Friday, November 15, 2019

Web payment card skimmers add anti-forensics capabilities

Researchers have detected compromises on ecommerce sites with a new JavaScript-based payment card skimmer that uses anti-forensics techniques, including the ability to remove itself from the web page’s code after execution. Dubbed Pipka, the malicious script was found by...

The CSO guide to top security conferences, 2019

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...

What you need to know about the new OWASP API Security Top 10 list

OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. It's a good time...

Welcome to Insider Pro

For more than 50 years, IDG has earned the trust of its readers with authoritative coverage of the technology industry. Insider Pro is the natural evolution of the insightful coverage our publications have produced for decades.

Truebill can help you manage your finances—and it’s free to download

Learning how to manage your money correctly is a necessary step towards financial freedom. However, we always seem to forget about online subscription services that go unused. Perhaps you haven’t watched Netflix or forgot to cancel a one-month free...

BrandPost: Addressing New Challenges Starts with Resilience

The third quarter of 2019 saw a number of new cyberthreat trends emerge or expand, and organizations need to be aware of these trends if they wish to stay ahead of cybercriminal strategies. One of the most effective attacks...

What is application security? A process and tools for securing software

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are...

Peer product reviews: IT pros evaluate 7 enterprises offerings

These reports offer objective and relevant user-contributed information to help IT decision-makers navigate the tech purchase process.

What is Security Onion? And is it better than a commercial IDS?

Back in the early oughts, a common complaint about Linux was that while it was free/libre, it came with no support and you had to pay expensive senior sysadmins to run Linux systems. Fast forward to today, and Linux...

BrandPost: Worried About Your Internet Presence? Focus on Your Attack Surface

The Internet has created myriad ways for people and organizations to connect with one another. Unfortunately, attackers will attempt to find and exploit the Internet presence of an organization. All of the connections, profiles, pages, and posts can be...

IDG Contributor Network: Ignorance is not bliss when it comes to defending against the dark web

The dark web ecosystem continues to evolve as a place where cybercriminals can sell and access stolen data, purchase black-market items such as guns, drugs and hacking software, and connect with like-minded individuals. As is the case in any...

How much does it cost to launch a cyberattack?

Companies spend big to defend their networks and assets from cyber threats. Kaspersky Labs has found security budgets within enterprises average around $9 million per year. On top of that, data breaches cost companies millions of dollars. Yet, cheap,...

IDG Contributor Network: Attention cybersecurity entrepreneurs: CISOs want simplicity!

Successful entrepreneurs in all segments recognize the importance of keeping ahead of market trends and helping customers close gaps. In cybersecurity, those gaps are often shaped by newly discovered vulnerabilities and other emerging threats. Today, enterprise IT groans under...

Twitter spy scandal a wake-up call for companies to clean up their data access acts

A tremor rippled across the information security community last week when the Justice Department announced criminal charges against two Twitter employees, Ahmad Abouammo and Ali Alzabarah, for acting as foreign agents under the direction and control of the Kingdom...

How to lock down enterprise web browsers

Browsers. You can’t use the Internet without them, but they introduce insecurity and instability to the computing environment. Browsers are the operating system of cloud computing and protecting them will become more and more important.Just last week, Google came...

BrandPost: Working with Veterans to Bridge the Cybersecurity Skills Gap

The world is experiencing a significant shortfall in cybersecurity skills – to the tune of 2.9 million people. Veterans are uniquely positioned to help fill this critical gap. Government, enterprise and higher education are working on initiatives to raise...

5 steps to a successful red team engagement

I’m a huge fan of red teams, but they are often so good at what they do that they lose sight of their primary mission: to help the organization reduce cybersecurity risk.To read this article in full, please click...

This 11-course Microsoft & Oracle SQL certification prep bundle is only $39 today

If you’re interested in a career in data administration, you’re in luck! Nowadays, companies handle larger data sets than ever before, so the need for data experts is higher than ever. Whether you’re new to the field or you...

How EDR stops hackers in their tracks

EDR definition Endpoint detection and response (EDR) is a category of security tools that monitor end-user hardware devices across a network for a range of suspicious activities and behavior, reacting automatically to block perceived threats and saving forensics data for...

IDG Contributor Network: Combatting extreme weather and power outages, a growing need for AI

On Monday, October 28, the news in San Francisco was that Tuesday’s winds would trigger another round of power shutdowns. More than 1 million PGE customers in northern California have been affected by planned power outages, a proactive measure...
SecurityWeek

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne. Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
The Register

Try as they might, ransomware crooks can’t hide their tells when playing hands

Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
ZDNet

Google Chrome experiment crashes browser tabs, impacts companies worldwide

In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
SC Magazine

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and...
ZDNet

GitHub launches ‘Security Lab’ to help secure open source ecosystem

Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.