Tuesday, May 26, 2020

5 Tips for Fighting Credential Stuffing Attacks

With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?

Former Salesforce Execs Launch Data Protection Startup

Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.

Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th

Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...

Security & Trust Ratings Proliferate: Is That a Good Thing?

Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.

10 iOS Security Tips to Lock Down Your iPhone

Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.

Security 101: Cross-Site Scripting

Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?

Web Scrapers Have Bigger-Than-Perceived Impact on Digital Businesses

The economic impact of bot traffic can be unexpectedly substantial, a PerimeterX-commissioned study finds.

Telcos Become Richer Hacking Targets

The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.

Hackers Serve Up Stolen Credentials from Home Chef

Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.

How an Industry Consortium Can Reinvent Security Solution Testing

By committing to independent testing to determine value, vendors will ensure that their products do what they say they do.

The Need for Compliance in a Post-COVID-19 World

With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.

Most Bluetooth Devices Vulnerable to Impersonation Attacks

Vulnerabilities in the Bluetooth authentication process give attackers a way to insert rogue devices between two securely paired devices, academic researchers find.

Centralized Contact Tracing Raises Concerns Among Privacy-Conscious Citizens

The long debate over whether encryption and anonymity shield too much criminal behavior also has staged a resurgence.

60% of Insider Threats Involve Employees Planning to Leave

Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.

Digital Transformation Risks in Front-end Code

Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security.

Offers to Sell Enterprise Network Access Surge on Dark Web

In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.

Microsoft Warns of Vulnerability Affecting Windows DNS Server

A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.

Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say

As COVID-19-themed spam rises, phishing-not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.

Is Zero Trust the Best Answer to the COVID-19 Lockdown?

Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.

Magecart Plants Card Skimmers via Old Magento Plugin Flaw

The FBI has warned ecommerce sites about attacks targeting a more than three-year-old flaw in the Magmi mass importer.
Tripwire

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...

How To Achieve Balance Between Cybersecurity And The User Experience

Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.

Determining Liability For Security Breaches Isn’t Black And White

Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.

Why Your Approach To Cybersecurity May Require Shifting Your Mindset

Leaders must redefine the concept of a strong cyber posture and relegate event-based security to its rightful place — as an inferior approach to managing cyber risks and threats.

Trump’s New Intelligence Chief Spells Trouble

John Ratcliffe is the least-qualified director of national intelligence in history—and a staunch partisan as well.