Saturday, November 17, 2018

‘DarkGate’ Campaign Targets Europeans with Multiple Payloads

A newly discovered malware campaign is targeting users in Europe with various payloads, has a reactive command and control (C&C) system and can remotely control infected machines, enSilo security researchers warn. Spreading through torrent files, the DarkGate malware can avoid...

Facebook Patches Bug that Exposed Private Information

Facebook recently addressed a vulnerability that could have allowed anyone to access private information about users and their contacts. The vulnerability, Imperva security researcher Ron Masas explains, was found in Facebook’s online search function. He discovered that the HTML code...

A Human-Centered Approach to Building a Smart, Satisfied Information Security Team

With limited personnel to manage the rising risk, the difficulty attracting, recruiting and retaining an appropriately skilled workforce has become a significant risk.  Shortfalls in skills and capabilities are manifesting as major security incidents damage organizational performance and reputation. Building...

Addressing the CISO’s Key Challenges in 2018 and Beyond with Endpoint Detection and Response

IT security leaders face more hurdles today than ever. From the growing threat landscape to the increasing regulation of the digital economy, information security officers have their work cut out for them. Research indicates that CISO responsibilities are growing faster...

Fight Fileless Malware on All Fronts

Take a unified approach: patch and protect all elements of your ecosystem to prevent new attacks. The Ponemon Institute estimates that more than half of all attacks against businesses in 2017 were fileless. Cyber criminals continue to find new, creative...

How to Protect SMBs Against Phishing Attacks via Social Engineering

Social engineering and artificial intelligence (AI) are bringing about a new golden age of hacking for criminals. They are capitalizing on common online habits of everyday people to tempt them to click on or install harmful applications – in...

DDoS Disruption: Election Attacks

In an increasingly politically and economically volatile landscape, cybercrime has become the new geopolitical tool. Attacks on political websites and critical national infrastructure services are ever more frequent not only because the tools to do these are simpler, cheaper...

Buy, Rent, or Uber Your Security Operations Center

We all know that data breaches cost a lot—an average of $3.6M per organization. For cyber criminals, everyone’s a target—and perfect prevention isn’t practical. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why...

What You Need to Know about the Recent Apache Struts Vulnerability

Researchers recently revealed a vulnerability in Apache Struts, a popular type of enterprise software. Active exploit attempts weren’t far behind. The Equifax hack that occurred roughly a year ago was due to an earlier Apache Struts vulnerability (CVE-2017-9805). The team...

Crypto-Mining Malware Attacks on iPhones Up 400%: Report

Crypto-mining malware attacks against iPhones went up 400% in the last two weeks of September, security firm Check Point notes in a new report. Crypto-mining attacks have intensified over the past couple of years, fueled by a massive surge...

Most SMBs Fold after Cyber Attacks: Here’s How to Protect Yours

Many small-to-medium businesses (SMBs) think they’re flying under the radar of cyber-attackers. But in reality, perpetrators specifically target smaller, more vulnerable businesses because of their lack of security expertise and fragile infrastructure, and because they often provide easy entryways...

How Can Businesses Protect against Phishing Attacks on Employee Smartphones?

Smartphones have become synonymous with everyday business operations, enabling employees to store important contact details, browse the web and reply to emails while on the move. However, the ubiquity of such devices has led scammers to increasingly target them...

Lessons from Cyber Essentials – Going Back to the Basics

Whether it’s phishing attacks or zero-day exploits, businesses are facing an increasing number of cyber threats every day. And when these attacks are successful, businesses can face both reputational and monetary consequences. In fact, a 2018 report from Ponemon...

Security Gets Messy: Emerging Challenges from Biometrics, New Regulations, Insiders

Over the coming years, the very foundations of today’s digital world will shake – violently. Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments.  Only...

Could a Credit-Like Security Score Save the Cyber Insurance Industry?

In the evolving world of cybersecurity, enterprises need access to cyber insurance that accurately reflects their current security posture and that covers both direct and indirect expenses. The same challenge, of course, applies to the insurers issuing the policies....
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.