE

    Feb 05, 2019

    The internet by default is not always safe, which is why Safer Internet Day on Feb. 5 exists—it’s a day to educate and remind users about the steps that should be taken to reduce cyber-security risks. But what are the unsafe things that users are doing online? Google conducted a study al...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59255925

    MOZILLA IMPROVES PRIVACY, SECURITY IN FIREFOX 65

    Feb 05, 2019

    Today’s topics include Mozilla improving privacy controls in Firefox 65, and IBM warning of an Apple Siri Shortcut risk. Mozilla released its first web browser update for 2019 on Jan. 29, with the debut of Firefox 65, which improves a number of features and advances user privacy as part of Moz...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59265926

    HOME IMPROVEMENT SITE HOUZZ SUFFERS DATA BREACH

    Feb 04, 2019

    Home improvement site Houzz has announced a data breach affecting an unspecified number of customers, but claimed that follow-on identity theft is “highly unlikely.” The firm — which claims to have over 40 million homeowners, home design enthusiasts and home improvement professiona...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59195919

    ALEXA 500 SITES TARGETED WITH ADAPTIVE MALWARE

    Feb 04, 2019

    A malicious campaign has been targeting premium publishers using malvertising that looks like legitimate ads for popular retailers, according to The Media Trust. Researchers today published a blog post explaining that a large-scale malicious campaign attempted to exploit 44 adtech vendors with the u...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59205920

    ORANGE’S CYBERDEFENSE UNIT GETS A LEG UP WITH SECUREDATA PURCHASE

    Feb 01, 2019

    Orange today acquired the U.K.-based security company SecureData for an undisclosed amount. This purchase is part of the global provider’s bigger push to boost its Cyberdefense unit. The independently operated SecureData has offered managed security services for over 25 years. The company says...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59135913

    HOW TO GET THE MOST OUT OF ENTERPRISE KNOWLEDGE ASSETS USING SEARCH

    Feb 01, 2019

    The demise of the Google Search Appliance (announced in early 2016) marked the end of the flawed dream of off-the-shelf, one-size-mostly-fits-all enterprise search solutions. In its place is the promise of rich search-based applications that can search, explore and analyze enterprise information. Kn...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59145914

    DELL FOUR-WAY ENDPOINT SECURITY PLAY TARGETS THE MID-MARKET

    Jan 31, 2019

    Dell launched its SafeGuard and Response as a four-level approach to endpoint security aimed at the mid-market. It’s also the second significant endpoint security announcement made this week. SafeGuard and Response includes elements from Secureworks and CrowdStrike, who are partnering on the o...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59155915

    NEW UK FRAUD RULES SET TO EMPOWER VICTIMS

    Jan 31, 2019

    New rules come into force in the UK today designed to provide consumers with stronger powers of redress in the event they fall victim to authorized push payment (APP) fraud. Regulator the Financial Conduct Authority (FCA) has mandated that fraud victims can now complain to the bank that receives fun...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59065906

    WHY U.S. FIRMS ARE LESS CYBER-SECURE THAN THEY THINK

    Jan 31, 2019

    The U.S. certainly is a divided nation around many issues right now, but concern about cybersecurity as a threat to a majority of U.S. enterprises isn’t one of them. Everybody agrees on that one. A majority of participants in a recent survey enabled by FICO understand and recognize the risk of...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59075907

    US LAUNCHES MAJOR EFFORT TO DISRUPT NORTH KOREAN BOTNET

    Jan 31, 2019

    The US authorities have begun notifying victims of a notorious botnet run by North Korean state-sponsored hackers, as their efforts to disrupt the hermit nation's malicious activity increase. A court order allowed the FBI and officers from the US Air Force Office of Special Investigations (AFOSI...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59085908

    LARGEST DDOS ATTACK SENT OVER 500 MILLION PACKETS PER SECOND

    Jan 30, 2019

    A distributed denial-of-service (DDoS) attack discovered by Imperva had unleashed more than 500 million packets per second (Mpps), which is believed to be the largest packets-per-second (PPS) attack on record. According to research released today, last year’s DDoS attack on GitHub rang in at 1...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58995899

    FACETIME SECURITY FLAW GIVES APPLE A BLACK EYE: ANALYSTS

    Jan 30, 2019

    Apple's FaceTime video chat app remained out of service Wednesday morning after being temporarily disabled by the company Jan. 28 due to a security flaw that can enable a caller to hear audio from the receiver's end before the call is accepted. That's not supposed to happen, and not only...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59005900

    THIRD-PARTY BREACHES PLAGUE MULTIPLE INDUSTRIES

    Jan 30, 2019

    From January 25 to 28, 2019, multiple organizations, including Discover Financial Services, Verity Medical Foundation, Verity Health Systems and Allen Chern LLP, have made routine filings in accordance with California state law, reporting cybersecurity incidents that may or may not be data breaches,...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=59015901

    SALT SECURITY LAUNCHES API PROTECTION PLATFORM

    Jan 29, 2019

    Startup Salt Security announced its API Protection Platform on Jan. 29, providing organizations with advanced capabilities to help discover, prevent and then remediate API attacks. Application programming interfaces (APIs) are commonly used in modern infrastructure, enabling a way to extend and inte...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58925892

    US TURNS UP HEAT ON HUAWEI WITH 23-COUNT INDICTMENTS

    Jan 29, 2019

    The US Department of Justice has unsealed charges against Huawei and its CFO covering separate alleged conspiracies to break sanctions on Iran and to steal trade secrets from T-Mobile USA. The charges were widely expected, but will do nothing to warm relations between the world’s superpowers a...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58935893

    INFO-STEALING FORMBOOK RETURNS IN NEW CAMPAIGN

    Jan 29, 2019

    A file-hosting service registered within the last week is being used to spread information-stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US, according to Deep Instinct. Though FormBook has been around since approxi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58945894

    TAXPAYERS DEMAND HMRC DELETES VOICE IDS

    Jan 28, 2019

    Over 160,000 UK taxpayers have demanded that the HMRC delete biometric voice recordings collected without their informed consent. Big Brother Watch has been running a campaign into the tax office’s use of a voice identification system, first launched in 2017. Having captured biometric data on ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58855885

    WHITE HAT BALL 2019 RAISES £193,000 FOR NSPCC’S CHILDLINE SERVICE

    Jan 28, 2019

    A staggering 193,000 was raised for counselling service Childline at the White Hat Ball last Friday, January 25. The annual fundraising event, organized by a committee of dedicated volunteers from the information security sector and now in its 14th year, was held at London’s Lancaster Hotel. T...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58865886

    ICO WARNS UK TO PREPARE FOR BREXIT "NO DEAL" DATA FLOWS

    Jan 28, 2019

    The UK’s privacy regulator has warned businesses to prepare now for a potential Brexit 'no deal,' claiming they may have to put in place standard contractual clauses to ensure unhindered data flows. With Theresa May’s government still refusing to rule out the prospect of allowing...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58875887

    CONSUMERS TERRIFIED AFTER HACKERS WORM INTO NESTS

    Jan 25, 2019

    Multiple consumers have reported being terrified after hackers infiltrated the Nest cameras in their homes, with one malicious actor making claims of a North Korean missile threat, according to CBS News. California resident Laura Lyons reported that malicious actors gained control of her Nest securi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58785878

    HPE TARGETS GIRL SCOUTS FOR NEXT-GEN WHITE HATS

    Jan 24, 2019

    A new cybersecurity curriculum targeting junior Girl Scouts aged 9-11 aims to shift the image of the young girls in green from cookie distributors to cyber defenders, according to news from Hewlett Packard Enterprise (HPE). HPE has teamed up with the Girl Scouts to launch a cybersecurity education p...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58795879

    UK PUBLIC: DRONES ARE NATIONAL SECURITY RISK

    Jan 24, 2019

    The British public is dead-set against the use of drones, with the vast majority believing that as they continue to represent a national security risk and that cyber experts must do more to mitigate the threat from above. Think tank Parliament Street polled 2000 members of the public to compile its ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58805880

    WHAT WE LEARNED FROM MALWARE ATTACKS IN 2018

    Jan 23, 2019

    Malware blossomed in several different directions in the past 12 months, and the year ahead looks like it will be a full-fledged follow-on. According to security firm Malwarebytes, 2018 came in like a lion and out like—well, a different lion. It’s fair to say that, despite a sleepy secon...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58715871

    DHS EMERGENCY DIRECTIVE LOOKS TO BLOCK IRANIAN DNS THREAT

    Jan 23, 2019

    The US Department of Homeland Security (DHS) has taken the unusual step of issuing an emergency directive demanding government agency take urgent action to protect DNS infrastructure, in response to a major attack campaign. The Mitigating DNS Infrastructure Tampering directive was issued by the Cybe...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58725872

    SECURITY BOFFINS BLOCK 100K MALICIOUS SITES IN 10 MONTHS

    Jan 23, 2019

    Hundreds of security researchers have come together in a global non-profit project, working to take down 100,000 malicious websites in just 10 months. Revealed on Monday, the stats are testament to the power of information sharing among the information security community and hosting providers, when ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58735873

    ACTIVE CYBER DEFENCE SHOULD BE ROLLED OUT UK-WIDE: REPORT

    Jan 22, 2019

    The UK government’s highly successful Active Cyber Defence (ACD) program should be rolled out across other sectors to improve national cybersecurity, and could even be spurred by the government naming and shaming laggards, according to a new report. The Cyber Security Research Group at King&rs...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58625862

    VARONIS ADDS INCIDENT RESPONSE PLAYBOOKS TO DATA SECURITY PLATFORM

    Jan 22, 2019

    Varonis Systems announced version 7.0 of its Data Security Platform on Jan. 22, providing organizations with new capabilities to detect and respond to threats in the cloud and on-premises. The Varonis Data Security Platform 7.0 update adds new risk dashboards that can help to highlight potential iss...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58645864

    PRIORITIZING VULNERABILITIES IS KEY TO PATCHING SUCCESS, REPORT FIND

    Jan 22, 2019

    There is no shortage of software vulnerabilities but not all flaws have equal severity, and only a subset are essential to patch immediately. That's one of the core themes from a report released by Kenna Security and the Cyentia Institute on Jan. 22, titled, Prioritization to Prediction: Getting...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58655865

    SERVERS GRAB CLIENT FILES VIA MYSQL DESIGN FLAW

    Jan 22, 2019

    Attackers can potentially run a malicious MySQL server and gain access to connected data, according to a new security alert. MySQL has issued a security notice resulting from issues with the LOAD DATA LOCAL, noting that the “statement can load a file located on the server host, or, if the LOCA...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58665866

    SECURITY VC FUNDING HIT RECORD $5.3 BILLION IN 2018

    Jan 21, 2019

    It’s official. Cybersecurity venture capital funding hit a record $5.3 billion in 2018, according to Strategic Cyber Ventures. This is 20 percent higher than the $4.4 billion companies raised in 2017 and 81 percent higher than in 2016. But, as the VC firm warns, “this rate of investment ...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58575857

    TREND MICRO'S ZDI LOOKS TO ACQUIRE MORE VULNERABILITIES IN 2019

    Jan 18, 2019

    2018 was a big year for security vulnerabilities, and 2019 is on track to be even bigger, according to Trend Micro's Zero Day Initiative. ZDI is in the business of acquiring vulnerabilities from security researchers and then responsibly reporting them to vendors. In 2018, ZDI published 1,444 sec...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58485848

    NEW MALWARE STRAIN CAN EVADE AND UNINSTALL CLOUD SECURITY SOFTWARE, RESEARCHERS WARN

    Jan 18, 2019

    The good news: your organisation has finally gotten around to installing some top of the range cloud security tools. The bad news: malware has been developed which can evade detection from them. The nefarious discovery from threat actor Rocke was made by Palo Alto Networks Unit 42, with the security...

    CLOUD COMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58495849

    CYBEATS RELEASES IOT SECURITY, MONITORING APP ON PALO ALTO NETWORKS FRAMEWORK

    Jan 18, 2019

    IoT security startup Cybeats announced that its IoT monitoring and security app, deemed IoT Radar, is now available on the Palo Alto Networks Application Framework. This news comes about a month after the startup raised $3 million in a seed round. Cybeats is a Toronto-based company that was founded ...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58505850

    MICROSOFT ADDS AZUREDEVOPS BUG BOUNTY, OFFERS $20K REWARDS

    Jan 18, 2019

    Microsoft added a new bug bounty program that pays hackers to find security flaws in its software. This latest move targets Azure DevOps, Microsoft’s cloud platform for collaborating on code development. The program will pay between $500 and $20,000 for found eligible vulnerabilities in Azure ...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58565856

    ATTACKERS TAKE NEW APPROACH TO INSTALLING CRYPTOMINERS

    Jan 17, 2019

    Security technology on cloud servers is supposed to help block and prevent the installation of malware, but what happens when attackers figure out how to uninstall security technology as part of a hacking campaign? According to a report released on Jan. 17 by Palo Alto Networks' Unit 42 security...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58405840

    WHY ENTERPRISES NEED TO CRACK DOWN ON LAZY LOGINS

    Jan 17, 2019

    Everybody does it. You do it. It’s the easy way out, but it’s also an easy way to a security blunder. The “it” in this case is using your email address as your user name for websites and other places where a login is necessary. Chances are you use one of a couple email addres...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58415841

    RESEARCHERS FIND 87GB TROVE OF BREACHED LOG-INS

    Jan 17, 2019

    A leading security researcher has warned of a major trove of breached data being shared on hacking sites, containing over 772 million unique email addresses and more than 21 million unique passwords. Troy Hunt, owner of the Have I Been Pwned (HIBP) breached credentials site, explained that he was al...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58425842

    IOT SECURITY MARKET SET TO GROW OVER 25 PERCENT ANNUALLY

    Jan 16, 2019

    A report predicts a growth rate of over 25 percent annually in the North American IoT security market. The market was valued at $1.7 billion in 2018 and is expected to reach $5.2 billion by 2023 at a compound annual growth rate (CAGR) of 25.1 percent, according to the report ‘Internet of Thing...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58335833

    IT TEAMS HAVE ONE YEAR TO MOVE OFF WINDOWS 7

    Jan 16, 2019

    The UK’s National Cyber Security Centre (NCSC) has urged organizations still on Windows 7 to plan now for the end of extended support in a year’s time. The GCHQ arm reminded IT managers that the operating system will no longer receive free updates from January 14 2020. That will mean any...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58345834

    LESS THAN HALF OF BUSINESSES ARE ABLE TO DETECT IOT DEVICE BREACHES

    Jan 15, 2019

    A study conducted by Dutch software firm Gemalto reveals that only 48% of the businesses in the world are able to detect if any of their IoT devices suffers a breach. The survey, which was conducted among 950 IT and business decision makers across the globe, found that organisations are urging gover...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58235823

    KARAMBA SECURITY: VEHICLES FACE 300,000 ATTACKS PER MONTH

    Jan 15, 2019

    The scale of cyberattacks on connected cars has been revealed by Karamba Security, and it makes for a rather concerning read. Karamba set-up automotive electronic control units (ECUs) through which it’s been attracting internet attacks. In the last three months, the ECUs have been subjected to...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58245824

    SYNOPSYS IMPROVES COVERITY STATIC APPLICATION SECURITY TESTING

    Jan 15, 2019

    Synopsys announced on Jan. 15 that a new version of its Coverity Static Application Security Testing (SAST) technology is now available, providing organizations with enhanced software vulnerability analysis capabilities. Static analysis is an approach where code is examined for potential risks and v...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58265826

    SIX BEST PRACTICES FOR INCREASING AWS SECURITY IN A ZERO TRUST WORLD

    Jan 15, 2019

    Amazon Web Services (AWS) reported $6.6B in revenue for Q3, 2018 and $18.2B for the first three fiscal quarters of 2018. AWS revenue achieved an impressive 46% year-over-year net sales growth between Q3, 2017 and Q3, 2018 and 49% year-over-year growth for the first three quarters of the year. AWS&rs...

    CLOUD COMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58325832

    TOP WEB HOSTING SERVICES HAVE MAJOR SECURITY FLAWS

    Jan 14, 2019

    Security researcher Paulos Yibelo tested five of the world's biggest web hosting services for flaws and unveiled that all five were vulnerable. Not just 'vulnerable', but in fact so flawed that data mining and account takeover wouldn't even require breaking a sweat. Roughly a dozen f...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58255825

    MAJOR' GLOBAL CYBERATTACKS SURGED IN 2018

    Jan 14, 2019

    The number of 'significant' attacks jumped by more than 50 per cent in the last three years. ‘Significant’ cyberattacks, those targeting government agencies, defence companies and financial institutions, have grown by more than 50 per cent in the last three years. This is accordi...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58165816

    LINUX'S SYSTEMD HIT WITH THREE SECURITY HOLES

    Jan 14, 2019

    Admins and DevOps working with Linux machines will want to keep an eye out for patches for a trio of security vulnerabilities affecting systemd, the system and service manager that's primarily tasked with deciding what programs run when Linux boots. Specifically, the vulnerabilities are in syste...

    ITPRO TODAY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58175817

    OPEN-SOURCE METASPLOIT FRAMEWORK 5.0 IMPROVES SECURITY TESTING

    Jan 14, 2019

    Among the most widely used tools by security researchers is the open-source Metasploit Framework, which has now been updated with the new 5.0 release. Metasploit Framework is penetration testing technology, providing security researchers with a variety of tools and capabilities to validate the secur...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58185818

    SOPHOS INTRODUCES LATERAL MOVEMENT PROTECTION TO XG FIREWALL TO STOP ADVANCING CYBERATTACKS

    Jan 13, 2019

    Sophos has announced that its next-generation Sophos XG Firewall now includes lateral movement protection to prevent targeted, manual cyberattacks or exploits from infiltrating further into a compromised network. The SophosLabs 2019 Threat Report discusses a rise in targeted ransomware. With the Sam...

    NETWORKS ASIA
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58065806

    WHY QUANTUM-RESISTANT ENCRYPTION NEEDS QUANTUM KEY DISTRIBUTION FOR REAL SECURITY

    Jan 12, 2019

    The idea behind the use of quantum computers to break encryption lies in the fact that the encryption keys used by current encryption methods depend on a secret key that is used to encrypt and decrypt the information that’s being protected. Those keys are long, random—or, more likely, al...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58085808

    THE SECURITY CHALLENGES OF MOVING ERP TO THE CLOUD

    Jan 11, 2019

    Enterprise resource planning software is a business-critical application for many organizations, and when moving to the cloud from on-premises deployments, there are some key security concerns that need to be considered, according to a study from the Cloud Security Alliance. The CSA study, titled En...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58095809

    MONGODB INSTANCE LEAKS 200 MILLION CHINESE CVS

    Jan 11, 2019

    A huge MongoDB database containing detailed CVs for over 202 million individuals has been found exposed online. The unprotected MongoDB instance was found via a simple BinaryEdge or Shodan search and was left without any password protection, according to Bob Diachenko, director of cyber risk researc...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58105810

    REDDIT LOCKS DOWN ACCOUNTS AFTER SECURITY INCIDENT

    Jan 10, 2019

    A large number of Reddit users have been locked out of their accounts as a precaution while the site’s admins investigate potential unauthorized access. Staffer “Sporkicide” would not disclose exactly how many users were affected by the move, but claimed in a post yesterday that &l...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58005800

    SAILPOINT TECHNOLOGIES: PRODUCT OVERVIEW AND ANALYSIS

    Jan 10, 2019

    SailPoint Technologies is an Austin, Texas-based provider of identity governance solutions, which is known to be one of the fastest-growing cybersecurity spending priorities. Founded in 2005, SailPoint holds a steadfast commitment to solving business problems with innovative identity governance solu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=58075807

    FIREEYE UPDATES SERVER EMAIL SECURITY PLATFORM FOR ADVANCED THREATS

    Jan 09, 2019

    FireEye is updating its on-premises security capabilities with the launch of the FireEye Email Security - Server Edition 8.2 release on Jan. 9. The FireEye Email Security - Server Edition 8.2 provides organizations with new capabilities to detect advanced email threats, including executive impersona...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57915791

    WEB APPLICATION VULNERABILITIES CONTINUE TO GROW, IMPERVA REPORTS

    Jan 09, 2019

    2018 was not a good year for web application vulnerabilities, with 17,142 reported issues, according to a report released on Jan. 9 by Imperva. The 2018 tally for web application vulnerabilities represents a 21 percent year-over-year increase from 2017. There are multiple types of web applications v...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57925792

    SK TELECOM AIRS FIRST LIVE TV BROADCAST VIA 5G, CES 2019 TO SPOTLIGHT 5G

    Jan 09, 2019

    South Korean wireless telecommunications operator SK Telecom claims to have broadcast the world's first live television event over a commercial 5G network. SK Telecom used its 5G broadcasting solution dubbed 'T Live Caster' to air over entertainment channel 'XtvN' a New Year&rsqu...

    RF GLOBALNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57935793

    MICROSOFT KICKS OFF 2019 WITH MEDIUM PATCH LOAD

    Jan 09, 2019

    Microsoft started the new year yesterday by issuing fixes for a near half century of vulnerabilities, although only seven were rated critical. Many of these were remote code execution (RCE) bugs, with experts agreeing that CVE-2019-0547 should be top of the priority list. This RCE vulnerability in t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57965796

    PHONE CARRIERS SELLING CUSTOMER LOCATION DATA

    Jan 09, 2019

    Bounty hunters are able to leverage a somewhat dubious skeptical service available through major telecom companies, including T-Mobile, AT&T, and Sprint, according to Motherboard. A researcher reportedly paid $300 to a bounty hunter who was then able to geolocate a phone down to a location in a ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57975797

    NHS DIGITAL CISO QUITS AFTER THREE MONTHS

    Jan 09, 2019

    NHS Digital’s first chief information security officer (CISO) has resigned just three months into the job, dealing a blow to efforts to improve cybersecurity across the UK’s health service. In a memo to staff seen by HSJ, NHS Digital deputy CEO, Rob Shaw, said that Robert Coles’ de...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57985798

    FIRM OFFERS $2M FOR IOS ZERO-DAY EXPLOITS

    Jan 09, 2019

    ontroversial exploit broker Zerodium has upped its bug bounties for the majority of desktop/server and mobile exploits, offering security researchers millions of dollars for their work. At the lower end, a Windows local privilege escalation or sandbox escape will now pay out $80,000, up from $50,000...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57995799

    IBM GROWS PATENT PORTFOLIO WITH CYBER-SECURITY INNOVATIONS

    Jan 08, 2019

    IBM announced on Jan. 8 that it was awarded 9,100 patents in 2018, once again topping the list for the most U.S. patents granted in a given year. A core component of IBM's patent haul in 2018 was in cyber-security innovation, with more than 1,400 granted patents. Among the security patents grant...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57815781

    ELECTION SECURITY BILLS FINALLY PROGRESSING IN CONGRESS

    Jan 08, 2019

    After years of contention about real and imagined security attacks on U.S. elections, the U.S. House of Representatives is expected to consider and then pass H.R. 1, also known as the “For the People Act of 2019,” which includes provisions that would improve election security and help st...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57825782

    FOUR CLOUD SECURITY PREDICTIONS FOR 2019: CONTAINERISATION, LOAD BALANCERS, AND MORE

    Jan 08, 2019

    The cloud is a vital part of any enterprise infrastructure. The convenience of having a database that can be accessed from any location has dramatically improved efficiency within workforces. While many companies had previously been afraid of making the move, as the open nature of the cloud makes it...

    CLOUD COMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57835783

    ESCALATING VALUE OF IOS BUG BOUNTIES HITS $2M THRESHOLD

    Jan 08, 2019

    In the escalating market for security vulnerabilities a new milestone has been recorded early in the new year, with $2 million now being offered for a remote Apple IOS exploit. The $2 million award is being offered by vulnerability acquisition firm Zerodium, which first achieved global notoriety for...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57845784

    YOUR SOCIAL MEDIA FORECAST FOR YEAR 2019 IS HERE AND IT’S NOT BUSINESS AS USUAL

    Jan 08, 2019

    Guest Post from Peter Davidson, a senior business associate striving to help different brands and startups to make effective business decisions and plan effective business strategies. After the successful conclusion of 2018, you must be planning with full energy to take your business to new heights ...

    IRISH TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57855785

    HOW MASTERCARD IS IMPROVING FRAUD DETECTION WITH IDENTITY CHECK

    Jan 07, 2019

    Online credit card fraud is a major concern for enterprises, consumers and vendors alike. One of the biggest brands in the payment card space is Mastercard, which has been quietly working on implementing technology it has branded Mastercard Identity Check, in an effort to help reduce fraud, while ma...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57715771

    PROTEGO LABS BOOSTS SERVERLESS SECURITY WITH OPEN-SOURCE PROJECT

    Jan 07, 2019

    While serverless technology is becoming increasingly widely used, there has been a lack of understanding when it comes to serverless security implications. That's a challenge that Protego Labs is looking to help solve with the release of a freely available open-source tool that helps organizatio...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57725772

    SECURING ENTERPRISE CROWN JEWELS: HOW TO PROTECT DATA AT DB LEVEL

    Jan 07, 2019

    Data breaches once again played a prominent role in this past year’s media coverage. While many organizations make it seem like an unavoidable fact, the reality is that there are a plenty of things that enterprises can do right now to help prevent unauthorized access to their systems and data....

    CYBER SECURITY NEWS, CYBER-ATTACK NEWS, DATA SECURITY NEWS, CLOUD SECURITY NEWS, NETWORK SECURITY NEWS, ANTIVIRUS NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57735773

    THOUSANDS COMPLAIN ABOUT TV LICENSE PHISHING EMAILS

    Jan 07, 2019

    A highly convincing phishing email spoofed to appear as if sent from the UK’s TV Licensing authority has accrued thousands of complaints over the past three months. Action Fraud warned back in October that the scam email was designed to steal a user’s personal and financial details. &ldq...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57745774

    LA CITY SUES WEATHER APP OVER DATA COLLECTION

    Jan 07, 2019

    The City of Los Angeles has filed a lawsuit against a popular US-based weather app, alleging it illegally sells user data to third parties. LA city attorney, Mike Feuer, is claiming the Weather Channel app misled users in that most agreed to allow it access to their location data purely for personal...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57755775

    A LOOK BACK AT THE ISRAELI CYBER SECURITY INDUSTRY IN 2018

    Jan 04, 2019

    2018 saw a spate of major cyber attacks including the hacks of British Airways, Facebook and Marriott. Despite growing emphasis on and awareness of cyber threats, large organizations continue experiencing massive data breaches. And as the world becomes increasingly connected (cars and medical device...

    TECHCRUNCH
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57625762

    MARRIOTT REVEALS NEW DETAILS IN STARWOOD DATA BREACH

    Jan 04, 2019

    Marriott International disclosed revised information on Jan. 4 about the massive data breach involving its Starwood Hotels division. The update includes both good and bad news about the impact from the data breach. First the good news: Originally Marriott reported on Nov. 30, 2018, that information ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57635763

    NEUSTAR BOLSTERS FRAUD DETECTION CAPABILITIES WITH TRUSTID

    Jan 04, 2019

    Neustar is improving its security capabilities with the addition of technology gained via the acquisition of caller authentication and fraud prevention vendor Trustid. Fraud can take many different forms, including caller fraud where unauthorized individuals attempt transactions or information retri...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57645764

    BIOMETRIC SECURITY CAN BE HACKED, BUT IT'S REALLY HARD TO DO

    Jan 04, 2019

    At the end of December 2018, security researchers in Leipzig, Germany, demonstrated at a security conference their method of hacking a biometric security system that depends on reading the pattern of blood vessels in the palm of the hand. This method of vein authentication involves reading the detai...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57655765

    PREDICTIONS 2019: SECURITY THREATS WILL ONLY GET NASTIER

    Jan 03, 2019

    Hardly a week went by in 2018 without news of a major data leak or security breach. Ransomware and phishing were invasive, state-run hackers were working around the clock, passwords were leaking, new sophisticated malware attacks were spreading, data was breached and governments around the world onc...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57515751

    HACKERS THREATEN TO RELEASE 9/11 DATA 'TROVE'

    Jan 03, 2019

    A notorious hacking group is claiming to have put up for sale stolen legal and other documents relating to the 9/11 terrorist attacks. The individual(s) known as ‘The Dark Overlord’ claimed in a lengthy Pastebin notice to have hacked insurance giants Hiscox Syndicates and Lloyds of Londo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57525752

    PASSWORD MANAGER USERS EXPOSED AFTER PRIVACY SNAFU

    Jan 03, 2019

    Data on over two million users of a password manager tool has been publicly exposed in another cloud storage misconfiguration incident. Abine said on Monday that 2.4 million users of its Blur product from prior to January 6 2018 were affected. As well as password management, it offers the ability to...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57535753

    RANSOM DEMAND ON LUAS WEBSITE LIKELY THE FIRST OF MANY IN 2019

    Jan 03, 2019

    With the website of Dublin’s tram service, Luas, down after an apparent cyber attack, one of the country’s leading cyber security firms is urging businesses and the public to ensure their computers have the protection they need against an increasing number or ransomware attacks. A messag...

    IRISH TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57545754

    CASTHACK EXPOSES GOOGLE CHROMECAST DEVICE USERS TO RISK

    Jan 03, 2019

    A pair of hackers have taken aim at vulnerable Google Chromecast media streaming devices, sending unauthorized content and messages to unsuspecting users. The attack, dubbed "CastHack," identifies Google Chromecast devices that have been exposed to the public internet. The two attackers, w...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57605760

    HACKERS HIJACK 70,000 GOOGLE CHROMECASTS THROUGH BUG – ALTHOUGH CHROMECAST WASN’T NONE THE WISER

    Jan 03, 2019

    It was reported earlier today that Hacker Giraffe has remotely gained access to the TVs and smart devices of tens-of-thousands of Google Chromecast users. In the hack, a pop-up was displayed that both warns of the exploit and links to a page listing the current number of affected devices. The messag...

    IRISH TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57615761

    HACKERS TARGET NORTH KOREAN DEFECTORS

    Jan 02, 2019

    Personally identifiable information (PII) on nearly 1000 defectors from North Korea has been stolen in a cyber-raid, the South Korean government revealed late last week. It’s believed that one of the 25 “Hana” support centers for defectors in the country was targeted by a classic p...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57415741

    HOW ENTERPRISES CAN AVOID THE RYUK RANSOMWARE WITH RIGHT STRATEGY

    Jan 02, 2019

    During the holiday period between Christmas and New Year’s in 2018, workers at a Tribune Co. newspaper location in South Florida found out that they couldn’t upload late-breaking sports scores to the portion of their CMS that handles printing and distribution. Later, other newspapers in ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57425742

    VIETNAM'S NEW CYBER LAW THREATENS FREE SPEECH

    Jan 02, 2019

    The Vietnamese government has passed a sweeping new cybersecurity law which critics claim will help the one-party state continue to crack down on free speech. The law will force internet companies like Facebook and Google to open offices in the country, store data on users locally and allow access t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57435743

    USB TYPE-C TO BECOME MORE SECURE WITH AUTHENTICATION STANDARD

    Jan 02, 2019

    The security of USB-based connections and devices is taking a step forward, with the official launch of the USB Type-C Authentication Program on Jan. 2. USB devices have become ubiquitous in modern computing, and in recent years USB Type-C has been introduced on leading notebooks, smartphones and ot...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57445744

    HACKER HIJACKS THOUSANDS OF CHROMECASTS AND SMART TVS TO PLAY PEWDIEPIE AD

    Jan 02, 2019

    A hacker duo claims to have hijacked thousands of internet-exposed Chromecasts, smart TVs, and Google Home devices to play a video urging users to subscribe to PewDiePie's YouTube channel. The main hacker behind this hacking campaign --codenamed CastHack-- is known online as TheHackerGiraffe. Th...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57455745

    EU TO RUN BUG BOUNTY PROGRAMS FOR 14 FREE SOFTWARE PROJECTS

    Jan 02, 2019

    The European Union is offering a total of more than €850,000 – nearly $1 million – for vulnerabilities found in 14 widely used free and open source software projects. The announcement was made last week by Julia Reda, who represents the German Pirate Party in the European Parliament...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57345734

    FRENCH STARTUP OFFERS DARK WEB COMPASS, BUT NOT FOR EVERYONE

    Dec 31, 2018

    For years criminal websites shrouded in secrecy have thrived beyond the reach of traditional search engines, but a group of French engineers has found a way to navigate this dark web -- a tool they don't want to fall into the wrong hands. "We insist on this ability to say 'no',"...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57355735

    WHAT TO CONSIDER BEFORE DEVELOPING AN API SECURITY STRATEGY

    Dec 31, 2018

    Recent incidents at Salesforce, Facebook, Google+—not to mention the Equifax breach and the Cambridge Analytica scandal that plagued Facebook—point directly to the unsettling reality that API security is often an afterthought for enterprises. Such incidents serve as a major wake-up call ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57315731

    LOOKING BACK AT THE TOP CYBER-SECURITY INCIDENTS OF 2018

    Dec 31, 2018

    As 2018 draws to a close, it's a good time to reflect on the year that was in cyber-security, to learn from past mistakes and identify trends that will likely continue into the new year. 2018 saw no shortage of major breaches, new critical vulnerabilities and policy changes that enterprise IT or...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57335733

    WHAT ENTERPRISES CAN EXPECT FOR CYBERSECURITY IN 2019

    Dec 28, 2018

    2018 was a banner year in cybersecurity. The breaches were many, the remedies were few, and the cost of doing nothing went up. But there is hope on the horizon as new methods of authentication are beginning to show up, old practices are discarded, and as the threat landscape becomes clearer. But the...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57325732

    CISCO PATCHES A CRITICAL PATCH ON ITS SOFTWARE-LICENSE MANAGER

    Dec 27, 2018

    Cisco this week said it patched a “critical” patch for its Prime License Manager (PLM) software that would let attackers execute random SQL queries. The Cisco Prime License Manager offers enterprise-wide management of user-based licensing, including license fulfillment. Released in Novem...

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57235723

    CYBERSECURITY 101: HOW TO PROTECT YOUR CELL PHONE NUMBER AND WHY YOU SHOULD CARE

    Dec 25, 2018

    Assuming you have your strong passwords in place and your two-factor authentication set up, you think your accounts are now safe? Think again. There’s much more to be done. You might think your Social Security or bank account numbers are the most sensitive digits in your life. Nowadays, hacker...

    TECHCRUNCH
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57215721

    OVER 19,000 ORANGE MODEMS ARE LEAKING WIFI CREDENTIALS

    Dec 24, 2018

    Over the weekend, a security researcher has discovered that nearly 19,500 Orange Livebox ADSL modems are leaking WiFi credentials. Troy Mursch, co-founder of Bad Packets LLC, says his company's honeypots have detected at least one threat actor scanning heavily for Orange modems. Scans started Fr...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57245724

    NEARLY 20,000 ORANGE MODEMS LEAKING WI-FI PASSWORDS

    Dec 24, 2018

    Nearly 20,000 Orange modems are being targeted thanks to a vulnerability leaking their SSID and Wi-Fi passwords, researchers at Bad Packets have warned. The firm’s honeypots first picked up the attack traffic targeting Orange Livebox ADSL modems. After conducting a simple Shodan search, chief ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57155715

    RESEARCHER PUBLISHES PROOF-OF-CONCEPT CODE FOR CREATING FACEBOOK WORM

    Dec 22, 2018

    A Polish security researcher has published today details and proof-of-concept code that could be used for creating a fully functional Facebook worm. This code exploits a vulnerability in the Facebook platform that the researcher --who goes online under the pseudonym of Lasq-- has seen being abused i...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57255725

    CYBER-PHYSICAL CONVERGENCE EXPANDS ATTACK SURFACE

    Dec 21, 2018

    In the last year, Hong Kong has seen the growing convergence of IT systems and OT systems as more companies try to drive digital transformation deeper into their organization. “The cyber-physical convergence, especially on the use of IoT (Internet of Things), is actually happening and keeps gr...

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57225722

    PRIVACY LEGISLATION MIGHT HAVE STOPPED FACEBOOK

    Dec 20, 2018

    In the aftermath of an extensive New York Times investigation into Facebook’s data privacy regulations and whether the company violated the privacy and public policy regulations of the Federal Trade Commission, Sen. Amy Klobuchar (Minn.) said that it is time for her colleagues to step up. Duri...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57035703

    PIVOTAL CLOUD FOUNDRY 2.4 BOOSTS SECURITY WITH COMPLIANCE SCANNER

    Dec 20, 2018

    Pivotal is releasing version 2.4 of its Pivotal Cloud Foundry (PCF) platform on Dec. 20, providing organizations with a host of new capabilities to manage and deploy cloud-native applications. PCF is Pivotal's commercial distribution, based on the open-source Cloud Foundry project, which provide...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57045704

    MICROSOFT PATCHES OUT-OF-BAND ZERO-DAY SECURITY FLAW FOR IE

    Dec 20, 2018

    Users of Microsoft's Windows operating system have grown accustomed to a regular, predictable cadence for patches—on the first Tuesday of every month. On Dec. 19, Microsoft broke that cadence with an emergency out-of-band update for its Internet Explorer (IE) web browser. The reason is sim...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57055705

    MCAFEE: IOT MALWARE INCREASING ALONGSIDE 480 THREATS PER MINUTE

    Dec 20, 2018

    Shocking research from McAfee Labs highlights the increasing prevalence of IoT malware as the cybersecurity firm detects 480 new threats per minute. Years of putting functionality before security and rushing to market have led to many compromisable devices. The Mirai IoT botnet attack in 2016 was a ...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57115711

    US INDICTS CHINESE HACKERS IN MSP NETWORK SCHEME

    Dec 20, 2018

    The U.S. Justice Department today charged two Chinese-state-sponsored hackers that it says infiltrated managed service provider (MSP) networks and stole companies’ intellectual property and sensitive data. While the U.S. government didn’t name any of the companies whose networks were com...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57125712

    NEW WAVE OF HMRC SCAM CALLS HITS UK

    Dec 20, 2018

    Security experts are warning of a new HMRC scam using a threatening automated message in a bid to trick taxpayers into paying a ‘fine.’ The scam calls appear designed to cash-in on the busy end-of-year period in the UK where taxpayers look to get their affairs in order before the self-as...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57015701

    CLICK2GOV BREACH PAYMENT CARDS SOLD ON DARK WEB

    Dec 19, 2018

    In August 2017, Click2Gov software, a payment technology widely used by local governments to process utility payments, was the victim of a breach in which Oceanside, California, was the first in a long line of compromised municipalities. Many of the payment cards stolen from the compromised records ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57025702

    A RESTAURANT'S NEXT BIG FINANCIAL RISK ISN'T BAD REVIEWS — IT'S DATA BREACHES

    Dec 19, 2018

    As hackers find new ways to gather coveted personal information, restaurants are quickly becoming a target for the internet underworld. Several customer accounts were breached on Dunkin's DD Perks mobile rewards program in November, but Dunkin' certainly wasn't the only chain to get hit ...

    CIO DIVE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57135713

    FACEBOOK REPORTEDLY GATHERING PERSONAL DATA FROM TINDER, PREGNANCY+, OTHER APPS

    Dec 19, 2018

    Facebook may be gathering some of your most personal information. Android apps like Tinder, Grindr and Pregnancy+ are sharing sensitive user information with Facebook, according to a Wednesday report from German mobile security company Mobilsicher. The information reportedly includes dating profiles...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=57145714

    FINALLY, A MEANINGFUL CONGRESSIONAL REPORT ON STEMMING CYBERSECURITY ATTACKS

    Dec 12, 2018

    As a new Congress arrives next month, expect a whirlwind of activity on the cybersecurity and privacy fronts. From major data breaches to the growing consumer data privacy morass, the frenetic pace of Washington developments will heat up. Most of this activity will obscure the fundamentals of why we...

    CSO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56915691

    NEW VARIANT OF SHAMOON MALWARE UPLOADED TO VIRUSTOTAL

    Dec 12, 2018

    A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet. Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies i...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56925692

    GRAMMARLY LAUNCHES PUBLIC BUG BOUNTY PROGRAM

    Dec 12, 2018

    Grammarly, the popular service for checking grammar and spelling, this week announced the launch of a public bug bounty program. Grammarly has been running a private bug bounty program with HackerOne for more than a year. The program has nearly 1,500 participants and resulted in payouts totaling $50...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56935693

    TOP 10 WORST PASSWORD FAILS OF 2018

    Dec 12, 2018

    The 2018 worst password fails, by that Dashlane means worst offenders this year, are: 1. Kanye West for unlocking his iPhone on TV in the White House with 000000. 2. The Pentagon for protecting weapon systems with default passwords, as well have having such pitiful admin passwords that the GAO audit...

    CSO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56945694

    AI SET TO SUPERCHARGE PHISHING IN 2019

    Dec 12, 2018

    The coming year will see a mix of old and new as phishing is supercharged with AI but reported vulnerabilities continue to cause organizations problems, according to Trend Micro. The security giant claimed in its predictions report this week that phishing will continue to grow in popularity as explo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56955695

    ADOBE PATCHES 87 VULNERABILITIES IN ACROBAT SOFTWARE

    Dec 11, 2018

    The December 2018 Patch Tuesday updates released by Adobe address a total of 87 vulnerabilities affecting the company’s Acrobat software. The vulnerabilities impact the Windows and macOS versions of Acrobat and Acrobat Reader DC (Continuous and Classic 2015 tracks), and Acrobat and Acrobat Rea...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56825682

    WINDOWS KERNEL VULNERABILITY EXPLOITED IN ATTACKS

    Dec 11, 2018

    Microsoft’s Patch Tuesday updates for December 2018 address nearly 40 vulnerabilities, including a zero-day flaw affecting the Windows kernel. The actively exploited vulnerability, tracked as CVE-2018-8611, has been described by Microsoft as a privilege escalation issue related to the failure ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56835683

    RESEARCHERS FIND OVER 40,000 STOLEN LOGINS FOR GOVERNMENT PORTALS

    Dec 11, 2018

    Russian cybersecurity firm Group-IB discovered login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logi...

    CSO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56845684

    NEW GOOGLE+ BUG MOVES SITE END DATE FORWARD

    Dec 11, 2018

    Google is speeding up the closure of its unpopular social networking platform after discovering a new bug affecting over 52 million users. The tech giant announced in October that it would be shutting Google+ in August 2019. However, that date has been brought forward to April next year, while its A...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56855685

    NEW MAC MALWARE COMBINES OPEN-SOURCE BACKDOOR AND CRYPTO-MINER

    Dec 10, 2018

    A recently discovered piece of malware targeting Mac systems is a combination of two open-source programs, Malwarebytes security researchers warn. Detected as DarthMiner, the threat is distributed through an application called Adobe Zii, which supposedly helps in the piracy of various Adobe programs...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56715671

    NEW BUG PROMPTS EARLIER END TO GOOGLE+ SOCIAL NETWORK

    Dec 10, 2018

    Google said Monday it will close the consumer version of its online social network sooner than originally planned due to the discovery of a new software bug. The Google+ social network will close in April -- four months earlier than planned -- and the internet giant will focus on operating a version...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56725672

    RESEARCHERS FIND A DOZEN UNDOCUMENTED OPENSSH BACKDOORS

    Dec 10, 2018

    ESET security researchers have discovered 12 new OpenSSH backdoor families that haven’t been documented before. The Secure Shell (SSH) network protocol allows the remote connection of computers and devices. The portable version of OpenSSH is implemented in almost all Linux distributions, and a...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56735673

    HOW GOOGLE IS IMPROVING KUBERNETES CONTAINER SECURITY

    Dec 10, 2018

    The open-source Kubernetes container orchestration project has become increasingly important in recent years as organizations rely on it to deploy applications. With the increased reliance has come increased scrutiny on security, especially at Google, which hosts a managed Kubernetes service called ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56745674

    SOPHOS CENTRAL INTEGRATES FIREWALL MANAGEMENT TO IMPROVE SECURITY

    Dec 10, 2018

    Sophos announced on Dec. 10 that it is bringing its XG Firewall to the Sophos Central Management service, enabling organizations to manage security in an integrated approach from a central management dashboard. The integrated capability is now available in early access for Sophos customers and will ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56755675

    DEEPPHISH PROJECT SHOWS MALICIOUS AI IS NOT AS DANGEROUS AS FEARED

    Dec 07, 2018

    Artificial intelligence (AI) is increasingly becoming a de facto necessity for cybersecurity. The asymmetric nature of cyberattacks simply overwhelms traditional manual analyst defenses, and organizations must increasingly use AI and machine learning (ML)-enhanced technologies to detect known attack...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56615661

    HOW OPEN POLICY AGENT WORKS TO SECURE CLOUD-NATIVE WORKLOADS

    Dec 07, 2018

    A core element of IT security is having proper policies in place that define what is and what isn't allowed for a given process or entity. In the cloud-native world, where there are multiple distributed elements that can live in different deployment modalities, the challenge of defining and impl...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56625662

    UK CONSUMERS HAVE LOST £500 EACH THROUGH ONLINE CRIME

    Dec 07, 2018

    Two-fifths of UK consumers have been a victim of cybercrime with phishing topping the list, according to new research from GMX. The email provider polled over 2000 Brits last month to better understand the impact and extent of online threats. It found that half of those netizens affected lost money ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56635663

    RESEARCHERS TAKE AN AI APPROACH TO TEXT CAPTCHAS

    Dec 07, 2018

    Researchers at Lancaster University in the UK and Northwest University and Peking University in China have found a way to get around CAPTCHA security with new artificial intelligence, according to research published in a paper titled Yet Another Text Captcha Solver: A Generative Adversarial Network ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56645664

    UNDER FIRE HUAWEI AGREES TO UK SECURITY DEMANDS: REPORT

    Dec 07, 2018

    Embattled Chinese telecoms giant Huawei has agreed to British intelligence demands over its equipment and software as it seeks to be  part of the country's 5G network plans, the FT reported Friday. Huawei executives met senior officials from Britain's National Cyber Security Centre (NCS...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56695669

    APPLE FIXES PASSCODE, REMOTE CODE EXECUTION FLAWS IN IOS AND MACOS

    Dec 06, 2018

    Apple released a series of updates on Dec. 5 to its desktop and mobile operating systems, patching serious vulnerabilities that could have exposed users to risk. Among the updates released by Apple are iOS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed across the updates include priv...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56515651

    CENSYS TO EXPAND INTERNET SCANNING FOR THREAT HUNTING

    Dec 06, 2018

    Visibility is key for IT security professionals trying to figure out the nature of a given cyber-security threat. While having visibility into an organization's environment is one thing, having visibility into the entirety of the internet is another, which is where Censys fits in. Censys has its...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56525652

    BT STRIPS HUAWEI FROM 3G AND 4G CORE

    Dec 06, 2018

    BT and Huawei have sought to play down speculation that the former is stripping the Chinese telecoms giant’s equipment from its networks over security concerns. The UK telco group said it is removing Huawei infrastructure from its core 3G and 4G networks to meet existing policy, which will als...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56535653

    REPUBLICAN PARTY BREACHED IN MAJOR CYBER-ATTACK – REPORT

    Dec 06, 2018

    The chief campaign organization of the Republican Party has been hacked and thousands of emails from senior aides compromised over the period of several months, it has emerged. In an incident reminiscent of the notorious cyber-attack on the Democratic National Committee (DNC) ahead of the 2016 presi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56545654

    GOOGLE PATCHES MORE THAN 50 ANDROID VULNERABILITIES IN DECEMBER

    Dec 06, 2018

    Google this week released a set of security patches for Android, to address over 50 vulnerabilities in the mobile operating system. The most severe of the security bugs is a critical issue in Media framework that could be exploited by remote attackers to execute arbitrary code within the context of ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56555655

    HACKERS GET INTO NATIONAL REPUBLICAN CONGRESSIONAL COMMITTEE'S EMAIL SYSTEM

    Dec 05, 2018

    “Thousands of emails were stolen” from four senior aides to the National Republican Congressional Committee (NRCC), the campaign arm for House Republicans, during the 2018 midterm campaign. MSSP first detected the hack and then CrowdStrike was brought into it in April to investigate the ...

    CSO
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56815681

    BUSINESSES WARNED ON WINTER PHISHING SCAMS

    Dec 05, 2018

    Winter is phishing season, and organisations and individuals alike should be extra vigilant during the holidays. This is according to a new report from F5 Labs, which claims that fraud incidents in October, November, and December usually jump more than 50 per cent, compared to a yearly average. Most...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56435643

    KUBERNETES HIT BY MAJOR SECURITY FLAW

    Dec 05, 2018

    A serious flaw in Kubernetes has been identified, and this one is so big that you should stop using it and update, immediately. Dubbed CVE-2018-1002105, the flaw allows anyone to establish a connection through the Kubernetes application programming interface (API) server to a backend server. Once co...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56445644

    RUSSIAN HOSPITAL TARGETED WITH FLASH ZERO-DAY AFTER KERCH INCIDENT

    Dec 05, 2018

    Security updates released by Adobe on Wednesday for Flash Player patch two vulnerabilities, including a critical flaw exploited by a sophisticated threat actor in attacks aimed at a healthcare organization associated with the Russian presidential administration. The attack may be related to the rece...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56455645

    IOT BACKBONE IS RIDDLED WITH SECURITY ISSUES

    Dec 05, 2018

    Two popular IoT communications protocols are riddled with vulnerabilities and systemic issues which are exposing countless global organizations to industrial espionage, targeted attacks and DoS, according to Trend Micro. The security giant’s latest report, The Fragility of Industrial IoT&rsquo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56465646

    HOUSE REPUBLICAN CAMPAIGN COMMITTEE WAS HACKED DURING 2018 ELECTION

    Dec 04, 2018

    The National Republican Congressional Committee was hacked during the 2018 US midterm elections. The breach, first reported by Politico, exposed thousands of emails to an unknown hacker. "The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity," Ian Prior, a s...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56355635

    NEW RANSOMWARE DEMANDS PAYMENT OVER WECHAT PAY IN CHINA

    Dec 04, 2018

    Ransomware attacks may have dwindled since the destructive days of WannaCry and NotPetya last year, but a new one has struck mobile-centric China and it's asking for ransom through one of the country's most popular methods of payment. Over 20,000 computers have fallen victim to an unnamed ra...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56365636

    MALWARE DROPPER SUPPORTS A DOZEN DECOY DOCUMENT FORMATS

    Dec 04, 2018

    A recently discovered malware dropper has the ability to use nearly a dozen decoy document file formats to drop various payloads, Palo Alto Networks security researchers warn. Dubbed CARROTBAT, the customized dropper is being used to deliver lures primarily pertaining to the Korean region, revolving...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56375637

    RUSSIAN RANSOMWARE BROKERS SCAM VICTIMS

    Dec 04, 2018

    Security researchers have discovered cybersecurity scammers in Russia are generating hundreds of thousands of dollars in profits by falsely claiming to be able to unlock encrypted files. Check Point explained that one ‘IT consultancy’ named Dr Shifro is promising customers it can help th...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56425642

    PHISHING CAMPAIGN DELIVERS FLAWEDAMMYY, RMS RATS

    Dec 04, 2018

    A new campaign delivering various remote access Trojans (RATs) is likely the work of a known Dridex/Locky operator, Morphisec security researchers warn. Dubbed Pied Piper, the campaign targets users in multiple countries and is likely operated by TA505, the threat group known to have orchestrated la...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56275627

    DATA BREACHES CAN SUCKER-PUNCH YOU. PREPARE TO FIGHT BACK

    Dec 03, 2018

    When a big data breach makes the news, there's one thing that can get lost in the noise -- the harm that hacking causes regular people like you. Experts tend to focus on the number of people whose records hackers stole, or whether the breached company could have prevented the hack. Those are imp...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56285628

    CISCO, AT&T, INTEL PROMOTE BEST ANTI-BOTNET PRACTICES FOR COMPANIES

    Dec 03, 2018

    A new report recommends best practices for services providers, enterprises, and software and device manufacturers to protect against botnets and other automated distributed attacks. The Council to Secure the Digital Economy published the 2018 International Anti-Botnet Guide. It’s a trade assoc...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56295629

    KNOWING VALUE OF DATA ASSETS IS CRUCIAL TO CYBERSECURITY RISK MANAGEMENT

    Dec 03, 2018

    Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied. Sponsored by DocAuthority and based on Gartner's Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professio...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56305630

    NSA EXPLOITS NOT SILENT BUT ETERNALLY PROBLEMATIC

    Nov 29, 2018

    It’s been over a year since patches to protect against the leaked NSA exploits were released, yet Akamai has published research revealing the continued use of the Eternal family of exploits with evidence of a new version of the UPnProxy vulnerability targeting unpatched computers behind the ro...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56195619

    DELL RESETS USER PASSWORDS AFTER WEBSITE ATTACK

    Nov 29, 2018

    Dell announced late on Nov. 28 that its Dell.com customer-facing website was the victim of a cyber-attack. The attack was apparently discovered by Dell on Nov. 9, with attackers taking aim at usernames, email addresses and passwords that had been cryptographically hashed. According to Dell, it has n...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56205620

    ATTACKERS KEEN ON AUTOMATED BROWSERS

    Nov 29, 2018

    Google Chrome has long been a popular web browser, but since the introduction of the headless mode functionality, the browser has grow in popularity not only among software engineers and testers but also with attackers, according to Imperva. According to recently published research, "Headless C...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56215621

    ATTACKERS RUN ON DUNKIN'S DD PERKS REWARDS

    Nov 29, 2018

    Boston-based Dunkin’, the brand formerly known as Dunkin Donuts, has released a warning to its customers stating that DD Perks reward account holders were potentially hacked by a third party in a credential-stuffing attack wherein hackers were trying to steal the rewards points to sell and tra...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56225622

    INDUSTRY REACTIONS TO USPS EXPOSING USER DATA

    Nov 28, 2018

    Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers. Krebs learned of the security hole from an unnamed researcher who had reported the issue to USPS over a year ago. ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56115611

    CYBER RISK EXCHANGE STARTUP CYBERGRX RAISES $30 MILLION

    Nov 28, 2018

    CyberGRX, a Denver, Colorado-based startup that has created what it calls a “global cyber risk exchange”, today announced that it has raised $30 million in Series C funding, bringing the total amount raised by the company to $59 million. Through its recently launched third-party cyber ri...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56125612

    IBM BRINGS ENHANCED DATA MODELS TO QRADAR ADVISOR WITH WATSON 2.0

    Nov 28, 2018

    IBM announced on Nov. 28 that it is expanding the capabilities of its QRadar Advisor with Watson platform to help organizations more rapidly understand attacker behaviors. The IBM QRadar Advisor with Watson 2.0 release is an artificial intelligence (AI) platform that enables organizations to collect...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56135613

    NOKIA’S SOFTWARE BIZ IS FIRMLY ROOTED IN SILICON VALLEY

    Nov 28, 2018

    Nokia is making its presence in Silicon Valley a bit more prominent with the addition of a new corporate campus in Sunnvale, California. Although the campus won’t be ready until the first half of 2020, the company’s intent is to bring together its 1,000 or so employees that are currently...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56185618

    MICROSOFT REVEALS MORE ON RECENT SECURITY HICCUPS

    Nov 27, 2018

    Remember that big outage that happened last week to Azure, Office 365 and Dynamic users? Well, Microsoft has shed some more light on what the underlying causes were. Publicly releasing root causes to the issue, Microsoft said there were three separate problems that led to the downtime. The first two...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56035603

    SCAM WEBSITES ARE USING THAT GREEN HTTPS PADLOCK TO FOOL YOU

    Nov 27, 2018

    You may have heard you should look for the padlock symbol at the top of a website before entering your password or credit card information into an online form. It's well-meaning advice, but new data shows it isn't enough to keep your sensitive information secure. As it turns out, fraudsters ...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56045604

    CRYPTOCURRENCY-STEALING CODE DISTRIBUTED VIA POPULAR LIBRARY

    Nov 27, 2018

    The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies. Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to appli...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56055605

    AWS BOOSTS SERVERLESS SECURITY WITH FIRECRACKER MICROVMS

    Nov 27, 2018

    Amazon Web Services is looking to further accelerate the adoption of serverless computing with the announcement on Nov. 26 at its re:Invent conference of its new open-source Firecracker lightweight virtualization technology. There has long been a debate about whether or not it is necessary to run co...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=56065606

    WHAT IS WINDOWS HELLO? MICROSOFT’S BIOMETRICS SECURITY SYSTEM EXPLAINED

    Nov 26, 2018

    Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely con...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55955595

    ALIBABA RESTRUCTURES AMIDST CLOUD COMPUTING PUSH AND GROWTH

    Nov 26, 2018

    Alibaba Group Chief Executive Daniel Zhang announced that the company would be restructuring its cloud business unit and its Tmall e-commerce business. This comes just weeks after Zhang told CNBC that Alibaba Cloud would be the group’s main business in the future. Alibaba will rename its cloud...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55965596

    RESEARCHERS USE SMART BULB FOR DATA EXFILTRATION

    Nov 26, 2018

    Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration. For their experiment, the researchers used the Magic Blue smart bulbs, which work with both Android and iOS, and ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55975597

    DOS VULNERABILITIES IMPACT LINUX KERNEL

    Nov 26, 2018

    Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS). The flaws, both which were made public last week, impact Linux kernel 4.19.2 and previous versions. Both represent NULL pointer deference bugs that can be exploited by loca...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55985598

    US SAYS CHINA INCREASED HACKING OVER TRADE DISPUTE

    Nov 23, 2018

    In advance of a meeting between US President Donald Trump and China's President Xi Jinping, a US government report made claims that China had increased hacking attempts in an effort to steal American technology and shows no sign of stopping or slowing its cyber-theft practices, according to the ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55865586

    MICROSOFT TAKES ANOTHER STEP TOWARDS KILLING PASSWORDS

    Nov 22, 2018

    People looking to log into their Microsoft accounts no longer need passwords to do so. The Redmond giant has announced today that it is supporting passwordless user authentication, which uses biometrics, the Microsoft Authenticator app, or a FIDO2-compatible device. A whole swathe of Microsoft servi...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55885588

    USPS REPORTEDLY FIXES WEBSITE BUG THAT EXPOSED DATA OF 60M USERS

    Nov 22, 2018

    Just in time for the holiday shopping season, it appears the US Postal Service has fixed a security flaw that allowed all USPS.com account holders, some 60 million people, to see personal details of fellow users. Cybersecurity expert Brian Krebs wrote about the bug on Wednesday, noting that he was c...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55935593

    SIGNIFICANT LACK IN AWARENESS OF IOT SECURITY AMONG IT LEADERS, STUDY FINDS

    Nov 21, 2018

    A survey conducted by IT security firm Trend Micro has revealed that 86% of IT and security decision makers around the world believe their organisations need to enhance their awareness of IoT threats. This is due to significant lack of knowledge which accompanies rising threat levels and security ch...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55805580

    FACEBOOK BOOSTS BUG BOUNTY PAYOUTS FOR ACCOUNT TAKEOVER FLAWS

    Nov 21, 2018

    Facebook has faced multiple challenges over the course of 2018 as it has struggled with inauthentic user behavior, abuse of private information and outright attacks where user accounts were hijacked. In an effort to improve user account security and mitigate hijacking threats, Facebook announced on ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55815581

    ATTACKERS EXPLOIT RECENTLY PATCHED POPULAR WORDPRESS PLUGIN

    Nov 21, 2018

    Recently patched vulnerabilities in the popular AMP for WP plugin are being targeted in an active Cross-Site Scripting (XSS) campaign, Wordfence reports. With over 100,000 installs, the plugin adds Accelerated Mobile Pages (Google AMP Project) functionality to websites, which makes them faster for m...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55825582

    HACKERS LINKED TO RUSSIA IMPERSONATE US OFFICIALS

    Nov 20, 2018

    In a targeted campaign directed at multiple organizations across law enforcement, media, pharmaceutical and other public sectors, hackers with alleged ties to the Russian government have been trying to infiltrate US government computers and networks, according to a new report published by FireEye. M...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55745574

    PORTSHIFT PLATFORM LOOKS TO SECURE APPLICATION IDENTITY IN THE CLOUD

    Nov 20, 2018

    Assigning identity to applications has long been a challenge for organizations, and it's one that startup Portshift is looking to help solve. Portshift officially launched on Nov. 20, backed by Israeli cyber-security accelerator Team8 and $5.3 million in seed funding. Portshift's core techno...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55755575

    AWS LAUNCHES NEW SECURITY OFFERING WHICH MITIGATES S3 MISCONFIGURATIONS – IF CUSTOMERS GET IT RIGHT

    Nov 20, 2018

    Amazon Web Services (AWS) has announced extra steps to ensure customers’ S3 buckets don’t become misconfigured – but don’t assume responsibility has been taken away from the customer. The new service, Amazon S3 Block Public Access, can work at the account level, on individual...

    CLOUD COMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55765576

    TP-LINK PATCHES REMOTE CODE EXECUTION FLAWS IN SOHO ROUTER

    Nov 19, 2018

    Vulnerabilities recently addressed by WiFi device maker TP-Link in its TL-R600VPN small and home office (SOHO) router could allow remote code execution, Cisco Talos security researchers warn. The issues were mainly caused by lack of input sanitization and parsing errors. Lack of proper input sanitiz...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55685568

    IS YOUR DATA BREACH RESPONSE PLAN READY?

    Nov 19, 2018

    Fifty-six percent of organizations experienced a data breach involving more than 1,000 records over the past two years, and of those, 37 percent occurred two to three times and 39 percent were global in scope, according to Experian. In 2017 in particular, there were more than 5,000 reported data bre...

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55695569

    SONICWALL LAUNCHES SD-WAN, RISK METRICS AND NEW UTM HARDWARE

    Nov 19, 2018

    SonicWall is adding multiple new features to its product portfolio, in a bid to help organizations further secure their on-premises and hybrid cloud assets against threats. Among the new features coming to SonicWall's Capture Cloud Platform are zero-touch deployment options and software-defined ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55705570

    TEXAS HOSPITAL BECOMES VICTIM OF DHARMA RANSOMWARE

    Nov 19, 2018

    The Altus Baytown Hospital (ABH) has revealed a ransomware outbreak which may have led to the leak of patient data. In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization's systems on roughly September 3. The...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55945594

    DRIDEX/LOCKY OPERATORS UNLEASH NEW MALWARE IN RECENT ATTACK

    Nov 16, 2018

    The threat actor(s) behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT), Proofpoint security researchers warn. Known as TA505, the attackers have been using malware dubbed tRat, which was written in Delphi and is modular in nature. The new piece of malware was fir...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55575557

    SAMSAM AND GANDCRAB ILLUSTRATE EVOLUTION OF RANSOMWARE

    Nov 16, 2018

    2018 has seen a major divergence in the operation of ransomware: targeted versus ransomware as a service (RaaS). Two particular malware families have dominated each branch: SamSam (targeted) and GandCrab (RaaS). Targeted seeks high ransoms from relatively few victims, while RaaS seeks relatively sma...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55635563

    BLACKBERRY JUMPS INTO SECURITY WITH $1.4B CYLANCE ACQUISITION

    Nov 16, 2018

    A week after the first rumors of the acquisition began to surface, BlackBerry confirmed on Nov. 16 that it is acquiring cyber-security vendor Cylance for $1.4 billion in cash. The deal is expected to close before BlackBerry's fiscal year end in February 2019. Cylance is best known for its suite ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55645564

    TEXT MESSAGE DATABASE REPORTEDLY LEAKED PASSWORD RESETS

    Nov 15, 2018

    A massive database managing millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes. Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering any...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55615561

    GREATHORN EXPANDS EMAIL SECURITY PLATFORM

    Nov 15, 2018

    Waltham, MA-based GreatHorn has expanded its machine-learning phishing protection system into a complete email security platform. "This major new expansion of the Company's flagship solution," it announced on November 14, "addresses every potential stage of a phishing attack with ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55625562

    NEARLY 70 PERCENT OF SMBS EXPERIENCE CYBER ATTACKS

    Nov 14, 2018

    The 2018 State of Cybersecurity in Small and Medium Size Businesses study, conducted by the Ponemon Institute, sponsored by Keeper Security, revealed that small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent rate their ability to mitigate threats, ...

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55505550

    APPLE'S SAFARI TESTS 'NOT SECURE' WARNING FOR UNENCRYPTED WEBSITES

    Nov 14, 2018

    Apple's Safari team, following Chrome's lead, has begun warning people when they're visiting websites that aren't protected by HTTPS encryption. The feature for now is only in Safari Technology Preview 70, a version of the web browser Apple uses to test technology it typically brings...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55555555

    THE BIGGEST CYBER THREATS TO WATCH OUT FOR IN 2019

    Nov 13, 2018

    Experts from The Chertoff Group, a global security advisory firm that enables clients to navigate changes in security risk, technology and policy, developed a list of the biggest cyber threats to watch out for in 2019. Cryptojacking. If the recent and explosive growth of ransomware is an indication ...

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55515551

    DESPITE RAISED AWARENESS, WORKER CYBER SECURITY PRACTICES AREN'T IMPROVING

    Nov 13, 2018

    Even though there has lately been a lot of talk about cybersecurity awareness amongst employees, their habits aren’t getting any better. As a matter of fact, SailPoint Technologies’ new report says they are actually getting worse. The enterprise identity governance company issued a repor...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55445544

    SAP PATCHES CRITICAL VULNERABILITY IN HANA STREAMING ANALYTICS

    Nov 13, 2018

    SAP this week published its November 2018 set of security patches, which include 11 new Security Patch Day Notes, along with 3 updates for previously released notes. This month’s Security Notes include a Hot News note, five notes rated High, and eight notes considered Medium risk. The most imp...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55455545

    TWISTLOCK IMPROVES CLOUD-NATIVE SECURITY WITH DISCOVERY TOOL

    Nov 13, 2018

    There is a simple truism in much of IT, and that is that organizations can't manage what they're not aware of. As organizations increasingly make use of distributed teams that use cloud-native services, there is a nontrivial risk of application sprawl. On Nov. 13, container security vendor T...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55465546

    CLOUDFLARE BRINGS PRIVACY TO MOBILE TRAFFIC WITH 1.1.1.1 DNS APP

    Nov 12, 2018

    Cloudflare is extending its 1.1.1.1 DNS service with new mobile capabilities it announced on Nov. 11. The 1.1.1.1 DNS service was first launched on April 1, providing a freely available service to help secure and accelerate DNS lookups. The initial service launch required users to make a change on t...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55385538

    ADOBE COLDFUSION VULNERABILITY EXPLOITED IN THE WILD

    Nov 09, 2018

    A recently patched remote code execution vulnerability affecting the Adobe ColdFusion web application development platform has been exploited in the wild by one or more threat groups, Volexity warned on Thursday. The security hole in question is tracked as CVE-2018-15961 and it was resolved by Adobe...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55405540

    THE MORRIS WORM TURNS 30

    Nov 09, 2018

    How the historic Internet worm attack of 1988 has shaped security - or not. Michele Guel was sound asleep on Nov. 3, 1988, when the call came at 3:30 a.m.: An unknown virus had infiltrated NASA Ames Research Laboratory's Sun Microsystems file servers and workstations and was sapping their resour...

    DARK READING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55565556

    NEARLY 4,000 BREACHES DISCLOSED IN 2018

    Nov 08, 2018

    While it is likely that the breach activity of 2018 won’t reach the level of 2017, a look back at the first nine months suggests that 2018 is on pace to be another significant year for breaches, according to Risk Based Security. The 2018 Q3 Data Breach QuickView Report found that 3,676 data co...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55345534

    MOST IT SECURITY PROS UNDERESTIMATE PHISHING RISKS

    Nov 08, 2018

    Based on the results of a new survey, the vast majority of IT security pros fail to understand the actual risks of short-lived but dangerous phishing attacks on the web, said SlashNext. Conducted over a five day period, a query of 300 IT security decision makers in midsized firms in the US found tha...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55325532

    SYMANTEC BOOSTS SECURITY WITH JAVELIN, APPTHORITY ACQUISITIONS

    Nov 06, 2018

    Symantec continues to grow its portfolio of cyber-security products and services, most recently via the acquisitions of Javelin Networks and Appthority. Privately held Javelin Networks develops technology to help protect enterprises from attacks that target the widely deployed Microsoft Active Direc...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55335533

    U.S. CONSUMERS' SECURITY HABITS MAKE THEM VULNERABLE TO FRAUD

    Nov 06, 2018

    Despite almost half of U.S. consumers (49 percent) believing their security habits make them vulnerable to information fraud or identity theft, 51 percent admit to reusing passwords/PINs across multiple accounts such as email, computer log in, phone passcode, and bank accounts. That is according to ...

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55395539

    FACEBOOK SEPARATES WORKPLACE FOR BUSINESS CUSTOMERS

    Nov 01, 2018

    Facebook has revealed it will be separating out its Workplace by Facebook platform from its main domain. The social network said that soon, businesses that pay for Workplace by Facebook (and according to Facebook October 2017 figures, there's 30,000 of them so far), will no longer log in through...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55265526

    USB DRIVES DELIVER DANGEROUS MALWARE TO INDUSTRIAL FACILITIES: HONEYWELL

    Nov 01, 2018

    Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell. The industrial giant last year launched SMX, a product designed to protect facilities from USB-bor...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55275527

    BLEEDINGBIT BLUETOOTH VULNERABILITIES EXPOSE WIFI APS TO RISK

    Nov 01, 2018

    Wireless access points from multiple vendors are potentially at risk thanks to a set of new Bluetooth flaws known as Bleedingbit. Bleedingbit was publicly announced by IoT security firm Armis on Nov. 1; it impacts Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that are used in Cisco...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55285528

    PROPOSAL FOR CYBERSECURITY CIVILIAN CORPS GETS MIXED RECEPTION

    Oct 31, 2018

    Although the U.S has been engaged in cybersecurity for over a generation, "there continues to be organizational and human gaps that leave the nation insecure." Few people would disagree. What is less clear is any realistic and effective solution to the problem. Now the bi-partisan New Amer...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55225522

    LOGRHYTHM ADVANCES NEXTGEN SIEM SECURITY PLATFORM WITH SOAR FEATURES

    Oct 30, 2018

    Some organizations might think of Security Information and Event Management (SIEM) technology as only being concerned with log collection for security, but that's not what LogRhythm's NextGen SIEM system is all about. LogRhythm announced its 7.4 release on Oct. 30, enhancing the company'...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55175517

    CYBER IS A BOARDROOM ISSUE IN 2018

    Oct 30, 2018

    Based on studies and interviews with corporate board members and chief information security officers (CISOs), the Cyber Balance Sheet, published by Focal Point Data Risk and produced by the Cyentia Institute, found that boardrooms are engaging in more conversations about security. While the talks ab...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55185518

    CLOUD DATA IS MORE AT RISK THAN THOUGHT

    Oct 30, 2018

    Almost a quarter of all corporate data in the cloud can be categorised as sensitive, which might spell trouble for the company if the data gets stolen or somehow leaks. This is according to the latest McAfee Cloud Adoption and Risk Report which claims that the threat is even greater than originally ...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55215521

    IBM TO ACQUIRE OPEN SOURCE GIANT RED HAT FOR $34 BILLION

    Oct 29, 2018

    IBM said Sunday it has reached a deal to buy open source software company Red Hat for $34 billion, among the biggest tech mergers in history which the computing giant said would enhance its cloud offerings. If approved it will be the third biggest tech merger in history, according to business news s...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55125512

    LOGICAL BUG IN MICROSOFT WORD'S 'ONLINE VIDEO' ALLOWS CODE EXECUTION

    Oct 29, 2018

    Microsoft Office is impacted by a logical bug that allows an attacker to abuse the “online video” feature in Word to execute malicious code, Cymulate security researchers warn. The issue, which supposedly impacts all users of Office 2016 and older, can be exploited without special config...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55135513

    FACEBOOK IS MOVING FAST TO LIMIT COORDINATED INAUTHENTIC BEHAVIOR

    Oct 29, 2018

    Facebook is not sitting idly by while attackers attempt to influence the social network's users with inauthentic accounts and recently removed 82 pages that were followed by over 1 million accounts. Facebook is moving swiftly to disrupt and remove nation-state backed attackers from its social me...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55145514

    STATE OF SOFTWARE SECURITY MOVING FORWARD SLOWLY, VERACODE REPORTS

    Oct 25, 2018

    The state of software security in 2018 is marginally better than what it was in 2017, but there is still lots of room to improve, according to the 2018 State of Software Security report from CA's Veracode division. Among the high-level findings in the SOSS report is that 69 percent of discovered...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55095509

    US DEPARTMENT OF DEFENSE EXPANDS BUG BOUNTY EFFORTS

    Oct 24, 2018

    The Department of Defense has found value over the past two years in engaging with hackers and is now expanding its crowdsourced security efforts with HackerOne, Synack and Bugcrowd. While it might seem counterintuitive, the U.S. Department of Defense has been actively encouraging hackers to hack th...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55055505

    POCKET INET LEAVES 73 GB OF SENSITIVE DATA EXPOSED

    Oct 24, 2018

    A Washington State internet provider, Pocket iNet, left an AWS S3 server exposed online without a password, according to UpGuard. The UpGuard cyber-risk team reported that the information exposed included 73 gigabytes of downloadable data, which included passwords and other sensitive files, ranging ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55065506

    NETSCOUT LAUNCHES ARBOR EDGE DEFENSE FOR ENTERPRISE DDOS SECURITY

    Oct 23, 2018

    Netscout Systems announced its Arbor Edge Defense security system on Oct. 23, providing organizations with automated inbound and outbound protection against threats. The AED technology, which Netscout is positioning as a stateless technology that blocks cyber-threats, is deployed at the perimeter of...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55015501

    ORACLE DOUBLES DOWN ON CLOUD SECURITY WITH CASB, WAF, DDOS PROTECTION

    Oct 23, 2018

    At OpenWorld 2018 on Oct. 23, Oracle announced a series of new cloud security technologies, providing organizations with enhanced capabilities to defend against attacks. Among the new security capabilities is a Web Application Firewall (WAF) to help protect Oracle Cloud Infrastructure customers from...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=55025502

    WALLARM ADVANCES APPLICATION SECURITY WITH FAST 2.0

    Oct 22, 2018

    Wallarm is looking to gain share in the growing market for application security, with continued advancements to the company's Framework for Automatic Security Testing, or FAST, platform. On Oct. 22, Wallarm announced that it raised $8 million in a Series A round of funding, led by Toba Capital a...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54975497

    75K FILES ACCESSED IN INSURANCE EXCHANGES BREACH

    Oct 22, 2018

    Early last week, the Centers for Medicare & Medicaid Services (CMS) announced some suspicious activity in the Federally Facilitated Exchanges (FFE), an agent and broker exchanges portal. On October 13, 2018, a CMS staffer noticed the anomalous activity that resulted in the agency declaring a bre...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54985498

    GREYENERGY POTENTIAL SUCCESSOR OF BLACKENERGY

    Oct 19, 2018

    GreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET. Back in December of 2015, when approximately 230,000 people suffered a blackout after the APT group BlackEnergy attacked a powe...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54945494

    ORACLE PATCHES 301 VULNERABILITIES IN OCTOBER UPDATE

    Oct 18, 2018

    Oracle's final Critical Patch Update (CPU) for 2018 is now available, patching 301 vulnerabilities spread across Oracle's product portfolio. Of the 301 vulnerabilities, 49 are rated with a CVSS (Common Vulnerabilities Security Scoring) score of 9.0 or higher, with only a single issue garneri...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54935493

    SHIELDX INTEGRATES INTENTION ENGINE INTO ELASTIC SECURITY PLATFORM

    Oct 17, 2018

    ShieldX announced its new Elastic Security Platform on Oct. 17 providing organizations with Docker container-based data center security, that uses advanced machine learning to determine intent. At the core of the Elastic Security Platform is a technology that ShieldX calls the Adaptive Intention Eng...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54895489

    MCAFEE EXTENDS MVISION SECURITY PLATFORM WITH EDR, CLOUD PROTECTION

    Oct 17, 2018

    McAfee kicked off its annual MPOWER conference on Oct. 17 announcing new updates to its Mvision cyber-security product portfolio, The new updates include the Mvision EDR (Endpoint Detection and Response) offering that provides new endpoint security capabilities. The new Mvision Cloud service brings ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54905490

    GITHUB RELEASES NEW WORKFLOW TOOLS, 'OCTOVERSE' REPORT

    Oct 16, 2018

    The global open source code repository also released new security tools with the GitHub Security Advisory API, new ways to learn across teams with GitHub Learning Lab for organizations, and other items. Oh yes, it also released the annual "State of the Octoverse" report. GitHub held its Un...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54845484

    INSURER ANTHEM WILL PAY RECORD $16M FOR MASSIVE DATA BREACH

    Oct 16, 2018

    The nation's second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday. The personal information of nearly 79 million people — including names, birt...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54855485

    CYBERARK BRINGS PRIVILEGED SESSION MANAGER TO THE CLOUD

    Oct 15, 2018

    CyberArk has integrated technology from Vaultive to create a new offering that looks to help organizations secure session and access management in the cloud. CyberArk announced its new Privileged Session Manager for Cloud offering on Oct. 15, providing its customers with capabilities for managing an...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54805480

    IBM OPENS UP SERIES OF SECURITY, AI AND CLOUD INITIATIVES

    Oct 15, 2018

    In a bid to encourage more open platforms, IBM announced its new Security Connect, MultiCloud Manager and AI OpenScale platforms. IBM is looking to further position itself as an open vendor with a series of announcements on Oct. 15 across security, cloud and artificial intelligence (AI) services. IB...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54815481

    SECRET AMAZON DATA CENTER GIVES NOD TO SEINFELD

    Oct 12, 2018

    On October 11, 2018, WikiLeaks published AmazonAtlas, a 20-page document from late 2015 containing the addresses and operational details for more than 100 of Amazon’s data centers, one of which indicates an affinity for the comedy of Jerry Seinfeld. In addition to revealing the information abo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54765476

    NO COOKIES FOR CARTTHIEF, A NEW MAGECART VARIANT

    Oct 12, 2018

    A new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team. Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54775477

    GOOGLE HARDENS ANDROID KERNEL

    Oct 11, 2018

    Google this week revealed that Android’s kernel is becoming more resilient to code reuse attacks, courtesy of implemented support for LLVM’s Control Flow Integrity (CFI). CFI support, Google says, was added to Android kernel versions 4.9 and 4.14 and the feature is available to all devic...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54725472

    FACEBOOK PURGES 251 ACCOUNTS TO THWART DECEPTION

    Oct 11, 2018

    Facebook on Thursday said it shut down 251 accounts for breaking rules against spam and coordinated deceit, some of it by ad farms pretending to be forums for political debate. The move came as the leading social network strives to prevent the platform from being used to sow division and spread misi...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54735473

    CARBON BLACK ADDS THREAT HUNTING TO ITS SECURITY CLOUD

    Oct 10, 2018

    Carbon Black added threat hunting and incident response capabilities to its cloud-based endpoint security platform, Cb Predictive Security Cloud. The new service, called Cb Threat Hunter, is essentially a cloud-delivered version of the company’s on-premises Cb Response endpoint detection and r...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54685468

    ALERT LOGIC GROWS CONTAINER SECURITY CAPABILITIES

    Oct 10, 2018

    Alert Logic is moving its container security support beyond Amazon Web Services and now supports Microsoft Azure--in addition to on-premises deployments of containers and Kubernetes. Alert Logic announced on Oct. 9 new capabilities and deployment options for its Network Intrusion Detection System (N...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54695469

    GOOGLE TIGHTENS RULES AROUND APP PERMISSIONS

    Oct 09, 2018

    Google this week announced improved user control over data shared with apps, redesigned app permissions, and diminished app access to sensitive information such as contacts, SMS, and phone. The changes, the search giant says, are being rolled out as part of Project Strobe, which represents an overal...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54645464

    MICROSOFT PATCHES WINDOWS ZERO-DAY EXPLOITED BY 'FRUITYARMOR' GROUP

    Oct 09, 2018

    Microsoft's Patch Tuesday updates for October 2018 resolve nearly 50 vulnerabilities, including a Windows zero-day flaw exploited by an advanced persistent threat (APT) actor known as FruityArmor. The zero-day, tracked as CVE-2018-8453, has been described by Microsoft as a privilege escalation i...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54655465

    TENABLE RESEARCHER REVEALS EXTENDED MIKROTIK ROUTER VULNERABILITY

    Oct 08, 2018

    At Derbycon, a Tenable security researcher disclosed a new attack vector for a previously disclosed vulnerability in a widely deployed router platform. Routers represent an attractive target for hackers to build botnets and spread malware, especially when the routers have known, unpatched remote cod...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54605460

    WHY CYBERSECURITY TRAINING MUST BECOME A PRIORITY

    Oct 05, 2018

    Why Cybersecurity Training Must Become a Priority. Because the threat landscape continues to evolve rapidly, organizations are having a hard time keeping pace with the evolving cybersecurity skills required to manage their complex environments. Cybercrime is on the upswing, and no industry is immune...

    NETWORK COMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54635463

    CALIFORNIA TO BAN WEAK PASSWORDS

    Oct 05, 2018

    In an effort to better protect its residents from falling victim to cyber attacks, California has announced that it will ban weak passwords from 2020. Default passwords such as “admin” and “password” will be illegal for electronics manufacturers to use in the state as they of...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54565456

    12.5M BUSINESS EMAIL ACCOUNTS ACCESSIBLE VIA WEB

    Oct 05, 2018

    Cybercriminals have found new ways to infiltrate corporate emails, which has resulted in a $12bn cost to businesses over the last five years, according to Digital Shadows. Compromised corporate accounts are commonly traded on the dark web, where criminals stand to earn a pretty penny, particularly i...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54575457

    FIREEYE INTRODUCES COMMUNITY-BASED PROTECTION FOR BEFORE, DURING AND AFTER A CYBER ATTACK

    Oct 04, 2018

    FireEye Cyber Defense Summit – FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced the availability of a set of solutions to empower collaboration and bolster access to community-based protection from cyber attacks. The FireEye Market, Expertise On-Demand and e...

    BUSINESS WIRE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54525452

    DHS MOVES TO DEFEND INFRASTRUCTURE ACROSS SECTORS

    Oct 04, 2018

    With the kickoff of National Cybersecurity Awareness Month, the Department of Homeland Security (DHS) has been actively focused on cybersecurity this week. The department is continuing its efforts to enhance cybersecurity across the nation’s critical infrastructure, which Secretary Kirstjen Ni...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54535453

    AFTER FACEBOOK'S HACK, THERE'S A LOT OF USELESS POST-BREACH ADVICE

    Oct 03, 2018

    If someone is telling you that you should change your passwords after Facebook's breach, stop. The advice is completely useless for the 50 million people potentially affected by a security flaw, announced Sept. 28, in Facebook's "View As" feature. And yet, organizations like the US...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54485448

    18 VULNERABILITIES FOUND IN FOXIT PDF READER

    Oct 03, 2018

    Eighteen vulnerabilities have been disclosed in Foxit PDF Reader, a commonly used alternative to Adobe Acrobat Reader, which is a widely used browser plugin, according to Cisco Talos. “Foxit PDF Reader is one of the most popular free tools for viewing, commenting on and editing PDF documents. ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54495449

    FACEBOOK FINDS 'NO EVIDENCE' HACKERS ACCESSED OUTSIDE APPS

    Oct 02, 2018

    Facebook says its investigation into a hack revealed last week has found "no evidence" that hackers accessed third-party apps. The breach, which Facebook said Friday had affected 50 million people on the social network, stemmed from a vulnerability in Facebook's "view as" fea...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54435443

    FACEBOOK FINDS 'NO EVIDENCE' HACKERS ACCESSED OUTSIDE APPS

    Oct 02, 2018

    Facebook says its investigation into a hack revealed last week has found "no evidence" that hackers accessed third-party apps. The breach, which Facebook said Friday had affected 50 million people on the social network, stemmed from a vulnerability in Facebook's "view as" fea...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54445444

    APOLLO FACES CRITICISM FOR BREACH OF 200 MILLION CONTACTS

    Oct 02, 2018

    Sales engagement startup Apollo, whose database of 200 million contacts across 10 million companies was reportedly hacked, is facing criticism for failing to protect the data it collects. According to TechCrunch, Apollo said its contacts database was stolen in a data breach. While the company’...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54455445

    FACEBOOK RESETTING ACCESS TOKENS FOR 90M USERS AFTER BREACH

    Sep 28, 2018

    On Sept. 28, the company publicly admitted that it was the victim of a data breach that impacted approximately 50 million user accounts. Out of an abundance of caution, Facebook is resetting the access tokens for a total of 90 million user accounts. The breach was apparently discovered in the aftern...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54395439

    AT&T AND ERICSSON PARTNER UP FOR IOT CYBERSECURITY

    Sep 27, 2018

    AT&T and Ericsson are teaming up to provide comprehensive testing for organizations to safeguard connected devices. According to AT&T, only 10% of its surveyed organization’s say they are confident about their devices having sufficient security measures in place. The operator has seen ...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54405440

    PCI-DSS COMPLIANCE DECLINING, VERIZON REPORTS

    Sep 26, 2018

    For six years in a row, Verizon has reported a steady increase in compliance with the PCI-DSS security standard for payment security. Unfortunately, it's a trend that has now changed course. On Sept. 25, Verizon released its 2018 Payment Security Report, revealing a drop in Payment Card Industry...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54355435

    UBER TO PAY $148 MILLION FOR FAILING TO REPORT 2016 HACK

    Sep 26, 2018

    Uber has reached a settlement with all 50 US states and the District of Columbia over a 2016 data breach the ride-hailing service failed to disclose. The company will pay a $148 million fine that will be distributed in varying amounts across all states, attorneys general said Wednesday. Uber will al...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54365436

    MICROSOFT ADDS NEW ENTERPRISE PROTECTION, MANAGEMENT TO OUTLOOK MOBILE

    Sep 25, 2018

    Despite what a number of messaging- and chat-oriented proponents keep insisting, email isn’t going away anytime soon. In fact, use of email is growing, just like virtually every other sector in IT. It’s like Sly and the Family Stone once sang: Different strokes for different folks. There...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54315431

    SECURITY-MINDED EMPLOYEES STILL POSE RISKS

    Sep 25, 2018

    Despite their training and best intentions, even the most security-minded employees behave in ways that put the enterprise at risk, according to The Security Culture Report 2018. The report, which covered eight industry sectors, surveyed more than 21,000 employees who spoke seven different languages...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54325432

    ATTIVO BRINGS CYBER-SECURITY DECEPTION TO CONTAINERS AND SERVERLESS

    Sep 24, 2018

    As organizations begin to embrace container and serverless technologies, there is a corresponding need to secure those deployment models. On Sept. 24, Attivo Networks announced its entry into the container and serverless security market with an update of its ThreatDefend cyber-security deception pla...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54275427

    HOW ENTERPRISES CAN BETTER DEFEND AGAINST SOCIAL-MEDIA THREATS

    Sep 24, 2018

    No person and no company are completely immune from attacks via the internet. Social networks, too, have been weaponized by all sorts of bad actors--including election meddlers, misinformation peddlers, fraudulent accounts, cybercriminals and scammers. The networks are doing their best to clean up t...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54285428

    RAPID7 LOOKS TO SOAR WITH INSIGHTCONNECT AUTOMATION PLATFORM

    Sep 20, 2018

    Rapid7 announced during a webcast customer event on Sept. 20 that it is enhancing its product portfolio with new automation capabilities to help IT security teams deal with the deluge of information and tasks needed to secure their organizations. Among the enhancements is the new InsightConnect secu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54235423

    MALICIOUS LOGIN ATTEMPTS SPIKE IN FINANCE, RETAIL

    Sep 20, 2018

    The new 2018 State of the Internet/Security Credential Stuffing Attacks report is out, and according to the report publisher, Akamai, worldwide malicious login attempts are on the rise. Analyzing data gathered from its Intelligent Platform and attack data from across the company's global infrast...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54245424

    NEWEGG DATA BREACH EXPOSED CUSTOMER CREDIT CARD INFO, SAYS REPORT

    Sep 19, 2018

    Some Newegg customers reportedly had their credit card info nicked, as hacking group Magecart strikes again. Security researchers RiskIQ said Wednesday that Magecart inserted malicious code into the payments system of the hardware and electronics retailer and made off with charge card data. The nast...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54195419

    STATE DEPARTMENT EMAIL DATA BREACH EXPOSES EMPLOYEE DATA

    Sep 19, 2018

    The US State Department suffered a data breach that exposed some employee data. The email system breach impacted "less than 1 percent of employee inboxes," according to a Sept. 7 department alert obtained by Politico. The department's classified email system was not affected, according...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54205420

    FIDELIS LOOKS TO GROW CYBER-SECURITY PLATFORM WITH NEW FUNDING

    Sep 18, 2018

    Fidelis Cybersecurity announced on Sept. 18 that it has raised $25 million in a new round of funding to help grow the company's platform, which provides multiple capabilities for network and endpoint security. This has been a busy year for Fidelis as the company has expanded its core Elevate Pla...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54155415

    INJUNCTION TO SECURE GEORGIA ELECTIONS DENIED

    Sep 18, 2018

    A request for a preliminary injunction in the Georgia election security lawsuit was denied by a federal judge late last night. The plaintiffs, who have long been battling to have the state switch to using paper ballots, had their request denied by US District Judge Amy Totenberg. In a 46-page order,...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54165416

    WHY SOFTWARE-DEFINED PERIMETERS OUTFLANK VPNS FOR SECURE REMOTE ACCESS

    Sep 17, 2018

    With an increasing number of employees working from coffee shops, airports and home, and the cost of breaches increasing the security concerns created by perimeter-based VPNs, organizations are looking closer at alternatives such as SDPs, which use a zero-trust paradigm to overcome these issues. Per...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54105410

    HOW THE CLOUD SECURITY ALLIANCE CLOUD CONTROLS MATRIX BENEFITS FINANCIAL INSTITUTIONS

    Sep 14, 2018

    The self-service and dynamic nature of cloud infrastructure creates challenges for risk and compliance professionals. Tools that worked well in the traditional data centre do not translate to the public cloud.   Due to these concerns over regulatory compliance and security, as well as the ...

    CLOUDCOMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54115411

    BITSIGHT LAUNCHES FORECASTING CAPABILITY FOR CYBER-RISK

    Sep 05, 2018

    The new offering aims to help organizations predict how different technology and process changes will impact future cyber-risk. Security ratings firm BitSight announced on Sept. 5 that it is expanding its offerings with the launch of the new BitSight Forecasting service. The BitSight Forecasting cap...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54065406

    HACKERONE PAID $500K IN BUG BOUNTIES AT DEF CON

    Sep 05, 2018

    Celebrating the success of this year’s live hacking event, HackerOne (H1) recently announced that more than $500,000 was paid in bounties during the third annual h1-702 at DEF CON 26 in Las Vegas last month. More than 75 hackers from over 20 countries hacked five targets (including the United ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54075407

    ‘FILELESS’ MALWARE ATTACKS GROWING IN NUMBER AND SOPHISTICATION

    Sep 04, 2018

    Not all malware arrives on your computers as a virus or some other type of code secreted in a file, but instead manifests itself as a corruption of system services that make your operating system do the dirty work. You may not have heard of a fileless malware attack, but despite its obscurity, it&rs...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54025402

    MAGENTOCORE MOST PROLIFIC SKIMMER CAMPAIGN

    Sep 04, 2018

    Online retailers and consumers alike need to heed caution when making credit card purchases. Magento, a global e-commerce platform has been targeted by a single group planting skimmer on individual stores, according to security researcher William de Groot. In the past six months, 7,339 individual st...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=54035403

    HOW TO BRIDGE THE CYBERSECURITY SKILLS GAP EXPERT COLUMN

    Sep 03, 2018

    Cybersecurity has permeated all levels of business because everyone is being targeted by hackers and everyone is at risk. It’s causing businesses to spend more money, significantly affecting their bottom line. Hence, companies need to have a strong cybersecurity team starting at the C-level on...

    THE VIRGINIAN-PILOT
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53985398

    NUTANIX SEES ‘IMMENSE’ NETWORKING, SECURITY OPPORTUNITIES

    Aug 31, 2018

    Nutanix CEO Dheeraj Pandey says networking and security are “immense” opportunities for the hyperconverged infrastructure company as its customers move to hybrid cloud environments. “One thing we hear a lot from our large customers is that hybrid cloud’s biggest weakness is n...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53945394

    43% OF SECURITY PROS COULD EXECUTE INSIDER ATTACK

    Aug 31, 2018

    A recent survey of nearly 200 IT professionals about insider threats found that nearly half of the participants believed they could successfully attack their organizations from the inside. In a blog post earlier this week Imperva researchers reported on insider threats and revealed the findings of t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53955395

    FORMER LINKEDIN, YAHOO, CISCO EXECS TARGET CLOUD SECURITY AT AVID SECURE

    Aug 30, 2018

    Cloud security startup Avid Secure didn’t do the usual emergence from stealth mode with a splashy launch. “We didn’t go that route because we already had large paying customers,” said co-founder and CEO Nikhil Gupta, who previously held leadership roles at ForeScout, VMware, ...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53905390

    HEARING DATE SET IN GEORGIA ELECTION SECURITY CASE

    Aug 30, 2018

    A hearing has been filed in the ongoing Georgia election cybersecurity case, Curling v. Kemp, where Georgia citizens are fighting for more secure elections in a lawsuit against Secretary of State and gubernatorial candidate Brian Kemp. The hearing is scheduled for Monday, 17 September, at 11am. Oral...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53915391

    IOT DEVICES ARE BECOMING INCREASINGLY UBIQUITOUS – BUT MOST CONSUMERS DON’T KNOW WHAT IOT MEANS

    Aug 29, 2018

    70% of consumers polled by Metova already own at least one IoT device – yet less than one in five said they were well aware of what the term Internet of Things means. Metova, a US-based provider of mobile, connected car, connected home and IoT solutions, has revealed the results of a survey th...

    IOT TECH NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53865386

    RESEARCHERS DISCOVER COMPUTER SCREENS EMIT SOUNDS THAT REVEAL DATA

    Aug 29, 2018

    Using a computer version of synesthesia, researchers demonstrate a new vulnerability present in most flat-panel monitors that can reveal contents to a remote party. For some people with the neurological condition, synesthesia can be a lovely thing when the sounds they hear also produce colors. But c...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53875387

    HCI HEATS UP IN VEGAS WITH VMWARE, CISCO, VEEAM, AND PIVOT3

    Aug 29, 2018

    Hyperconverged infrastructure (HCI) continues to be a hot topic at this year’s VMworld with HCI news from VMware and other vendors including Cisco, Veeam, and Pivot3. During a Tuesday keynote, VMware executives said more than 15,000 customers use its HCI stack, which is the top-selling hyperco...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53995399

    FORTNITE INSTALLER VULNERABILITIES HIGHLIGHT MOBILE APP STORE RISKS

    Aug 27, 2018

    A new type of mobile attack known as man-in-the-disk could leave Android users at risk, especially if the apps they are using are not coming from Google Play. There are many good reasons why it's often best for organizations looking to deploy or consume Android applications to use the Google Pla...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53825382

    NIST CALLS FOR COMMENT OF ECOMMERCE SECURITY

    Aug 27, 2018

    In an effort to reduce online fraud, the National Cybersecurity Center of Excellence (NCCoE), a subdivision of the National Institute of Standards and Technology (NIST), announced it is now accepting feedback on its draft exploring the ways in which multi-factor authentication can help to mitigate f...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53835383

    VAIL CHRISTIAN HIGH SCHOOL TO PARTICIPATE IN PROJECT LEAD THE WAY CYBERSECURITY PROGRAM

    Aug 26, 2018

    Vail Christian High School has been designated as one of 32 schools across the nation to offer a new program in cybersecurity through Project Lead the Way. Project Lead the Way is piloting this Computer Science Pathway course for the first time this fall because cybersecurity is a threatening nation...

    VAIL DAILY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53785378

    FIREEYE STOCK POPS ON NEWS OF FACEBOOK, GOOGLE FINDINGS

    Aug 23, 2018

    Cybersecurity giant FireEye rose as much as 8 percent Thursday on news it has contracted with both Facebook and YouTube to help spot disinformation campaigns. The stock closed up nearly 6 percent at market close. According to The New York Times, FireEye executives tipped Facebook off to an Iranian d...

    CNBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53795379

    ONE OF GOOGLE'S NEWEST SISTER COMPANIES IS ALMOST READY TO GO AFTER THE $96 BILLION CYBERSECURITY INDUSTRY ON A 'PLANET SCALE'

    Aug 23, 2018

    Last January, Alphabet's X "moonshot" factory announced a surprising turn, a new cybersecurity company called Chronicle. The press statement was short on details, and since then, Chronicle has been silent about what it's working on. Chronicle is one of Alphabet's newest "O...

    CNBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53745374

    CYBER SCHOLARSHIP TO BUILD MULTICULTURAL WORKFORCE

    Aug 23, 2018

    Select candidates from diverse backgrounds pursuing a career in cybersecurity could receive academic scholarships that pay half of their tuition, according to an announcement from NYU Tandon School of Engineering and Bridgewater Associates. On 31 August the school will award an initial round of five...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53755375

    CONGRESS TO HOLD HEARINGS ON SOCIAL MEDIA, BIG TECH REGULATION ISSUES

    Aug 22, 2018

    The impact of social media and large technology companies on society has grown to the point that many in Congress feel that it is time to consider regulations to protect consumer privacy and defend against foreign disinformation. After the scandal created by the revelations that Cambridge Analytica ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53705370

    SAILPOINT IDENTITYIQ 7.3 UPDATE EXTENDS IDENTITY GOVERNANCE TO BOTS

    Aug 22, 2018

    As organizations increasingly rely on robotic process automation bots, there is a need to bring them under control with a common identity governance model. SailPoint announced the release of IdentityIQ 7.3 on Aug. 22, providing organizations with new capabilities to manage identity for bots and clou...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53715371

    SEMMLE GOES GLOBAL WITH SOFTWARE ENGINEERING ANALYTICS PLATFORM

    Aug 21, 2018

    Software engineering analytics platform provider Semmle announced its global launch on Aug. 21, alongside new funding to help the company grow its technology. Semmle announced it has raised $21 million in a Series B round of funding, led by Accel Partners with participation from Work-Bench. Total fu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53665366

    CROWDSTRIKE HELPS ADVANCE MALWARE SEARCHES ON HYBRID ANALYSIS PORTAL

    Aug 21, 2018

    The free community Hybrid Analysis portal is getting a technology infusion from CrowdStrike that will enable researchers to conduct more complex searches for malware analysis. CrowdStrike announced on Aug. 21 that it is bringing its Falcon MalQuery malware search engine technology to the Hybrid Anal...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53675367

    NECURS CAMPAIGN TARGETS BANKS

    Aug 20, 2018

    A recently observed spam campaign powered by the infamous Necurs botnet has been specifically targeting banks with the FlawedAmmyy RAT, security researchers warn. First observed in 2012, the Necurs botnet is best known for the massive Locky ransomware campaigns that it powered in 2016 and 2017. Cons...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53625362

    AQUA SECURITY LAUNCHES OPEN-SOURCE KUBE-HUNTER CONTAINER SECURITY TOOL

    Aug 20, 2018

    The new tool aims to help organizations conduct penetration tests against Kubernetes container orchestration system clusters to help identify and improve cyber-security issues. Aqua Security has made its new Kube-hunter open-source tool generally available, enabling organizations to conduct penetrat...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53635363

    NIST TO PROVIDE CYBER-SECURITY ADVICE TO SMBS UNDER NEW FEDERAL LAW

    Aug 17, 2018

    The U.S. Senate unanimously passed a new federal law that requires the National Institute of Standards and Technology to help small and medium businesses meet cyber-Security goals. President Donald Trump has signed the NIST Small Business Cybersecurity Act into law requiring the National Institute o...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53585358

    94 PERCENT OF ORGANIZATIONS SEE FIREWALLS AS CRITICAL INFRASTRUCTURE

    Aug 17, 2018

    FireMon's 2018 State of the Firewall report finds that organizations continue to rely on, and invest in, firewall technologies. Network firewalls are still an important part of enterprise security, according to the results of FireMon's State of the Firewall report. In fact, 94 percent of res...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53595359

    CLASSIC ROCK AND CLOUD-NATIVE ATTACKS COLLIDE AT BLACK HAT

    Aug 16, 2018

    Maybe it’s because of the ACDC-inspired CASB socks at the Bitglass booth. Or maybe people are just becoming smarter about cloud-security and realize the importance of cloud access security broker (CASB) technology. Whatever the reason, more people than usual who approached the cloud security v...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53545354

    IOT ATTACKS DOUBLED IN TWO MONTHS, CHECK POINT SAYS

    Aug 15, 2018

    Malware targeting IoT vulnerabilities hit almost half of global organizations last month, with networking and IoT attacks more than doubling since May, according to Check Point’s monthly report. Each month Check Point publishes three Top 10 lists: Most Wanted Malware; Most Wanted Mobile Malwar...

    SDNCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53555355

    RESEARCHERS REVEAL SECURITY VULNERABILITIES IN TRACKING APPS

    Aug 14, 2018

    At Defcon, security researchers revealed 37 new vulnerabilities in tracking apps that could have enabled attackers to steal information and track users. Millions of users around the world regularly install tracker apps on their Android devices to help them keep track of friends and loved ones. Some ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53505350

    WHY 2018 HAS BEEN A LANDMARK DATA PRIVACY YEAR

    Aug 14, 2018

    Research reveals how Americans feel about digital activity monitoring in the workplace and steps public and private sector organizations can take to gain the support of employees and to avoid violating their privacy. If you ask the folks at security software maker Dtex, May, June and July 2018 may g...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53515351

    VARIANT OF KEYPASS TROJAN TAKES MANUAL CONTROL

    Aug 13, 2018

    Multiple researchers have identified a dangerous new variant of KeyPass ransomware, featuring a manual-control functionality, and according to Kaspersky Lab, the modified version mainly targets developing countries. “For now, the most targeted regions are mainly developing countries – th...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53465346

    MORE THAN 10K RECORDED VULNERABILITIES IN 2018

    Aug 13, 2018

    The number of recorded vulnerability disclosures continues to rise, with 10,644 published throughout the first half of 2018 by Risk Based Security’s VulnDB team. That total is reportedly 3,279 more vulnerabilities than those listed on CVE/NVD, according to the 2018 Mid-Year VulnDB QuickView Re...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53475347

    LACK OF HARDENED BENCHMARKS LEADS TO POOR CYBER HYGIENE

    Aug 10, 2018

    The Center for Internet Security (CIS) refers to an organization's implementation of security controls as its “cyber hygiene,” but a new survey finds that nearly two-thirds of organizations are not practicing good cyber hygiene habits as they have no established benchmarks for implem...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53425342

    ELECTION OFFICIALS DISCUSS EFFORTS TO BOLSTER VOTING SYSTEM SECURITY

    Aug 10, 2018

    At Defon in Las Vegas, election officials talk about potential cyber-security and some of the steps they are taking to improve voting system security. A panel of election officials from across the country spoke at Defcon on Aug. 10 here to talk about their cyber-security concerns. The officials deta...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53435343

    SECURITY FLAWS IN MOBILE POINT-OF-SALE SYSTEMS SPELL MONEY TROUBLE

    Aug 09, 2018

    Cheaper payment systems may cost businesses less, but they could've wound up costing customers more. That's the word from a pair of security researchers, who discovered that mobile payment systems had vulnerabilities that could let hackers steal credit card info or change the value of what p...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53385338

    BHUSA THE VALUE OF SKILLS, EDUCATION AND EXPERIENCE IN INFORMATION SECURITY HIRING

    Aug 09, 2018

    In a panel entitled “Winning the Information Security Job Hunt” at the Black Hat conference in Las Vegas, moderator Kelly Sheridan from Dark Reading asked panelists Dawn-Marie Hutchinson, executive director and executive advisory at Optiv, and Drew Fearson, head of daily operations at Ni...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53395339

    JASK'S CHIRON BRINGS AI THREAT DETECTION TO HOME NETWORKS

    Aug 07, 2018

    Jask's Chiron Brings AI Threat Detection to Home Networks. There are a lot of different ways to detect potential intruders on an enterprise network, but what about smaller businesses or consumers? That's the challenge that Rob Soto, director of security research at Jask wants to help solve w...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53345334

    IMPROVED STANDARDS FOR SECURING MEDICAL DEVICES RELEASED

    Aug 07, 2018

    A critical subset of the ever-expanding internet of things (IoT), medical devices are increasingly vulnerable to attacks from botnets and malware, which is why the Cloud Security Alliance (CSA), in conjunction with the Open Web Application Security Project (OWASP), today announced the release of OWA...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53355335

    COINHIVE MALWARE INFECTS TENS OF THOUSANDS OF MIKROTIK ROUTERS

    Aug 06, 2018

    The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users. Poor patching practices by vendors and users are once again coming back to bite users around the world, as a researcher discovere...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53305330

    THIRD-PARTY WEB MANAGER EXPOSES TCM BANK DATA

    Aug 06, 2018

    ICBA Bancard Inc. subsidiary TCM Bank, a company that aids community banks in issuing credit cards to their customers, announced that the personal data of thousands of people who applied for credit cards with their local banks was exposed, according to Brian Krebs. The information that was leaked be...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53315331

    BLACK HAT 2018 SURVEY: CYBERSECURITY STAFFING, BUDGETS STILL LACKING

    Aug 02, 2018

    According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats. Attendees for next week's 2018 Black Hat USA conference said they are still facing significant challenges when it come...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53265326

    AMNESTY INTERNATIONAL STAFF TARGETED WITH SPYWARE

    Aug 02, 2018

    Amnesty International found hackers attempting to infect one of its researcher's phones with a tool from Israel-based NSO Group, long known as makers of spyware, the NGO reported. Amnesty International’s tech team launched an investigation after one of its staff members received a suspicio...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53275327

    IRONSCALES LAUNCHES THEMIS VIRTUAL ASSISTANT TO IMPROVE EMAIL SECURITY

    Aug 01, 2018

    Ironscales is looking to mimic the analytical capabilities of human security analysts to help organizations automatically identify and remediate phishing attacks. Email security firm Ironscales announced its Themis artificial intelligence powered security assistant technology on Aug. 1, providing or...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53225322

    SPAM CLICK RATES HIGH, 2FA USE LOW AT WORK

    Aug 01, 2018

    Organizations continue to be at risk from insider threats because they lack strong identity management solutions, whether it's end users clicking on spam, issues with multifactor authentication (MFA), or companies keeping their decisions about security and identity separate, according to three n...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53235323

    SAMSAM RANSOMWARE PAYMENTS REACH NEARLY $6 MILLION

    Jul 31, 2018

    New research reveals SamSam ransomware campaign has generated almost $6 million for attacker and appears to be the work of a single hacker who shows no sign of slowing down. The long-running SamSam ransomware campaign, active since early 2016, has apparently earned its perpetrators nearly $6 million...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53185318

    U.S. GOVERNMENT MAKING PROGRESS ON DMARC IMPLEMENTATION

    Jul 31, 2018

    The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away and only half of the domains have the correct policy in place. Only half of U.S. government agencies have taken steps toward DMARC implementation despite the October 2018 deadline. The Departme...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53195319

    NEW NETSPECTRE-CLASS ATTACK RAISES DEVICE-HARDENING CONCERN

    Jul 30, 2018

    A new type of NetSpectre attack requires no malware or malicious JavaScript, because it instead attacks victims through network connections, according to researchers at Graz University of Technology. Four scientists at the university have published findings on a new type of Spectre attack in a paper...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53145314

    IBM BRINGS AI CHATBOT TO MAAS360 UNIFIED ENDPOINT MANAGEMENT SECURITY

    Jul 30, 2018

    Voice and text chat capabilities are coming to IBM's MaaS360, providing organizations with easier ways to get information. IBM announced on July 30 that it is adding new artificial intelligence-powered chatbot capabilities to its MaaS360 Unified Endpoint Management (UEM) security platform. The n...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53155315

    IMPERVA ACQUIRES PREVOTY, ENHANCES APP SECURITY

    Jul 27, 2018

    In an effort to deliver more robust application and data security solutions that protect enterprises against attacks from cyber-criminals, California-based Imperva Inc. announced that it will acquire the Los Angeles-based application security company Prevoty. The deal, which is expected to close in ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53095309

    EXOBOT ANDROID MALWARE TARGETS BANKING APPS

    Jul 27, 2018

    Android users have been warned about another Exobot banking malware source code (v. 2.5) that was leaked online. It was first detected in May 2018 and has been dubbed "Trump Edition." The leak is expected to result in a surge of malicious Android apps given that the malware source code is ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53105310

    GOOGLE SEEKS ENTERPRISE NOD WITH GCP SERVICES IN IOT, SECURITY

    Jul 26, 2018

    Google continues to make strides to catch AWS and Microsoft Azure with upgrades around edge computing and security but won't unseat either competitor any time soon. A raft of upgrades this week beef up Google's public cloud, but will they be enough to move the platform dramatically closer to...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53055305

    PONEMON: MEGA BREACHES, DATA BREACH COSTS ON THE RISE

    Jul 26, 2018

    The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss. The Ponemon Institute's latest study on data breach costs highlights the rise of what it calls "mega breac...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53065306

    ERP APPLICATIONS COMING UNDER INCREASING ATTACK

    Jul 25, 2018

    Enterprise Resource Planning (ERP) applications are critical to the operations of many organizations and are increasingly coming under attack, according to a new report. The 30-page ERP Applications Under Fire report was released on July 25 as a joint effort from Onapsis and Digital Shadows. Among t...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53015301

    FIVE AWS IAM BEST PRACTICES TO BOLSTER CLOUD SECURITY

    Jul 25, 2018

    To mitigate risks and protect cloud resources, many organizations rely on AWS IAM policies. Use these five tips to learn the basic features -- and limitations -- of the service. Identity and access management plays an essential role in any cloud security strategy. Those who need access to cloud reso...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=53025302

    WHY SHADOW IT MUST BE CONSIDERED IN SECURING AN ENTERPRISE

    Jul 24, 2018

    IT management software maker Kaseya claims that recent trends in internal security actually can be an opportunity for strategic-thinking IT organizations. 2017 was infamous for cybersecurity breaches worldwide. These incidents were at such a global scale, they completely changed the game for organiz...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52975297

    PHYSICAL SECURITY KEYS ELIMINATE PHISHING AT GOOGLE

    Jul 24, 2018

    Successful phishing attempts have been eliminated among Google employees following a requirement to use physical security keys in order to gain access to all Google accounts. Google claims it has completely eliminated successful phishing attacks against its employees through the use of physical secu...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52985298

    NIST UPDATING RECOMMENDATIONS FOR MOBILE APP SECURITY

    Jul 23, 2018

    Security experts provide insight on the National Institute of Standards and Technology (NIST) revised guidance for how organizations can better secure mobile applications. The National Institute of Standards and Technology (NIST) is now working on updating its recommendations for how organizations a...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52925292

    US ADULTS DON'T KNOW CYBERSECURITY CAREER OPTIONS

    Jul 23, 2018

    When it comes to cybersecurity careers, adults in the US reportedly don’t know the various job opportunities available in the field, despite the growing demand for professionals to fill the enormous skills gap. According to a new survey from the University of Phoenix, US adults are not familia...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52935293

    HAS GDPR IMPACTED INSIDER THREATS?

    Jul 20, 2018

    According to new research from Clearswift, the introduction of GDPR has led to a slight drop in insider threats in both the UK and Germany. Survey respondents said that insider threats make up 65% of reported incidents in 2018, compared to 73% last year. German companies reported similar declines, w...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52885288

    WHY INFOSEC PRACTITIONERS ARE TURNING INTO DATA SCIENTISTS

    Jul 20, 2018

    Security practitioners cannot wait for the information they need to protect the enterprise, and thus the speed of delivery becomes a driving factor in the success or failure of the data-driven security enterprise. Because IT managers responsible for protecting the enterprise crown jewels—namel...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52895289

    BARRACUDA'S CLOUDGEN WAF LANDS ON GOOGLE COMPUTE PLATFORM

    Jul 19, 2018

    Barracuda now supports all three major public cloud providers with its CloudGen Web Application Firewall technology and enables multicloud management capabilities. Barracuda Networks announced on July 19 that it is extending its CloudGen WAF (Web Application Firewall) to the Google Cloud Platform, h...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52845284

    VENDOR ADMITS ELECTION SYSTEMS INCLUDED REMOTE SOFTWARE

    Jul 19, 2018

    A vendor admitted to compromising its election system security by installing remote access software on systems over the span of six years but claims to have stopped the practice. Election system security was compromised by the installation of remote access software on systems over the span of six ye...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52855285

    FEDERAL AGENCIES STRUGGLE WITH DMARC COMPLIANCE

    Jul 18, 2018

    According to new research from Proofpoint, the majority of federal agencies are behind schedule when it comes with complying to the Department of Homeland Security’s (DHS's) Binding Operational Directive (BOD) 18-01. With less than 90 days remaining for agencies to secure their email syste...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52805280

    WEB FORUMS, SOCIAL MEDIA TARGETS FOR CREDENTIALS

    Jul 18, 2018

    Web forums were the greatest targets for credential spills during 2017, which saw more than 2.3 billion credentials from 51 different organizations reportedly stolen, according to a new report from Shape Security. Of those 51 different organizations, companies providing online services contributed t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52815281

    GOVERNMENT, FINANCE WILL SEE INCREASED ATTACKS

    Jul 17, 2018

    The number of cyber incidents saw a 32% jump in the first quarter of 2018 compared to the same period in 2017, according to a new report from Positive Technologies. According to the report, hackers are motivated by data theft, and malware attacks have spiked 75% since Q1 2017. “Attackers are p...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52765276

    TELEFONICA CALLS AUTHORITIES AFTER MASSIVE BREACH

    Jul 17, 2018

    The Netherlands-based Telecompaper reported that Telefonica, a top-10 telecom vendor based in Spain that delivers telecom services across more than 20 countries, was hit by a major security breach. Personal customer data of millions of its clients was possibly exposed in the breach. The company repo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52775277

    HOW BLOCKCHAIN CAN SECURE SUPPLY CHAINS, IOT DEVICES, AND MORE

    Jul 16, 2018

    Blockchain is hands down the technology buzzword of 2018. But the distributed digital ledger can lead to better supply chains, more secure IoT networks, and more reliable DNS. On July 9, crypto-currency exchange Bancor announced that hackers had compromised one of the company's digital wallets, ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52725272

    OPTIV SECURITY LAUNCHES PRIVILEGED ACCESS MANAGED SERVICE

    Jul 16, 2018

    Optiv Security is now providing a service that manages an organization's new or existing CyberArk privileged access account deployments. Optiv Security announced its Privileged Access Managed Service on July 16, which benefits from a technology integration with privileged access security vendor ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52735273

    SPAMBOT TARGETS WORDPRESS WITH SPRAY AND PRAY

    Jul 13, 2018

    Researchers at Imperva published their discovery of a new comment spam campaign that is leveraging the popularity of the World Cup to trick people into clicking on links that take them to shady betting sites. The campaign, which mainly targets WordPress sites, is launched by a botnet and implemented...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52685268

    NEW SPECTRE VARIANTS EARN $100,000 BOUNTY FROM INTEL

    Jul 13, 2018

    Researchers discovered two new Spectre variants that can be used to bypass protections and attack systems and earned $100,000 in bug bounties from Intel. Researchers found new speculative execution attacks against Intel and ARM chips, and the findings earned them a $100,000 reward under Intel's ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52695269

    CISOS HAVE LIMITED CORPORATE INFLUENCE, ACCENTURE REPORTS

    Jul 12, 2018

    An Accenture study reveals that chief information security officers are lacking authority and visibility to effect change within their organizations. Chief information security officers are responsible for developing and establishing cyber-security strategies and policies with their organizations. Y...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52645264

    CRITICAL BUG BOUNTY REPORTS ON THE RISE, HACKERONE FINDS

    Jul 12, 2018

    The 2018 Hacker-Powered Security report reveals that there has been an increasing volume of critical security vulnerabilities reported by researchers in the past year. HackerOne released its 2018 Hacker-Powered Security Report on July 11, providing insights into the current state of the bug bounty m...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52655265

    IBM PEGS MEGA BREACH COST AT $350M, AS AVERAGE BREACH COST HITS $3.9M

    Jul 11, 2018

    The 2018 Cost of a Data Breach Study found that costs have risen in the past year as attacks become increasingly complex. The cost of data breaches has increased over the past year, according to the 2018 Cost of a Data Breach Study conducted by the Ponemon Institute and sponsored by IBM, which was r...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52605260

    TRAVEL INFORMATION LEAKED AT THOMAS COOK AIRLINES

    Jul 11, 2018

    A bug finder recently discovered that Thomas Cook Airlines had a security vulnerability for years, making it possible for hackers to systematically download hundreds of thousands of passenger flight details and personal data going back as far as 2013. The issue, rated a medium to high severity level...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52615261

    AT&T ACQUIRES ALIENVAULT, MIMECAST GRABS ATAATA

    Jul 10, 2018

    In an effort to expand its security solutions to small and medium-sized businesses (SMBs), global communications, media and entertainment and technology company AT&T has announced that it will acquire California-based security solutions company AlienVault. Combining AlienVault's threat intel...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52565256

    RANSOMWARE ATTACKS SPIKED IN FIRST HALF OF 2018, SONICWALL REPORTS

    Jul 10, 2018

    SonicWall's mid-year 2018 cyber-threat report reveals that there has been a 229 percent increase in ransomware attacks so far this year. The first half of 2018 has seen a resurgence in ransomware attacks, according to SonicWall's mid-year 2018 cyber-threat report released on July 10. For the...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52575257

    ZDI REPORTS RISE IN SECURITY VULNERABILITY DISCLOSURES

    Jul 09, 2018

    Trend Micro's Zero Day Initiative has already published 600 security advisories in 2018, paying out $1 million in awards to researchers. So far, 2018 has been a very busy year for Trend Micro's Zero Day Initiative, which is in the business of acquiring software vulnerabilities from security ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52525252

    TIMEHOP REPORTS DATA BREACH IMPACTING 21 MILLION USERS

    Jul 09, 2018

    An administrative account at Timehop was breached back in December 2017, but attackers didn't decide to start removing data until July 4. Social media service Timehop publicly disclosed on July 8 that it was the victim of a data breach that impacts 21 million users. The breach was discovered by ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52535253

    RESEARCHERS DISCOVER ANDROID APPS SPYING ON USERS' SCREENS

    Jul 06, 2018

    Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. The good news, according to academic researchers, is that your phone most likely isn't secretly listening to your conversations. The ba...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52485248

    WORDPRESS 4.9.7 UPDATE FIXES PAIR OF SECURITY VULNERABILITIE

    Jul 06, 2018

    Millions of WordPress sites around the world were at risk from a pair of related file deletion vulnerabilities that potentially could have enabled an attacker to delete arbitrary files. A new version of open-source content management system WordPress, 4.9.7, was released on July 5 that patches a pai...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52495249

    GENTOO PUBLISHES INCIDENT REPORT AFTER GITHUB HACK

    Jul 05, 2018

    Maintainers of the Gentoo Linux distribution published an incident report on Wednesday after someone hijacked one of the organization’s GitHub accounts and planted malicious code. The attack started on June 28 and the hacker (or hackers) not only changed content in compromised repositories, bu...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52415241

    TREND MICRO CSO WARNS OF THE RISKS OF DIGITAL EXTORTION

    Jul 05, 2018

    After a 20-year career in the U.S Secret Service, Ed Cabrera joined Trend Micro in 2015, where he is now the chief cybersecurity officer, working with organizations to improve cybersecurity. Among the multiple challenges enterprises around the world face are ransomware and business email compromise ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52445244

    HACKERS CELEBRATE FOURTH OF JULY WITH GEODO BOTNET SPAM

    Jul 05, 2018

    Cofense warns that the Geodo botnet was busy ahead of the July 4 holiday, sending out Independence Day-themed messages in an attempt to trick users into clicking on a malicious link. While many Americans were busy getting ready to celebrate the July 4 holiday, spammers were busy trying to trick unsu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52455245

    HOW TO MANAGE SECURITY THREATS TO MOBILE DEVICES

    Jul 03, 2018

    As mobile device security threats increase, IT administrators should know what they are up against and develop strategies to secure mobile devices from cyberattacks. From beginning mobile app development to protecting end users, IT pros need to understand, address and educate on security threats to ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52405240

    FIVE WAYS DIGITAL ASSISTANTS POSE SECURITY THREATS IN HOME, OFFICE

    Jul 02, 2018

    Voice-activated digital assistants in the home—Echo, Cortana, Alexa and Siri—open up a host of new types of vulnerabilities, from issuing commands that aren’t audible to humans to exploiting the accessibility settings activated by digital assistants. Voice-activated digital assista...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52325232

    RESEARCHERS CREATE ATTACKS THAT COMPROMISE LTE DATA COMMUNICATION

    Jul 02, 2018

    Newly devised attacks on the Long-Term Evolution (LTE) high-speed wireless standard break the confidentiality and privacy of communication, a team of researchers claim. In a newly published paper (PDF), researchers from Ruhr-University Bochum and New York University Abu Dhabi present a set of attack...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52335233

    VULNERABILITIES PATCHED IN VMWARE ESXI, WORKSTATION, FUSION

    Jul 02, 2018

    VMware informed customers last week that it patched several vulnerabilities that can lead to a denial-of-service (DoS) condition or information disclosure in its ESXi, Workstation, and Fusion products. VMware described the flaws as out-of-bounds read issues in the shader translator component. An att...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52365236

    RISK & REPEAT: U.S. GOVERNMENT EYES OFFENSIVE CYBERATTACKS

    Jun 29, 2018

    The prospect of the U.S. government using offensive cyberattacks against foreign adversaries appears to be gaining steam. According to the New York Times, the Pentagon approved a policythat empowers the U.S. Cyber Command to initiate constant offensive cyberattacks designed to disrupt foreign networ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52285228

    MCAFEE DETAILS RISE IN BLOCKCHAIN THREATS, CRYPTOCURRENCY ATTACKS

    Jun 29, 2018

    McAfee's new 'Blockchain Threat Report' charts a dramatic rise in cryptomining malware and details four major attack vectors for cryptocurrency-related threats A new McAfee report on blockchain threats shows cryptomining malware grew more than 600% in the first quarter this year. McAfee&...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52295229

    EFF'S STARTTLS EVERYWHERE AIMS TO PROTECT EMAIL IN TRANSIT

    Jun 28, 2018

    The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. The Electronic Frontier Foundation this week unveiled STARTTLS Everywhere, a new initiative that aims to secure email in tra...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52245224

    NEW TYPES OF AUTHENTICATION TAKE ROOT ACROSS THE ENTERPRISE

    Jun 28, 2018

    "If users are being asked to create and remember incredibly complex passwords, IT isn't doing its job," said Don D'Souza, a cybersecurity manager at Fannie Mae, based in Washington, D.C.

    IT professionals today are turning to two-factor authentication, relying on biom...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52255225

    HOW TO WPA3 CAN BOOST YOUR ORGANIZATION'S WIRELESS SECURITY

    Jun 28, 2018

    The Wi-Fi Alliance began certifying products for WPA3 this week, which will lead to wireless communications that are easier to set up and are more secure. he Wi-Fi Alliance has begun certifying wireless devices that meet the new WPA3 standard in a move that will make wireless communications more sec...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52375237

    FEMALE STUDENTS AWARDED CYBERSECURITY SCHOLARSHIPS

    Jun 27, 2018

    Three women chosen from a large pool of highly qualified candidates are the new recipients of Morphisec's Women in Cybersecurity Scholarship. An independent judge, Limor Elhayani, made the final determinations. Elhayani is vice president of threat engineering at Citi and has herself been the onl...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52205220

    TLBLEED ATTACK CAN EXTRACT SIGNING KEYS, BUT EXPLOIT IS DIFFICULT

    Jun 27, 2018

    A new side-channel attack on Intel chips, named TLBleed, can extract signing keys. But the researcher who discovered it said users shouldn't worry, because it's not the next Spectre. An interesting, new side-channel attack abuses the Hyper-Threading feature of Intel chips and can extract sig...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52215221

    PING ADDS AI-DRIVEN API PROTECTION WITH ELASTIC BEAM ACQUISITION

    Jun 26, 2018

    Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. BOSTON -- Ping Identity is moving beyond single sign-on and further into API security with its latest acquisition. At t...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52165216

    NEW WPA3 SECURITY PROTOCOL SIMPLIFIES LOGINS, SECURES IOT

    Jun 26, 2018

    Latest WPA3 security protocol update adds new features to the Wi-Fi access specification for simple and secure wireless access for individuals, as well as enterprises. Securing Wi-Fi access has long been an Achilles' heel for users of wireless networks -- especially for users of public networks,...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52175217

    AIR-GAPPED SYSTEMS TARGETED WITH WEAPONIZED USBS

    Jun 25, 2018

    A cyber-espionage group has been weaponizing presumably secure USB drives to target air-gapped critical systems. The Tick group, discovered by researchers at Palo Alto Networks Unit 42, reportedly targets organizations from Japan and South Korea with custom malware, including Minzen, Datper, Nioupal...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52125212

    NEW ENCRYPTED DOWNLOADER DELIVERS METASPLOIT BACKDOOR

    Jun 22, 2018

    A series of cyber-attacks targeting the Middle Eastern region use an encrypted downloader to deliver a Metasploit backdoor, AlienVault reports. The attacks start with a malicious document containing parts of an article about the next Shanghai Cooperation Organization Summit, originally published at ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52135213

    SECURITY PROS EXPECT RISE IN NATION-STATE ATTACKS

    Jun 22, 2018

    Nation-state attacks are a mounting concern for security professionals, who reportedly expect to see a rise in cyber-attacks amid the backdrop of increasing geopolitical tensions. According to a Tripwire survey conducted at Infosecurity Europe 2018, the vast majority of respondents anticipate more n...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52085208

    CHINA-BASED THRIP HACKING GROUP TARGETS U.S. TELECOMS

    Jun 22, 2018

    China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more. A Chinese cyberespionage group has been using "living off the land" techniques to hack satellite, telecom and defense co...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52095209

    RISK & REPEAT: NEW ELECTION SECURITY BILL INTRODUCED

    Jun 21, 2018

    A new election security bill introduced by Democratic lawmakers would require paper trails and regular audits for all electronic voting machines, but the bill's prospects could be dim. The Protecting American Votes and Elections Act of 2018, which was introduced last week, is the latest legislat...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52045204

    TREND MICRO LAUNCHES MANAGED DETECTION AND RESPONSE SERVICE

    Jun 21, 2018

    Trend Micro's new managed service looks to provide organizations with threat hunting and response capabilities. Trend Micro announced on June 19 a Managed Detection and Response (MDR) service to assist security operations teams. MDR provides managed cyber-security services that benefit from arti...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52055205

    CYBER GROUP TARGETS SATELLITES, TELECOM

    Jun 20, 2018

    A cyber-espionage group infiltrated satellite, telecom and defense companies in the US and Southeast Asia, and evidence suggests that the campaign's objective was espionage. Identified by Symantec and announced on 19 June, the campaign originated from machines based in mainland China, according ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52005200

    SILVER PEAK SD-WAN ADDS SERVICE CHAINING, PARTNERS FOR CLOUD SECURITY

    Jun 20, 2018

    Silver Peak SD-WAN now allows service chaining for Forcepoint, McAfee and Symantec security VNFs. Also, ONF targets four technologies to develop -- and four supply chain partners to help. Silver Peak boosted its software-defined WAN security for cloud-based workloads with the introduction of three s...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52015201

    TESLA'S TOUGH LESSON ON MALICIOUS INSIDER THREATS

    Jun 19, 2018

    The potential damages a company can suffer from malicious insiders became a harsh reality for Tesla CEO Elon Musk, who expressed his disappointment at learning he had a saboteur within the Tesla ranks. The individual who allegedly engaged in damaging sabotage against Tesla was reportedly an employee...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51965196

    CYLANCE ANNOUNCES $120 MILLION IN FUNDING

    Jun 19, 2018

    Endpoint security firm Cylance announced Tuesday afternoon that it has closed a $120 million funding round led by funds managed by Blackstone Tactical Opportunities and including other investors. The announcement was made hours after endpoint security rival CrowdStrike announced that it had raised m...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51975197

    PYROMINEIOT CRYPTOJACKER USES NSA EXPLOIT TO SPREAD

    Jun 18, 2018

    The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a cryptojacker infecting IoT devices. But experts said the NSA shouldn't be held responsible for the damages. A new malware variant reads like the greatest hits of cyberthreats: a cryptojacker using an NSA exploit ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51925192

    MORE NEFARIOUS STRAIN OF ZACINLO MALWARE INFECTING WINDOWS 10 MACHINES

    Jun 18, 2018

    A new type of malware that is starting to spread to Windows 10 computers bypasses the operating system’s built-in security and implants itself so firmly that it’s extremely difficult to remove. A description of the latest version of the Zacinlo malware sounds like a nightmare scenario fo...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51935193

    MEXICAN CAMPAIGN WEBSITE ATTACKED WITH DDOS

    Jun 15, 2018

    A Mexican campaign site was hit with a distributed-denial-of-service (DDoS) attack during the final presidential debate, which comes mere weeks before the 1 July election, fomenting concerns of election security. The affected site, run by the National Action Party (PAN), targets front-runner Andr&ea...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51885188

    CONSUMERS CHOOSE EASY LOGIN OVER PASSWORDS

    Jun 15, 2018

    A majority of consumers who participated in a recent study said that if they had their druthers, they would prefer account logins that do not require passwords. According to a study conducted in April 2018 by research firm Blink and authentication technology company Trusona, over 70% of consumers wo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51895189

    CRYPTO-MINING MALWARE TOPS CHARTS, TARGETS APPS

    Jun 13, 2018

    For organizations that were hoping to see a decline in malware threats, there is no sign that crypto-mining malware will be going away anytime soon. In fact, crypto-mining malware continues to dominate among hackers while also sneaking its way into more mobile apps. According to Check Point’s ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51845184

    ADOBE ZERO-DAY FIX PRECEDES JUNE PATCH TUESDAY

    Jun 12, 2018

    Adobe closed a zero-day vulnerability last week, which Microsoft added to its June Patch Tuesday updates. Administrators have a lighter workload with about 50 exploits to address. Adobe closed a zero-day vulnerability last week, which Microsoft added to its June Patch Tuesday updates. Administrators...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51795179

    NON-JAVASCRIPT CRYPTOJACKING REAPS MORE THAN $144M, RESEARCHER FINDS

    Jun 12, 2018

    Cryptojacking attacks are finding success and have now gained the attention of the U.S Federal Trade Commission (FTC). Unauthorized crypto-currency mining, commonly referred to as cryptojacking, is a problem that doesn't seem to be slowing down and continues to be challenge for enterprises and i...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51805180

    MOBILE APP SECURITY RISKY ACROSS SECTORS

    Jun 12, 2018

    While mobile app security is an issue across all sectors, 50% of apps that come from media and entertainment businesses are putting users at risk. New research from BitSight found that a significant percentage of mobile apps across multiple industries have high-severity vulnerabilities. “Mobil...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51835183

    UNTANGLE UPDATES NG FIREWALL TO IMPROVE SD-WAN SECURITY

    Jun 11, 2018

    A new release of Untangle's firewall platform benefits from a shift to a newer version of the Debian Linux operating system as the base. Untangle will announce version 14.0 of its NG Firewall platform on June 12, providing new features that enhance the security capabilities of the Linux-based pl...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51755175

    POSTING PASSWORDS ON TRELLO LEADS TO LATEST DATA EXPOSURE MESS

    Jun 08, 2018

    Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards. Data exposures in web applications and cloud services are becoming more in fashion these days, and Trello is the latest service being use...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51765176

    TCL UNVEILS NEW BLACKBERRY KEY2 SECURITY-ENHANCED SMARTPHONE

    Jun 08, 2018

    The latest security enhanced BlackBerry phone, produced under license by TCL Communication, starts at $649 and will begin shipping later in June. BlackBerry may not be building its own smartphones anymore, but China's TCL Communication is hoping that won't prevent enterprise buyers from look...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51715171

    APPLE PLANS TO DISABLE FACEBOOK WEB TRACKING CAPABILITIES

    Jun 08, 2018

    Apple wants to protect its users from Facebook web tracking with the next version of Safari. Plus, genealogy website MyHeritage suffers data breach, and more. Apple plans to disable some Facebook web tracking capabilities in the next version of iOS and Mac operating systems. At the Apple Worldwide D...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51725172

    RISK & REPEAT: MORE TROUBLE FOR FEDERAL CYBERSECURITY

    Jun 07, 2018

    The latest government report on the state of federal cybersecurity brought more bad news for Washington, D.C. The Federal Cybersecurity Risk Determination Report and Action Plan, which was commissioned by the Office of Management and Budget and the Department of Homeland Security, found the vast maj...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51665166

    HACKER TAKEDOWN OF PAGEUP IS BAD NEWS FOR CLIENTS

    Jun 07, 2018

    Thousands of Australians are again being notified that their personal information was potentially compromised after a vendor that powers jobs and recruitment sites for companies around the world experienced a breach. The Australian Cyber Security Centre (ACSC) is investigating the breach of Australi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51675167

    BOARDS PUSH SECURITY, RUSH TO GDPR COMPLIANCE

    Jun 06, 2018

    IT leaders are prioritizing improvements in cybersecurity at a growing rate in an effort to fight cybercrime threats and become GDPR compliant, reports the Harvey Nash/KPMG CIO Survey 2018.  More than one-third of organizations surveyed in April reported that they did not expect to be compliant...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51625162

    OPERATION PROWLI MALWARE INFECTED 40,000 MACHINES

    Jun 06, 2018

    Researchers have discovered a traffic manipulation and cryptocurrency mining campaign infecting organizations across industries from finance to education and government. The Operation Prowli campaign has been spreading malware and malicious code to servers and websites around the world, and more tha...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51635163

    TENABLE EXTENDS CLOUD APPLICATION SECURITY SCANNING CAPABILITIES

    Jun 05, 2018

    Tenable is updating its cloud-delivered services capabilities, adding new connectors to support GCP and Azure, while also advancing web application discovery features. Tenable announced on June 5 that it is enhancing its Tenable.io cloud-based cyber-exposure platform with new capabilities to help en...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51585158

    IBM ENHANCES MAAS360 UNIFIED ENDPOINT MANAGEMENT PLATFORM

    Jun 05, 2018

    IBM adds a new policy recommendation engine to its MaaS360 unified endpoint management platform to help improve security configurations and compliance. IBM announced on June 4 that it is adding a pair of new capabilities to its MaaS360 with Watson unified endpoint management (UEM) platform. The new ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51605160

    US GOVERNMENT OFFERS DIRECTION IN FIGHT AGAINST DISTRIBUTED ATTACKS

    Jun 04, 2018

    Today’s topics include a U.S. government report warning about a lack of security tool use, and Google claiming its Pixel 2 encryption prevents even privileged attacks. In a 51-page report to the president publicly released May 30, the U.S. Department of Commerce and the Department of Homeland ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51535153

    US GOVERNMENT OFFERS DIRECTION IN FIGHT AGAINST DISTRIBUTED ATTACKS

    Jun 04, 2018

    Today’s topics include a U.S. government report warning about a lack of security tool use, and Google claiming its Pixel 2 encryption prevents even privileged attacks. In a 51-page report to the president publicly released May 30, the U.S. Department of Commerce and the Department of Homeland ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51545154

    YOKOGAWA STARDOM VULNERABILITY LEAVES HARDCODED CREDS IN ICS CONTROLLERS

    Jun 01, 2018

    A Yokogawa Stardom vulnerability leaves industrial control systems in critical infrastructure around the world at risk because of hardcoded credentials in the software. Industrial control systems around the world might be at risk as hardcoded credentials are found in flawed software. The Yokogawa St...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51495149

    ALL WOMEN ON DECK AT RESET CYBER CONFERENCE

    Jun 01, 2018

    With more than 15 female experts in cybersecurity scheduled to speak on the evolving cyber threat landscape, RESET, hosted by BAE Systems, claims to be challenging the status quo with its all-female speaker lineup. Scheduled for 14 June at the Kennedy Lecture Theatre, University College London (UCL)...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51505150

    US GOVERNMENT BOTNET REPORT WARNS ABOUT LACK OF SECURITY TOOL USE

    May 31, 2018

    A report to the president from the departments of Commerce and Homeland Security reveals gaps in the fight against distributed attacks and calls on the industry to do more. Botnets and automated distributed threats have been a growing problem in recent years. In a report to the president that was pu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51485148

    ENTERPRISE CYBERSECURITY STRATEGY: WHAT A CIO NEEDS TO KNOW

    May 31, 2018

    Digital transformation is leaving businesses exposed to more cyberattacks. At the MIT Sloan CIO Symposium, panelists explain how much cybersecurity expertise is expected of CIOs. With the global cost of cybercrime expected to reach $6 trillion by 2021, cybersecurity can't be an afterthought for ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51425142

    OPENSTACK OPERATORS DETAIL HOW THEY PATCHED FOR MELTDOWN, SPECTRE

    May 30, 2018

    When the Meltdown and Spectre CPU security vulnerabilities were publicly disclosed on Jan. 3, they set off a flurry of activity among IT users and cloud operators around the world. In a panel moderated by eWEEK at the OpenStack Summit in Vancouver, B.C., on May 24, operators detailed how they dealt ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51405140

    CATO'S NETWORK SECURITY FEATURE ON THE HUNT FOR THREATS

    May 30, 2018

    Cato Networks added a network security feature that detects and identifies threats within customer networks. The capability is built into Cato's SD-WAN platform, Cato Cloud. Cato Networks last week upped its SD-WAN-as-a-service offering Cato Cloud with the Cato Threat Hunting System, a network s...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51575157

    THREAT HUNTING TECHNOLOGY IS ON THE RISE, SO ARE THREATS

    May 29, 2018

    Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. More companies are adopting threat hunting functions, according to a recent survey from Crowd Research Partners, but detection of a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51435143

    THREAT HUNTING TECHNOLOGY IS ON THE RISE, SO ARE THREATS

    May 29, 2018

    Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. More companies are adopting threat hunting functions, according to a recent survey from Crowd Research Partners, but detection of a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51445144

    MORE DATA LEAKED FROM AWS BUCKET MISCONFIGURATIONS

    May 29, 2018

    Another Amazon S3 bucket misconfiguration breach, this time with AgentRun, has resulted in an insurance start-up exposing data for clients, including Cigna, Transamerica, SafeCo Insurance, Schneider Insurance, Manhattan Life, and Everest. Sensitive personal and medical information of thousands of in...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51385138

    CREATORS OF TRISIS MALWARE HAVE EXPANDED THEIR ICS ATTACKS

    May 25, 2018

    The group behind the Trisis malware attack on an oil and gas company in Saudi Arabia last year has also now hacked industrial firms in other countries, according to new research. Cybersecurity company Dragos Inc. published a report this week that identifies a new threat group called Xenotime as the ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51455145

    OKTA ADVANCES BUSINESS APPLICATION AUTHENTICATION WITH NEW SERVICES

    May 24, 2018

    With new and improved contextual awareness capabilities, paired with analytics, Okta is aiming to help enable the password-less future for authentication. Enterprise identity management vendor Okta announced a series of new products and updates on May 23 that aim to advance the state of access secur...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51355135

    HOW YOUR WEB BROWSER TELLS YOU WHEN IT'S SAFE

    May 23, 2018

    As Google moves to change how its Chrome browser flags insecure websites, rival browsers may be forced to follow suit. Here's how other browsers currently handle website security and what changes they have coming. Google last week spelled out the schedule it will use to reverse years of advice f...

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51305130

    U.S. DISRUPTS RUSSIAN BOTNET OF 500,000 HACKED ROUTERS

    May 23, 2018

    The US Justice Department said Wednesday that it had seized an internet domain that directed a dangerous botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence. The move was aimed at breaking up an operation deeply embedded in s...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51315131

    GPON HOME ROUTERS ARE OVER THEMOON BOTNET

    May 23, 2018

    Dasan's gigabit-capable passive optical network (GPON) home routers are again the target of zero-day exploits using a new botnet called TheMoon, according to researchers at Qihoo 360 Netlab. While activity of TheMoon botnet emerged in 2014, it's only been seen adding internet of things (IoT)...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51345134

    LEGIT TOOLS EXPLOITED IN BANK HEISTS

    May 22, 2018

    Cyber criminals attacking the finance and other industry sector are continuing to exploit legitimate administration tools to hide their activities, highlighting the need for threat hunting, a report reveals. Common IT administration tools are being hijacked to act as invisibility cloaks for cyber cr...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51265126

    3.2 MILLION FILES REVEALED ON AWS S3 BUCKET

    May 22, 2018

    A Los Angeles County nonprofit that provides health and human services accidentally exposed about 3.2 million files on an unsecured AWS S3 bucket, according to the UpGuard cyber risk team. 211 LA County, a nonprofit organization serving LA County, was reportedly left publicly exposed online. The con...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51275127

    PARENT AND TEEN DATA LEAKED FROM MONITORING APP

    May 21, 2018

    A security researcher discovered two leaky servers of a California-based company, TeenSafe, which left the email addresses and passwords of parents and teens unprotected. According to ZDNet at least one of the servers used by the TeenSafe app leaked data from tens of thousands of accounts. TeenSafe ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51225122

    BANK ROBBING? THERE'S A VULNERABLE WEB APP FOR THAT

    May 21, 2018

    Gone are the days when criminals masked their identities and busted into a bank declaring, "This is a stick up!" According to Bank Attacks 2018, published today by Positive Technologies, cybercriminals are reaping big financial gains with relatively low risk by going online to rob banks. A...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51235123

    IS ARISTA MAKING RIGHT MOVE WITH CAMPUS SWITCHES?

    May 17, 2018

    Bloggers discuss Arista's new strategy to market campus switches, examine container security risks and ask the question of whether networking is a commodity. Arista Networks said it's jumping into the campus market with a new line of campus switches and cloud-based analytics software. Greg F...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51145114

    REPORT HIGHLIGHTS SECURITY RISK OF OPEN SOURCE CODE TO BUSINESS

    May 17, 2018

    Increased adoption of open source code is introducing vulnerabilities into commercial software, with many audited codebases containing the Apache Struts flaw that enabled the Equifax breach, a report shows. Most software includes known vulnerabilities and licence conflicts as open source adoption so...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51185118

    CATCH ICS ATTACKERS BY SHIFTING TO KILL CHAIN

    May 17, 2018

    Tracking the activity of nefarious groups affords defenders a deeper level of understanding that can be useful in not only understanding different types of threats but also in building defenses to withstand a cyber-attack. Today, Dragos released its updated profile on CHRYSENE ICS, one of the seven ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51195119

    DHS UNVEILS NATIONAL CYBERSECURITY RISK STRATEGY

    May 16, 2018

    The Department of Homeland Security (DHS) unveiled on Tuesday, 14 May, a new national strategy to be implemented to address evolving cybersecurity risks. The DHS strategy outlines strategic and operational goals and priorities to successfully execute the full range of the DHS secretary’s cyber...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51095109

    BARRACUDA LAUNCHES WEB APPLICATION FIREWALL AS A SERVICE

    May 16, 2018

    Barracuda is making its Web Application Firewall platform available in a cloud-delivered model that benefits from a new management interface and improved configuration. Barracuda Networks announced its cloud-delivered Web Application Firewall (WAF) service on May 16, providing organizations with a n...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51105110

    SIEMENS ISSUES ALERT, DOS VULNERABILITY

    May 16, 2018

    Siemens, an industrial security provider, has issued a security advisory for a newly discovered vulnerability (CVE-2018-4850) that could lead to a denial-of-service (DoS). The affected SIMATIC S7-400 CPUs improperly validate S7 communication packets, which could cause a DoS condition on a CPU. "...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51135113

    ENTERPRISE CYBER THREAT REMEDIATION INEFFECTIVE, STUDY SHOWS

    May 15, 2018

    Enterprise cyber threat remediation needs to improve in several key areas, according to an analysis of common remediation strategies. Common enterprise cyber threat remediation strategies are about as effective as random chance, a study has revealed. Some of the simple rule-based strategies do not p...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51045104

    ORGS FAILING TO IDENTIFY INSIDER THREAT BLIND SPOTS

    May 15, 2018

    Active insider threats are present in 100% of organizations, with companies failing to eliminate insider threat blind spots, according to new research from Dtex Systems. The user behavior intelligence provider analyzed anonymized data about user behaviors taking place on public and private sector or...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51055105

    DANISH RAILWAY COMPANY DSB SUFFERS DDOS ATTACK

    May 14, 2018

    Danish rail travelers found buying a ticket difficult yesterday, following a DDoS attack on the railway company DSB. DSB has more than 195 million passengers every year but, as reported by The Copenhagen Post, the attack on Sunday made it impossible to purchase a ticket via the DSB app, on the websi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51005100

    CRYPTO-MINING MALWARE TOPS MOST WANTED LIST

    May 14, 2018

    Cybercriminals have options when it comes to choosing their attack weapons, which is why malware authors are likely grateful to those criminals who choose to target unpatched server vulnerabilities with crypto-mining malware. According to the latest Global Threat Index published today by Check Point...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51015101

    GEORGIA GOVERNOR VETOES CONTROVERSIAL CYBERSECURITY BILL

    May 11, 2018

    A controversial cybersecurity bill was vetoed by Georgia's governor this week after pressure from Microsoft and Google. Plus, IBM banned USB drives, and more. Georgia Governor Nathan Deal vetoed a cybersecurity bill this week that would have criminalized unauthorized computer access but granted ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50945094

    WHITE HAT SPOOFS 2FA, SENDS USER TO PHISHING PAGE

    May 11, 2018

    Social engineering tactics are the bread and butter of hackers. Preying on trust, malicious actors are able to lure users into sharing personal information, even login credentials. White hat hackers will often leverage these same tactics for good, which Kevin Mitnick, chief hacking officer, KnowBe4 ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50955095

    ANDROID P SECURITY IMPROVES AUTHENTICATION TRUST AND DATA PRIVACY

    May 10, 2018

    Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users. Mountain View, Calif. -- The newest Android P security enhancements make it clear that Google has been watching the news a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50905090

    CSIT ANNOUNCES JOBS BOOST FOR CYBERSECURITY INDUSTRY

    May 09, 2018

    At CSIT’s eighth Annual World Cyber Security Summit it was announced that 10 new research and engineering jobs are being created at Queen’s University Belfast to meet the demands of new contracts and the rapidly growing cybersecurity industry in Northern Ireland. CSIT, the UK’s lea...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50845084

    A LOOK AT THE NEW LONDON CYBER INNOVATION CENTRE

    May 09, 2018

    At CSIT’s eighth Annual World Cyber Security Summit in Belfast Claire Cockerton, founder and CEO of Plexal, presented a session outlining the new London Cyber Innovation Centre, which will launch later this year and will be located on the Queen Elizabeth Olympic Park. The Centre, which will be...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50855085

    IT PROS NAME USERS, GDPR AS BIGGEST CLOUD COMPUTING SECURITY THREATS

    May 09, 2018

    The cloud is growing faster than companies can prepare for cloud computing security threats, a quartet of tech leaders say at a Boston forum. But managing risk is within reach. You know a technology has become standard when an institution founded before electricity plugs it in. Just look at The Hart...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50895089

    TWITTER FIXES BUG, ADVISES USERS TO RESET PASSWORDS

    May 08, 2018

    Today’s topics include Twitter advising users to reset their passwords after a bug discovery, and Microsoft releasing a preview of the next major Windows 10 update. Twitter announced on May 3 that it discovered an issue in its system that exposed user passwords to potential risk but added that...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50775077

    SYNACK RANSOMWARE USES DOPPELGANGING TECHNIQUE

    May 08, 2018

    Though known since September 2017, SynAck ransomware has a new variant found to be using Process Doppelgänging. According to Kaspersky Lab researchers who discovered the ransomware Trojan bypassing antivirus security by hiding in legitimate processes, this is the first time the Doppelgängi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50785078

    HACKERS MINE FOR CRYPTO-COINS ON IOT DEVICES

    May 07, 2018

    Cybercriminals looking to purchase malware are frequent flyers on dark web forums. Often, nefarious actors are in search of the attack that will deliver the greatest gains, which is why it might come as a surprise to learn that many criminals are rolling the dice on crypto-jacking connected devices....

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50735073

    HACKERS IN CHINA ARE PART OF MASSIVE GOVERNMENT GROUP, REPORT SAYS

    May 07, 2018

    Hacks that were previously thought to be the work of unrelated groups have actually been coordinated by China since at least 2009, according to researchers. There's a Chinese proverb that roughly translates to "One chopstick is easily broken, but a bundle of chopsticks is unbreakable."...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50745074

    BUSINESSES NOT READY FOR NETWORK IMPLICATIONS OF CLOUD NATIVE ARCHITECTURE

    May 04, 2018

    Composable applications can be built from connecting microservices that run in their own containers. This cloud-first approach requires a new approach to networking. The next iteration for cloud computing, Cloud 2.0, promises to deliver a flexible IT architecture where applications are built out of ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50695069

    TWITTER PASSWORD SECURITY BUG UNDERLINES NEED FOR INDUSTRY CHANGE

    May 04, 2018

    Twitter has revealed that a bug in its systems resulted in some passwords being stored in a log in clear text, underlining the need for alternative authentication methods, say industry commentators. Twitter has advised its users to change their passwords after discovering that a systems flaw had res...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50705070

    CYBERSECURITY PERVASIVENESS SUBSUMES ALL SECURITY CONCERN

    May 03, 2018

    Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been inevitable that cybersecurity pervasiveness would eventually touch every aspect of life. But, it feels m...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50605060

    FIELD SERVICE MOBILE APPS OFFER USABILITY, NEW FEATURES

    May 03, 2018

    Field service management software can be a great way to integrate mobile into a service company. Now, cloud-based platforms offer an accessible entry point for smaller businesses. As field service mobile apps become more robust and cloud-based, adoption grows with small businesses jumping on the ban...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50615061

    UK FIRMS INVEST IN CYBERSECURITY TO FOIL ATTACKS

    May 03, 2018

    There was good news for UK businesses this week after new stats from Beaming showed the number of cyber-attack victims fell by a fifth in 2017 from the previous year. The business ISP polled over 500 corporate bosses in micro-, small, medium and large businesses. Although around the same number of l...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50635063

    PLAINTEXT PASSWORD PROBLEM FOR SOME GITHUB USERS

    May 02, 2018

    Protecting passwords is a critical yet challenging part of cybersecurity. Yesterday, it became an issue for code repository site GitHub, which had to announce to a small number of its users that a flaw in its system had revealed passwords in plaintext on internal logs. Users received an email messag...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50555055

    SECURITY INDUSTRY WELCOMES CITY OF LONDON POLICE CYBER INITIATIVE

    May 02, 2018

    Security industry welcomes City of London Police cyber initiative. The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required. The City of London Police has launched an initiativ...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50565056

    ZUCKERBERG POKES FUN AT HIMSELF, TOUTS NEW APPS AT F8

    May 01, 2018

    Facebook CEO introduces several new functions, including a dating app, one that allows a group to share watching videos in real time, and new ways natural language processing and artificial intelligence will be used in future apps. On Day 1 of its annual F8 conference, Facebook on May 1 explained ho...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50495049

    SECURITY INDUSTRY WELCOMES NHS MOVE TO WINDOWS 10

    Apr 30, 2018

    Representatives of the security industry have welcomed the announcement that the NHS will be migrating to Windows 10 as part of a multi-million pound deal with Microsoft, but warn that the move will not be without its challenges. The Department of Health and Social Care has announced that it will tr...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50505050

    PHISHING THREATS STILL DWARF VULNERABILITIES, ZERO-DAYS

    Apr 30, 2018

    Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive. Phishing threats continue to evolve and stay one step ahead of enterprise defenses, according to new researc...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50475047

    SECURITY PROS SUPPORT DATA COLLECTION REGULATIONS

    Apr 27, 2018

    While most security professionals believe that government officials lack a real understanding of the threats to digital privacy, they overwhelmingly agree that governments should regulate the way social media companies collect user data. At last week’s RSA Conference, more than 500 security pr...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50445044

    SENTINELONE CEO: ENDPOINT SECURITY MARKET FULL OF 'NOISE AND CONFUSION'

    Apr 27, 2018

    In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital investments have affected the endpoint security space. In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital inves...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50625062

    FINNISH R&D AND UTILITIES IN LINE OF CYBER ESPIONAGE FIRE, SAY SECURITY POLICE

    Apr 26, 2018

    Finnish research and development, as well as critical infrastructure, are being targeted by state-backed cyber espionage attacks, says report. Foreign states are attempting to steal information about Finland’s critical infrastructure and product development, Finnish security intelligence servi...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50365036

    GDPR COMPLIANCE REQUIREMENTS DON'T COME CHEAP

    Apr 26, 2018

    GDPR has more teeth than any previous data privacy directive, but that looming threat hasn't motivated many companies to get their audit trail in order. Not ready for GDPR to go into effect next month? There's some good news and some bad news. The bad news: The European Union regulation has ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50375037

    KEEP HACKERS LOCKED OUT OF HOTEL ROOMS

    Apr 26, 2018

    It’s rare to check into any hotel today and be handed an actual door key. Global hotel chains and hotels worldwide have transitioned from the lock and keys of old to an electronic system so that guests need only swipe a card in front of the door. But researchers at F-Secure Cyber Security Serv...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50385038

    CADENCE IN CHAOS: SOUNDS OF DDOS IN NETFLOW LOGS

    Apr 26, 2018

    For those who appreciate the healing power of music, new research could prove to be a magical security tool. By correlating traffic types from NetFlow logs with sounds of instruments, researchers at Imperva were able to translate changes in network traffic into song. Inspired by a TED Talk called &q...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50395039

    FIGHT TO GET SMBS PCI COMPLIANT A LOSING BATTLE

    Apr 26, 2018

    Being in compliance with different regulations has a bottom-line impact on business, but smaller organizations lack the time and knowledge necessary to engage with PCI (Payment Card Industry) programs. That's according to the Acquirer PCI Sentiment Survey recently released by Sysnet Global Solut...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50435043

    MAJOR TAKEDOWN OF SITE SELLING CYBERATTACKS

    Apr 25, 2018

    Administrators of the world's largest DDoS-as-a-service website webstresser.org were only yesterday reaping the rewards of their illicit enterprise. Today, they are under arrest thanks to the cooperative effort of international law enforcement agencies. Eruopol reported the success of Operation ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50325032

    IMPROVED SECURITY STANDARDS FOR ELECTRIC GRIDS

    Apr 24, 2018

    In an effort to address the growing threat of cyber-attacks to the national power grid, the Federal Energy Regulatory Commission (FERC) approved revised reliability standards for cybersecurity management controls. The Critical Infrastructure Protection standards, developed by the North American Elec...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50275027

    FACEBOOK CYBERSECURITY UNIVERSITY GRADUATES US VETERANS

    Apr 24, 2018

    Though it’s not quite graduation season, 33 US military veterans celebrated the completion of their 12-week course and became the first class to graduate from Facebook Cybersecurity University for Veterans on Saturday, April 21. Narrowing the cybersecurity skills gap demands that organizations...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50285028

    CILIUM 1.0 ADVANCES CONTAINER NETWORKING WITH IMPROVED SECURITY

    Apr 24, 2018

    The open-source effort aims to replace the decades-old IPtables model for Linux networking with a more modern approach for containers that improves performance and security. For last two decades, the IPtables technology has been the cornerstone of Linux networking implementations, including new cont...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50315031

    #RSAC: INFOSECURITY ‘SOLUTIONS’ ARE BECOMING THE PROBLEM

    Apr 23, 2018

    At the RSA conference in San Francisco in a session titled ‘Back to IT Security Basics: What’s getting lost in the buzz words’, Marc Potter of Netwrix urged information security professionals to turn a blind eye to threat buzzwords in favor of focusing on risk management. “Wh...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50235023

    WOMEN IN CYBERSECURITY DISCUSS HIRING, ADVICE AND BEING MENTORS

    Apr 23, 2018

    A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors. SAN FRANCISCO -- With diversity in infosec looming as an increasingly pivotal topic, a panel of female cybersecurity p...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50245024

    GOVERNMENT HACKING TACTICS QUESTIONED AT OURSA

    Apr 20, 2018

    The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants. Jennifer Granick had harsh words at the Our Security Advocates Conference for the growing state of mass surveillance a...

    CYBERSECURITY NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50205020

    NEW IOS VULNERABILITY LETS ATTACKERS HACK IPHONE, IPAD

    Apr 19, 2018

    Syncing iTunes across devices via Wi-Fi is popular and convenient, but newly discovered attack scenarios could put iOS devices at risk. Symantec researchers discovered a flaw that if exploited would allow attackers to compromise devices. Named “Trustjacking,” the flaw exploits the trust ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50165016

    MICROSOFT WINDOWS DEFENDER FIGHTS PHISHING ON GOOGLE CHROME BROWSER

    Apr 19, 2018

    Microsoft is bringing the technology it uses to keep Edge users safe to a rival browser. Available now in the Chrome Web Store, the new Windows Defender Browser Protection extension for Google Chrome monitors web pages to help users avoid phishing schemes and socially-engineered attempts to lure the...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50195019

    THE FIVE MOST DANGEROUS NEW ATTACKS ACCORDING TO SANS

    Apr 19, 2018

    At the RSA Conference in San Francisco on April 18 2018, three leading instructors and contributors from the SANS institute shared what they believe to be the five most dangerous new attack techniques in cybersecurity. Repositories and Cloud Storage Data Leakage. Ed Skoudis named repositories and cl...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50115011

    IT MANAGERS LACK VISIBILITY INTO ALMOST HALF OF NETWORK TRAFFIC

    Apr 18, 2018

    IT managers lack visibility to about 45% of their organization’s network traffic, creating significant security challenges. In fact, nearly a quarter of them are blind to as much as 70% of their network traffic. Sophos’s global survey, The Dirty Secrets of Network Firewalls, polled more ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50125012

    U.S. UK GOVERNMENT SAY RUSSIA INCREASING INFRASTRUCTURE ATTACKS

    Apr 18, 2018

    A massive Russian-sponsored cyber-attack campaign is targeting routers, switches and other infrastructure devices to enable man-in-the-middle, espionage, hijacking and other attacks, according to U.S. and UK cyber-security authorities. In the first joint statement of its kind, U.S. and UK cyber-secu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50155015

    DIVERSITY ESSENTIAL IN BUILDING CYBERSECURITY TALENT PIPELINE

    Apr 17, 2018

    In their RSA Conference session titled ‘Building the cybersecurity innovation pipeline’ in San Francisco on April 17 2018, Grant Bourzikas, CISO & VP McAfee Labs and Chatelle Lynch, SVP and Chief Human Resources Officer, McAfee Labs, discussed the importance of diversity in building ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50065006

    FACEBOOK, MICROSOFT AND 32 OTHERS FORM CYBER CONSORTIUM

    Apr 17, 2018

    A group of 34 tech companies, including Facebook and Microsoft, have formed a cybersecurity consortium, pledging to work together to “act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.” The group,...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50075007

    MOST WEB APPS CONTAIN HIGH-SEVERITY VULNERABILITIES

    Apr 16, 2018

    An analysis of web applications shows that 94% of applications tested had at least one high-severity vulnerability. According to Positive Technologies’ Web Application Vulnerabilities in 2017 report, collated through the security firm’s automated source code analysis through the PT Appli...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50015001

    HOW TO SOLVE INFOSEC PROBLEMS WITH CREATIVE SOLUTIONS

    Apr 16, 2018

    Speaking at BSides San Francisco today Katie Ledoux, manager of trust and security governance at Rapid7, presented a session exploring some creative solutions to infosec problems. Ledoux said that when fixing problems “managing little fires without losing sight of long-term goals is an issue t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50025002

    COMPANIES MUST TAKE A SHARE OF CLOUD SECURITY RESPONSIBILITY

    Apr 13, 2018

    The cloud is seen as highly secure and more and more critical data is being held in public clouds, but organisations need to adapt their internal security processes. Organisations are struggling to protect their data amid a growing number of security breaches, new research from Oracle and KPMG has w...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49974997

    CYBER ATTACKERS CAN BREACH TARGETS IN HOURS, REPORT REVEALS

    Apr 13, 2018

    The majority of hackers claim they can breach an organisation within hours, while most security professionals admit they do not know what to look for. The majority of cyber attackers (71%) can breach a targeted organisation within 10 hours, and 18% claim they could breach a target in the hospitality...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49984998

    NATION-STATE ATTACKS TAKE 500% LONGER TO FIND

    Apr 12, 2018

    When it comes to threats that put your business at risk, gaining visibility into attacks remains a challenge. New research shows that in 50% of cases over the past 12 months, organizations had insufficient endpoint or network visibility to respond successfully. According to cybersecurity specialist ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49944994

    GOOGLE WILL DISTRUST ADDITIONAL CAS, IT PROS PREDICT

    Apr 12, 2018

    Although IT security professionals are troubled by future certificate authority (CA) incidents, very few have the tools needed to switch CAs quickly. The finding is significant given that, last year, researchers affiliated with Google decided that Symantec, and their affiliated CAs, had mis-issued t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49954995

    DIVERSITY KEY TO MORE EFFECTIVE CYBER SECURITY, SAYS NCSC

    Apr 11, 2018

    Diversity in defence teams is key to improved cyber security, according to the UK’s National Cyber Security Centre (NCSC). To combat the cyber security threat, “we need to be the very best in the world at what we do,” said Nicola Hudson, NCSC director of communications. “We n...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49874987

    INFORMATICA CEO: ENTERPRISES IN 2018 FOCUS ON AI, DATA CATALOG

    Apr 10, 2018

    Data management cloud and enterprise software vendor Informatica has seen a surge in interest for data catalog as organizations grapple with the looming GDPR deadline and data privacy issues. Here's what else the company's CEO sees as big trends in data for 2018. The GDPR (General Data Prote...

    INFORMATIONWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49884988

    ORGANIZATIONS FAILING AT TIMELY DETECTION OF THREATS

    Apr 10, 2018

    Detection and remediation capabilities still need work at most organizations: Less than half of all organizations in a benchmark survey from LogRhythm were able to detect a major cybersecurity incident within one hour. Even more concerning, more than two-thirds said that even if they detected a majo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49834983

    ORGS ARE HOLDING BACK ON CLOUD-BASED SECURITY

    Apr 10, 2018

    Enterprises are adopting the cloud much faster than their security teams can keep up – and misunderstanding about cloud environments is pervasive. The 2018 Enterprise Cloud Trends Report from iboss surveyed IT decision makers and office workers in US enterprises and found that 64% of IT decisi...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49844984

    17% OF WORKERS FALL FOR SOCIAL ENGINEERING ATTACKS

    Apr 09, 2018

    In tests that imitated the actions of hackers by sending emails to employees with links to websites, password entry forms and attachments, 17% of the messages would have led to a compromise of the employee's workstation and, ultimately, the entire corporate infrastructure if they had been real. ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49784978

    BUSINESS INCREASES USE OF ENCRYPTION IN THE CLOUD

    Apr 06, 2018

    The use of encryption has seen double-digit growth in the past year due to a number of security-related drivers, a study has revealed. The past year has seen the biggest growth in the use of encryption in the cloud, the Thales 2018 Global encryption trends study shows. The uptick in the adoption of ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49794979

    ONE-FIFTH OF OPEN-SOURCE SERVERLESS APPS HAVE CRITICAL VULNERABILITIES

    Apr 06, 2018

    More than 20% of open-source serverless applications contain critical security vulnerabilities, according to an audit by PureSec. An evaluation of 1,000 open-source serverless projects revealed that 21% of them contained one or more critical vulnerabilities or misconfigurations, which could allow at...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49724972

    HACKERS USE FLAW IN CISCO SWITCHES TO ATTACK CRITICAL INFRASTRUCTURE

    Apr 06, 2018

    Attackers are taking aim at critical infrastructure in multiple countries by exploiting a software flaw in some Cisco switches that has been a point of concern for more than a year. According to a blog post issued April 5 by Cisco’s Talos security unit, the cyber-attacks are exploiting what Ci...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49734973

    AVERAGE ATTACKER DWELL TIME NEARLY SIX MONTHS FOR EMEA, STUDY SHOWS

    Apr 04, 2018

    Firms in Europe, the Middle East and Africa take nearly six months to detect cyber attacks on average, a report reveals. The time taken by firms to detect breaches increased by 40% from 2016 to 175 days on average in 2017, according to the latest M-Trends report by security firm FireEye. This dwell ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49644964

    RANSOMWARE PUTS PRESSURE ON INCIDENT RESPONSE

    Apr 04, 2018

    Ransomware is aimed at raising money, but does not typically involve the compromise of any data, which is simply encrypted, with payment demanded in return for the decryption key.

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49654965

    LAWYERS MORE INFLUENTIAL THAN IT STAFF IN CLOUD DEPLOYMENTS.

    Apr 03, 2018

    Traditionally considered risk-adverse, lawyers are twice as more influential than in-house technology staff, new research finds. Lawyers, not IT professionals and consultants, wield the most influence in the Asia-Pacific (APAC) region when it comes to cloud deployments, a new survey has found. Lawye...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49574957

    PANERA BREAD DATA BREACH DEMONSTRATES SECURITY WORST PRACTICES

    Apr 03, 2018

    Panera Bread executives ignored the warnings from a cyber-security researcher that customer data was exposed on its network until it was forced to deal with the bad publicity of an actual data breach. Imagine someone running in to your office and reporting that the building is on fire. Also imagine ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49604960

    GOOGLE BANS CRYPTO-CURRENCY MINING EXTENSIONS FROM CHROME STORE

    Apr 03, 2018

    Effectively immediately, developers are not permitted to upload extensions with crypto-currency mining features, company says. Google is making it harder for cyber-criminals to use Chrome browser extensions for crypto-currency mining. Effective immediately Google will no longer allow developers to u...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49614961

    SAKS, LORD & TAYLOR PAYMENT CARD BREACH AFFECTS 5 MILLION

    Apr 02, 2018

    Luxury department store behemoth Saks Fifth Avenue and sister stores Saks OFF 5TH and Lord & Taylor have become the latest retail victim of a data breach. The incident impacts 5 million payment cards that were used at stores in North America, from May 2017 to March 2018. Research firm Gemini Adv...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49564956

    COLLEGE KIDS TURN TO CRYPTO-MINING, RIDDLING HIGHER-ED NETWORKS

    Mar 30, 2018

    The higher-education landscape has become a fertile field for growing crypto-mining revenue. College students are crypto-mining from their dorm rooms, while outside actors are targeting their online activities for web-based attacks. According to Vectra’s 2018 RSA Conference Edition of its Atta...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49524952

    RESEARCH REPORTS REVEAL CONCERNS ABOUT IOT RISKS AND MICROSOFT FLAWS

    Mar 30, 2018

    New reports shed light on the current state of ransomware payouts and also reveals concerns about IoT cyber-risks. Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape. In the aggregate, the reports provide a snapshot of some to ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49534953

    IBM SECURITY LOOKS TO INCIDENT RESPONSE SERVICES FOR GROWTH

    Mar 30, 2018

    While IBM has made significant investments in acquiring cybersecurity vendors in recent years, the company now is turning its attention to security services like incident response. LAS VEGAS -- Despite increasing investments in cybersecurity from enterprises, IBM believes many organizations are stil...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49684968

    IBM REPORTS FEWER RECORDS BREACHED IN 2017 AS RANSOMWARE ESCALATES

    Mar 30, 2018

    The 2018 IBM X-Force Threat Intelligence Index reveals that 25 percent fewer records were breached in 2017 than in the prior year, but there is a big catch: The figure doesn't include records impacted by ransomware. IBM Security announced its 2018 X-Force Threat Intelligence Index on April 4, re...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49694969

    CYBERSECURITY AWARENESS DOESN'T FUEL BETTER PREPARATION: REPORT

    Mar 28, 2018

    New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident. The 2017 Cyberattack Storm Aftermath study, commissioned wit...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49444944

    LEGAL DEPARTMENTS STRUGGLE WITH GDPR ROLE

    Mar 28, 2018

    The General Data Protection Regulation (GDPR) is set to take effect on May 25, and research suggests that while businesses are busy scrambling to fill data protection officer (DPO) vacancies, other areas of the organization, especially the legal department, could be taken by surprise. According to a...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49454945

    BIT DISCOVERY LAUNCHES TO HELP IMPROVE WEBSITE ASSET INVENTORY

    Mar 28, 2018

    Jeremiah Grossman, founder of WhiteHat Security is throwing his hat back in the startup ring, launching Bit Discovery in a bid to help organizations with website asset inventory, which is a key cyber-security challenge. Startup Bit Discovery officially launched on March 27, led by cyber-security ind...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49484948

    ENERGY SECTOR ICS IS THE MOST-ATTACKED INFRASTRUCTURE

    Mar 27, 2018

    In the second half of 2017, nearly 40% of all analyzed industrial control systems (ICS) in energy organizations were attacked by malware at least once – closely followed by 35% of engineering and ICS integration networks. The cybersecurity of industrial facilities remains an issue that can lea...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49414941

    GOOGLE OFFERS DETAILS ON DDOS MITIGATION SERVICE FOR CLOUD PLATFORM

    Mar 26, 2018

    Google Offers Details on DDoS Mitigation Service for Cloud Platform. Google has released more details of its newly announced Cloud Armor system for mitigating distributed denial of service (DDoS) attacks. The service is one of about 20 security enhancements Google announced recently as part of a bro...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49494949

    APPLE CEO CALLS FOR BETTER PRIVACY REGULATIONS

    Mar 26, 2018

    Apple’s CEO is calling for better data privacy regulations as Elon Musk joins Brian Acton in supporting the #DeleteFacebook campaign. The storm around Facebook’s controversial data sharing with Cambridge Analytica continued at the weekend despite efforts by the social networking firm&rsq...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49364936

    RANSOMWARE PUBLICITY HEIGHTENED AWARENESS BUT OTHER THREATS REMAIN, EXPERTS SAY

    Mar 26, 2018

    Due to several high profile attacks over the past year, ransomware is now well known across organisations, but there are other threats to be aware of, say cyber security experts. Publicity around ransomware has raised awareness about the cyber threat, but there are other serious security issues that...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49374937

    TLS 1.3 ENCRYPTION STANDARD MOVES FORWARD, IMPROVING INTERNET SECURITY

    Mar 26, 2018

    A decade after the last SSL/TLS web encryption standard was released, the IETF has finally settled on the 28th draft of the TLS 1.3 standard to be the next major protocol for internet security. After years of development and 28 drafts, the Internet Engineering Task Force has approved Transport Layer...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49404940

    CLOUD KEY TO CYBER DEFENCE, SAYS PALO ALTO NETWORKS

    Mar 23, 2018

    Organisations need to make sense of security intelligence and act on it faster to get ahead of attackers, and cloud-based security is one way of making that possible, according to Palo Alto Networks. Companies are moving to the cloud for greater agility, flexibility and resilience, and they should b...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49344934

    IT FACES CHALLENGES WITH FIREWALLS IN THE CLOUD

    Mar 22, 2018

    The cloud is redefining the role of the firewall, and an overwhelming 83% of IT professionals in a recent survey have concerns about deploying traditional firewalls in nontraditional topographies. According to Barracuda Networks’ Firewalls and the Cloud survey of 600 global IT professionals, c...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49354935

    RANSOMWARE OUT, CRYPTOJACKING IN

    Mar 22, 2018

    Cryptojacking attacks exploded by 8,500% in 2017 resulting from the sudden increase in cryptocurrency values. According to research released by Symantec, UK ranked as the fifth highest country worldwide, with a staggering 44,000% increase in coin-miner detections. With a low barrier to entry –...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49294929

    SOCS ARE OVERWHELMED AND FACE DEEP CHALLENGES

    Mar 21, 2018

    Even though companies are trying to get their arms around the ever-shifting threat landscape by implementing security operations centers (SOCs), research has revealed that excessive alerts, outdated metrics and limited integration are leading to over-taxed resources within the SOCs. Fidelis Cybersec...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49284928

    GOOGLE ADDS TO ITS CLOUD SECURITY OFFERING

    Mar 21, 2018

    Today, Google has announced more than 20 enhancements to its Cloud Security environment, with the aim to give more control to businesses operating in the Cloud. These announcements follow security announcements for Chrome Enterprise, which the company made last week. These enhancements include: VPC ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49244924

    ORBITZ ATTACK IMPACTS HUNDREDS OF THOUSANDS OF CONSUMERS

    Mar 20, 2018

    Popular travel-booking site Orbitz has likely been hacked, potentially exposing payment card information for people that bought plane tickets or booked hotel rooms over the course of two years. The company said that it has uncovered evidence that about 880,000 payment cards were possibly impacted, a...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49254925

    CYBERSECURITY TREND FORECAST: STREAMLINED, SIMPLIFIED SECURITY

    Mar 19, 2018

    In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Simplicity will be the cornerstone of effective cybersecurity as companies strive to consolidate resources, according to Javvad...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49174917

    FACEBOOK ROCKED BY DATA BREACH SCANDAL AS INVESTIGATIONS LOOM

    Mar 19, 2018

    Facebook shares plunged Monday as the social media giant was pounded by criticism at home and abroad over revelations that a firm working for Donald Trump's presidential campaign harvested and misused data on 50 million members. Calls for investigations came on both sides of the Atlantic after F...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49204920

    LEAKED REPORT ON AMD CHIP FLAWS RAISES ETHICAL DISCLOSURE QUESTIONS

    Mar 16, 2018

    Researchers announced AMD chip flaws without the coordinated disclosure procedure, and a leak of the research to a short seller has raised further suspicions about the process. Explosive research on AMD chip flaws released this week that broke vulnerability disclosure guidelines has been further mar...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49214921

    RUSSIAN GOVERNMENT HACKING EARNS U.S. SANCTIONS, WARNINGS

    Mar 16, 2018

    The U.S. Treasury Department levied sanctions for Russian government hacking, as a joint alert from the FBI and DHS confirms election meddling and critical infrastructure attacks. The FBI and Department of Homeland Security issued a joint technical alert detailing Russian government hacking activity...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49164916

    MINORITY CYBER-PROS ARE BETTER EDUCATED BUT PAID LESS

    Mar 15, 2018

    When it comes to diversity in the cybersecurity workforce, it turns out that minority representation is actually higher than in the broader US workforce as a whole (26% vs. 21%). However, these professionals are disproportionately found in non-management roles, and they tend to earn lower salaries w...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49124912

    RUSH TO THE CLOUD RISKS SECURITY BREACHES

    Mar 15, 2018

    Over half of cybersecurity professionals are reporting misalignment between them and the rest of the business when it comes to the cloud and security issues, according to new research by Palo Alto Networks. Across Europe and the Middle East, 70% of respondents to the survey said that a rush to the c...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49134913

    BLACKTDS EMERGES AS AN AS-A-SERVICE DRIVE-BY KIT FOR MALWARE DISTRIBUTION

    Mar 14, 2018

    A new traffic distribution system called BlackTDS has reared its head in the criminal underground, marketing itself as an as-a-service tool for malware distribution. The privately held BlackTDS was spotted by Proofpoint researchers in late December 2017. It offers a variety of services to its &ldquo...

    INFOSECURITY-MAGAZINE
    READ MORE