Tuesday, March 31, 2020

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack

Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.

Why Third-Party Risk Management Has Never Been More Important

Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.

Latest Security News & Commentary about COVID-19

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

Data from 5.2M Marriott Loyalty Program Members Hit by Breach

The data was breached through the credentials of two franchisee employees.

Patching Poses Security Problems with Move to More Remote Work

Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.

Palo Alto Networks to Buy CloudGenix for $420M

Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.

Does the 2020 Online Census Account for Security Risk?

Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.

How Much Downtime Can Your Company Handle?

Why every business needs cyber resilience and quick recovery times.

Limited-Time Free Offers to Secure the Enterprise Amid COVID-19

These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.

Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations

Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.

Microsoft Edge Will Tell You If Credentials Are Compromised

Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.

HackerOne Drops Mobile Voting App Vendor Voatz

Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.

Untangling Third-Party Risk (and Fourth, and Fifth…)

Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.

Securing Your Remote Workforce: A Coronavirus Guide for Businesses

Often the hardest part in creating an effective awareness program is deciding what NOT to teach.

Malicious USB Drive Hides Behind Gift Card Lure

Victims are being enticed to insert an unknown USB drive into their computers.

Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers

A misconfigured database holding personal data was left available online between April 2019 and February 2020.

The Wild, Wild West(world) of Cybersecurity

Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.

Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely

The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.

Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks

Goal is to help organizations - especially healthcare entities - protect against cybercriminals trying to take advantage of the pandemic.

Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC

Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.

Defense Evasion Dominated 2019 Attack Tactics

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.

OpenWRT is vulnerable to attacks that execute malicious code

Enlarge (credit: OpenWRT) For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
SC Magazine

Privacy in critical care after telehealth demands jump

As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...