Author Archives: Help Net Security

GDPR: It’s an issue of transparency

The General Data Protection Regulation (GDPR) has been on the lips of security professionals for a long time now – but in just over a month, it will become a reality. While it is easy to get stuck with reviewing the potential fines or setting up efficient security procedures to ensure compliance, many are still overlooking what is at the heart of the regulation: transparency. Getting the bigger picture It goes without saying that transparency … More

The post GDPR: It’s an issue of transparency appeared first on Help Net Security.

Most dangerous attack techniques, and what’s coming next

Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More

The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security.

IT workforce increasingly overworked and stressed out

45% of IT workers are feeling the pressure of strained technology operations and suffer regular stress in their jobs, according to Chess Cybersecurity. IT staff who said they were stressed out indicated the following: 59% work more than 45 hours a week, 20% more than the ONS’s stated national average of 37.1 hours, hinting at a chronic overworking problem in the sector Six out of 10 lack the resources to do their jobs well Almost … More

The post IT workforce increasingly overworked and stressed out appeared first on Help Net Security.

Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018

Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. Real-time detection of consumer IoT devices participating in DDoS attacks Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of … More

The post Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018 appeared first on Help Net Security.

Energy security pros worry about catastrophic failure due to cyberattacks

70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown. Of the 151 IT and operational technology (OT) security pros at energy and oil and gas companies that were polled, 97 percent are concerned that attacks could cause operational shutdowns, and 96 percent believe they could impact the safety of their employees. Respondents were also asked about their organizations’ … More

The post Energy security pros worry about catastrophic failure due to cyberattacks appeared first on Help Net Security.

Customized IOCs, intelligence and SOC automation for orgs of every size

CrowdStrike announced at RSA Conference 2018 that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X. The output of this analysis is a combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X produces IOCs for both the threat that was actually encountered in your organization and … More

The post Customized IOCs, intelligence and SOC automation for orgs of every size appeared first on Help Net Security.

Identity-as-a-Service for hybrid customer environments

OneLogin is showcasing enhancements to its Identity-as-a-Service (IDaaS) cloud platform, including the OneLogin Desktop experience, LDAP, and RADIUS capabilities, at RSA Conference 2018, in continued efforts to serve the sophisticated Access Management needs of modern enterprises. As customers digitally transform, OneLogin makes it simpler and safer for organizations to access the apps and data they need anytime, anywhere. OneLogin’s Unified Access Management Platform (UAM) is purpose-built for hybrid customer environments, allowing companies of any size … More

The post Identity-as-a-Service for hybrid customer environments appeared first on Help Net Security.

Organizations are becoming more resilient to focused cyber attacks

Accenture has polled 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. The survey has shown that, while the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months (232 vs 106), organizations are demonstrating far more success in detecting and blocking them. They are now preventing 87 percent of all focused … More

The post Organizations are becoming more resilient to focused cyber attacks appeared first on Help Net Security.

Stealth network traffic analysis appliance automates defense actions

LookingGlass Cyber Solutions announced at RSA Conference 2018 the general availability of the LookingGlass IRD-100 (Intelligence Response and Deception) security appliance. This fully programmable, custom stealth hardware is invisible to adversaries’ view of corporate and government networks. Designed to run in-line with low latency, the appliance creates a new point of control by using real-time traffic analysis. Performing these actions invisibly at line speeds across enterprise networks is made possible by the IRD-100’s unique Titan … More

The post Stealth network traffic analysis appliance automates defense actions appeared first on Help Net Security.

Open-source library for improving security of AI systems

IBM researchers have created the Adversarial Robustness Toolbox, an open-source library to help researchers improve the defenses of real-world AI systems. Attacks against neural networks have recently been flagged as one of the biggest dangers in our modern world where AI systems are increasingly getting embedded in many technologies we use and depend on daily. Adversaries can sometimes tamper with them even if they don’t know much about them, and “breaking” the system could result … More

The post Open-source library for improving security of AI systems appeared first on Help Net Security.

Infrastructure-agnostic web app protection with virtual patching option

Signal Sciences announced the latest innovations for its Web Protection Platform. Its patented architecture provides security, operations and development teams with the visibility, security and scalability needed to protect against the full spectrum of threats their web applications now face, from OWASP Top 10 to account takeovers, API misuse and bots. Signal Sciences works across any architecture, providing the broadest coverage against real threats and attack scenarios as well as integrations into DevOps tools that … More

The post Infrastructure-agnostic web app protection with virtual patching option appeared first on Help Net Security.

Cryptominers displace ransomware as the number one threat

During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware as the number one threat, Comodo’s Global Malware Report Q1 2018 has found. Another surprising finding: Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin. The surge of cryptominers For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users’ computers to mine cryptocurrencies for the attacker’s profit while remaining hidden … More

The post Cryptominers displace ransomware as the number one threat appeared first on Help Net Security.

Top tech firms pledge not to help governments launch cyberattacks

34 global technology and security companies have pledged not to aid governments launch cyberattacks and to protect all customers regardless of nationality, geography or attack motivation. The Cybersecurity Tech Accord The Cybersecurity Tech Accord is a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, Datastax, Dell, DocuSign, Facebook, … More

The post Top tech firms pledge not to help governments launch cyberattacks appeared first on Help Net Security.

Photo gallery: RSA Conference 2018 Innovation Sandbox

The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Innovation Sandbox, where the 10 finalists – Acalvio Technologies, Awake Security, BigID, BluVector, CyberGRX, Fortanix, Hysolate, ReFirm Labs, ShieldX Networks, and StackRox – demonstrated their technology to conference attendees as well as a judging panel. This year’s winner is BigID.

The post Photo gallery: RSA Conference 2018 Innovation Sandbox appeared first on Help Net Security.

Anomali collaborates with Microsoft to integrate threat data

Threat management solutions provider Anomali announced a collaboration with Microsoft to integrate threat intelligence from the Anomali ThreatStream platform with the security insights customers can obtain from the new Microsoft Graph security API. The collaboration provides Microsoft and Anomali customers with the ability to correlate cloud service and network activity with adversary threat information. As the work progresses, the integration will provide a complete view of asset and user information from Graph providers allowing for … More

The post Anomali collaborates with Microsoft to integrate threat data appeared first on Help Net Security.

Photo gallery: CIO/CISO Interchange inaugural event

CIO/CISO Interchange, a new non-profit, non-commercial organization co-founded by Philippe Courtot, Chairman & CEO, Qualys, and the Cloud Security Alliance (CSA) was launched during RSA Conference 2018. The CIO/CISO Interchange is a private, invitation-only forum for discussions, debates and exchanges between CIOs, CTOs, CISOs and security experts centered around securing the digital transformation. There are no product pitches and no sales personnel, just frank talk on important security issues to help CXOs secure the digital … More

The post Photo gallery: CIO/CISO Interchange inaugural event appeared first on Help Net Security.

Distributed security event correlation solution helps SOCs combat cyber-attacks

Micro Focus announced ArcSight Enterprise Security Manager (ESM) 7.0, the latest release of its solution that prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks. Micro Focus ArcSight ESM 7.0 enables security operations centers (SOCs) to become agile, expand their cyber security footprint and respond quickly to evolving threats. By collecting, correlating, and reporting security event information at a massive scale (up to 100,000 correlated events per … More

The post Distributed security event correlation solution helps SOCs combat cyber-attacks appeared first on Help Net Security.

Cisco announces new endpoint and email security services

To combat the rise of advanced threats targeting employees, Cisco is announcing new email security services at RSA Conference 2018, to protect users from fraudulent emails, as well as new capabilities to protect employees’ devices from ransomware, cryptomining, and fileless malware. Endpoint protection Nearly all endpoint security solutions on the market claim to block 99 percent of malware. But what about the one percent of threats that evade detection using sophisticated techniques? Cisco Advanced Malware … More

The post Cisco announces new endpoint and email security services appeared first on Help Net Security.

BigID is this year’s most innovative startup at RSA Conference

BigID was named “Most Innovative Startup” at the 2018 RSA Conference Innovation Sandbox Contest. A judging panel comprised of venture capitalists, entrepreneurs and industry veterans selected BigID from a group of 10 finalists and announced the winner at RSA Conference 2018. Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale. Using BigID, enterprises can better safeguard … More

The post BigID is this year’s most innovative startup at RSA Conference appeared first on Help Net Security.

Most US consumers don’t trust companies to keep their data private

While a majority of the US public sees companies’ ability to keep data private as absolutely key, it has little trust in companies to do so. In fact, only 20 percent of them “completely trust” organizations they interact with to maintain the privacy of their data, the results of a recent survey have shown. They are also much more worried about hackers accessing their data than companies using it for purposes they have not agreed … More

The post Most US consumers don’t trust companies to keep their data private appeared first on Help Net Security.

Passwordless enterprise authentication on Windows 10 and Azure AD

Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get … More

The post Passwordless enterprise authentication on Windows 10 and Azure AD appeared first on Help Net Security.

Devs know application security is important, but have no time for it

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More

The post Devs know application security is important, but have no time for it appeared first on Help Net Security.

Enterprise-grade security for midmarket organizations

To simplify how customers protect their organizations, FireEye is launching three core subscription solutions plus one comprehensive suite at RSA Conference 2018. FireEye Endpoint Security is designed to provide comprehensive defense on the endpoint, combining endpoint protection to stop common malware and endpoint detection and remediation to find, block and remove advanced targeted attacks. FireEye Network Security is designed to protect against all types of threats, from commodity breaches to the most advanced, targeted attacks, … More

The post Enterprise-grade security for midmarket organizations appeared first on Help Net Security.

Qualys brings web application security to DevOps

Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production. Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder. New functionality Qualys WAS 6.0 and new capabilities include: … More

The post Qualys brings web application security to DevOps appeared first on Help Net Security.

Third-party and insider threats one of the biggest concerns to IT pros

External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% … More

The post Third-party and insider threats one of the biggest concerns to IT pros appeared first on Help Net Security.

Free Qualys services give orgs visibility of their digital certs and cloud assets

Qualys announced two new free groundbreaking services: CertView and CloudView. Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance. Qualys CertView CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and … More

The post Free Qualys services give orgs visibility of their digital certs and cloud assets appeared first on Help Net Security.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

MinerEye introduces AI-powered Data Tracker

MinerEye is launching MinerEye Data Tracker, an AI-powered governance and data protection solution that will enable companies to continuously identify, organize, track and protect vast information assets including undermanaged, unstructured and dark data for safe and compliant cloud migration. Most data tracking and classification technologies categorize data based on descriptive elements such as file size, type, name and location. MinerEye dives deeply into the basic data form to its essence – to uncover and categorize … More

The post MinerEye introduces AI-powered Data Tracker appeared first on Help Net Security.

Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance

Here’s an overview of some of last week’s most interesting news and articles: One in 10 C-level execs say GDPR will cost them over $1 million Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown. Researchers use power … More

The post Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance appeared first on Help Net Security.

Onapsis raises $31 million Series C funding for ERP cybersecurity

Onapsis, the global experts in business-critical application cybersecurity and compliance, today announced a $31 million Series C minority funding round led by new investor LLR Partners, with participation from existing institutional investors .406 Ventures, Evolution Equity Partners and Arsenal Venture Partners. This marks the largest single round of funding in the company’s history, bringing the total investment in Onapsis to $62 million. David Stienes, Partner at LLR Partners, will join the company’s board of directors. … More

The post Onapsis raises $31 million Series C funding for ERP cybersecurity appeared first on Help Net Security.

RSA Conference 2018 AdvancedU expands security education to new audiences

RSA Conference is known among CTOs, CISOs and information security professionals as the place where the world talks security. What started as a small cryptography conference in the early 1990s now brings close to 45,000 attendees together in San Francisco each year. But as the conference expands, so does its influence among new audiences – spanning beyond the security C-Suite and reaching students, parents and educators and infosec professionals at all stages of their careers. … More

The post RSA Conference 2018 AdvancedU expands security education to new audiences appeared first on Help Net Security.

What’s your security story? How to use security as a sales tool

Positioning security as a value-add to the business rather than a necessary evil is a challenge for many organizations. Since the dawn of enterprise computing, information security has generally been seen as a purely technical function. Did the new two-factor authentication setting lock the sales team out of the system in the middle of a demo? Too bad. The “S” in “IS” is for security, not sales. Security teams often believe that their job is … More

The post What’s your security story? How to use security as a sales tool appeared first on Help Net Security.

Absolute debuts GDPR data risk assessment

Absolute announced new GDPR Data Risk and Endpoint Readiness Assessments to accelerate compliance with the impending General Data Protection Regulation (GDPR). These comprehensive assessments empower organizations to accelerate GDPR compliance programs by pinpointing vulnerable endpoints and at-risk data — on and off the corporate network. Absolute’s new assessments offer deep insights and actionable recommendations to better protect and manage endpoints, where sensitive data might be accessed, stored or shared. Increasingly sophisticated security incidents and escalating … More

The post Absolute debuts GDPR data risk assessment appeared first on Help Net Security.

Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation

Illumio announced new global vulnerability mapping capabilities on its Adaptive Security Platform. Vulnerability and threat data from the Qualys Cloud Platform is integrated with Illumio application dependency mapping to show potential attack paths in real time. Automated vulnerability-based policy recommendations: mitigate vulnerabilities without breaking your application. The integration between the Qualys Cloud Platform and Illumio delivers vulnerability maps, enabling organizations to see connections to vulnerabilities within and between applications. This new capability also includes an … More

The post Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation appeared first on Help Net Security.

Key obstacles in enterprise security budgeting

IANS released its latest findings on budget-related best practices for information security leaders to consistently command the budget and resources they need. “It’s part of the CISO’s job to transition from unsupported to being fully supported, but that can only be done when the stage has been properly set within an organization,” said Doug Graham, CSO at Nuance Communications. “This research report from IANS goes beyond the numbers and uncovers some of the underlying and … More

The post Key obstacles in enterprise security budgeting appeared first on Help Net Security.

2.6 billion records were stolen, lost or exposed worldwide in 2017

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Over the past five years, nearly 10 billion records have been lost, stolen … More

The post 2.6 billion records were stolen, lost or exposed worldwide in 2017 appeared first on Help Net Security.

Many businesses struggling to meet GDPR deadline

IT decision makers across the U.S., UK, France, and Germany are still missing an opportunity to transform their business through a holistic data management approach that reduces risk and improves business efficiency. For nearly two years, most organizations have lagged in addressing their GDPR compliance, and in some cases are ignoring the issue completely. In doing so, they are ignoring the benefits to be gained from the compliance effort, including developing a data-centric approach to … More

The post Many businesses struggling to meet GDPR deadline appeared first on Help Net Security.

Capsule8 introduces Linux workload attack detection platform

Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments. As organizations modernize their production infrastructure with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux environments such as bare metal and virtual infrastructures are also up against inadequate protection due to low visibility and … More

The post Capsule8 introduces Linux workload attack detection platform appeared first on Help Net Security.

Qualys at RSA Conference 2018: Best practices presentations from industry leaders

There will be no lack of interesting content from Qualys at this year’s RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations. Visit Qualys at Booth N3815 to hear best practices presentations from industry leaders. Monday, April 16 5:10 – 5:35 PM Continuous Security and Visibility of Your Complete Public Cloud Infrastructure Hari Srinivasan, Director of Product Management, Qualys Learn how to extend continuous cloud … More

The post Qualys at RSA Conference 2018: Best practices presentations from industry leaders appeared first on Help Net Security.

Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018

Fortanix been selected to present in the session Protecting Containers from Host-Level Attacks at RSA Conference 2018 next week. CEO and Co-Founder Ambuj Kumar will join renowned cryptography expert Benjamin Jun, CEO of HVF Labs, and Docker Security Lead David Lawrence in the session that describes how Runtime Encryption and Intel SGX keep a container encrypted during runtime to protect data in use from host OS, root users and network intruders, even if the infrastructure … More

The post Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018 appeared first on Help Net Security.

ThreatQ Investigations: Cybersecurity situation room accelerates security operations

ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response. ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response. The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, … More

The post ThreatQ Investigations: Cybersecurity situation room accelerates security operations appeared first on Help Net Security.

FIDO2: Authenticate easily with phishing-resistant security

The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world. The W3C has advanced Web Authentication (WebAuthn), a collaborative effort based on Web API specifications submitted by FIDO to the W3C, to the Candidate Recommendation (CR) stage. The CR is the product of the Web Authentication Working Group, which is comprised of representatives from … More

The post FIDO2: Authenticate easily with phishing-resistant security appeared first on Help Net Security.

How many can detect a major cybersecurity incident within an hour?

Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm. Average time to detect a major cybersecurity incident The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the U.S., U.K. and Asia-Pacific, also revealed that a majority … More

The post How many can detect a major cybersecurity incident within an hour? appeared first on Help Net Security.

Organizations want to leverage the cloud but are held back by security misconceptions

iboss has published the findings of its 2018 Enterprise Cloud Trends report. The survey of IT decision makers and office workers in U.S. enterprises found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities. Combined with growing pressures from shadow IT and mobile employees, 91% of IT decision makers agree they need to update security policies to operate in a cloud-first environment. … More

The post Organizations want to leverage the cloud but are held back by security misconceptions appeared first on Help Net Security.

Major uptick in mobile phishing URL click rate

In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. “Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said Aaron Cockerill, chief strategy officer at Lookout. “Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, … More

The post Major uptick in mobile phishing URL click rate appeared first on Help Net Security.

Cryptshare brings its secure communication and privacy solution to U.S. market

Cryptshare, a German-based maker of data security and privacy solutions for the exchange of business-critical information, today announced its expanded presence in the U.S. market and new QUICK technology used to simplify the exchange of passwords used to protect encrypted files. Cryptshare will demo a beta version of the patent-pending technology at the RSA Conference, April 16-20 in San Francisco, where the company is a co-exhibitor with TeleTrusT in the German Pavilion, booth 3927/20. The … More

The post Cryptshare brings its secure communication and privacy solution to U.S. market appeared first on Help Net Security.

Steps executives are taking to increase security while launching new ways to pay

More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data, “2018 Global Payments Insight Survey: Bill Pay Services,” from ACI Worldwide and Ovum. The benchmark, comprised of responses from executives at billing organizations such as consumer finance, healthcare and higher education, also revealed that over 70 percent of organizations that … More

The post Steps executives are taking to increase security while launching new ways to pay appeared first on Help Net Security.

Global IT spending to grow 6.2% in 2018

Worldwide IT spending is projected to total $3.7 trillion in 2018, an increase of 6.2 percent from 2017, according to the latest forecast by Gartner. “Although global IT spending is forecast to grow 6.2 percent this year, the declining U.S. dollar has caused currency tailwinds, which are the main reason for this strong growth,” said John-David Lovelock, research vice president at Gartner. “This is the highest annual growth rate that Gartner has forecast since 2007 … More

The post Global IT spending to grow 6.2% in 2018 appeared first on Help Net Security.

The eternal struggle: Security versus users

There’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be protected from themselves. (As a side note, my mom always hated when we computer folk referred to their customers as … More

The post The eternal struggle: Security versus users appeared first on Help Net Security.

April Patch Tuesday forecast: Expect updates for Adobe Flash, others

Springtime is here! Although up here in Minnesota you wouldn’t believe it as we received snowfalls that rivaled anything in the past 34 years! As spring arrives you think of all the things you need to do. Start packing up the shovels and snow blowers (except here where we may get a little bit more snow yet). Tune up the lawn mower and break out the yard gear. Given some recent cyber threats you may … More

The post April Patch Tuesday forecast: Expect updates for Adobe Flash, others appeared first on Help Net Security.

Week in review: Critical flaw in Cisco switches, Saks breach, closing the security update gap

Here’s an overview of some of last week’s most interesting news and articles: Establishing covert communication channels by abusing GSM AT commands Security research often starts as a hobby project, and Alfonso Muñoz’s and Jorge Cuadrado’s probe into mobile privacy is no exception. The duo, who’s scheduled to reveal the results of their research at the Hack in the Box Conference in Amsterdam, ended up finding a way to establishing covert communication channels over GSM … More

The post Week in review: Critical flaw in Cisco switches, Saks breach, closing the security update gap appeared first on Help Net Security.

Security teams are under resourced, overwhelmed by attackers

A new report conducted by the Ponemon Institute uncovered security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they won’t improve their security posture if they don’t fix broken patching processes. Firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. The study found … More

The post Security teams are under resourced, overwhelmed by attackers appeared first on Help Net Security.

IT audit best practices: Technological changes give rise to new risks

IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a benchmarking study from Protiviti and ISACA. To whom within the organization does your IT audit director report? The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for … More

The post IT audit best practices: Technological changes give rise to new risks appeared first on Help Net Security.

Cyber attacks are becoming more organized and structured

Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. North America and retail … More

The post Cyber attacks are becoming more organized and structured appeared first on Help Net Security.

Inbox placement improving, spam placement remains the same

The global trend of delivery data increased over the last eight quarters, with a growth of 4 percent inbox placement, according to 250ok. Missing emails saw a decrease of 5 percent, while spam folder placement remains rather stable with less than 1 percent change. Of the global seed accounts 250ok studied, Canada was the only country with a dip in email deliverability, as the 3-year transition period for Canada’s Anti-Spam Legislation (CASL) came to an … More

The post Inbox placement improving, spam placement remains the same appeared first on Help Net Security.

Fewer records breached: Cybercriminals focus on ransomware, destructive attacks

According to the 2018 IBM X-Force Threat Intelligence Index, the number of records breached dropped nearly 25 percent in 2017, as cybercriminals shifted their focus on launching ransomware and destructive attacks that lock or destruct data unless the victim pays a ransom. Last year, more than 2.9 billion records were reported breached, down from 4 billion disclosed in 2016. While the number of records breached was still significant, ransomware reigned in 2017 as attacks such … More

The post Fewer records breached: Cybercriminals focus on ransomware, destructive attacks appeared first on Help Net Security.

What’s new at RSAC 2018?

With the most significant global information security event just around the corner, we caught up with Sandra Toms, VP and Curator, RSA Conference, to find out what attendees can expect in San Francisco, April 16-20, 2018. What is new at RSA Conference this year that you’d like to highlight? One exciting thing we’re introducing this year is Broadcast Alley, which you could consider the “unofficial newsroom” of RSAC 2018. Publishers, sponsors, partners and exhibitors can … More

The post What’s new at RSAC 2018? appeared first on Help Net Security.

How critical infrastructure operators rate their security controls

Indegy revealed that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months. “We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, … More

The post How critical infrastructure operators rate their security controls appeared first on Help Net Security.

Would automation lead to improved cybersecurity?

Concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game, according to McAfee. Which of the below areas of the cybersecurity process is your organization using automation in? The landscape for cyberthreats is growing, both in complexity and volume. According to the report, 46 percent of respondents believe that in the next year they will either struggle to … More

The post Would automation lead to improved cybersecurity? appeared first on Help Net Security.

How companies continue to expose sensitive data to threats

A new study from the Varonis Data Lab found that on average, 21% of a company’s folders were accessible to every employee, and 41% of companies had at least 1,000 sensitive files open to all employees. The report, based on analysis of data risk assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, shines a spotlight on several issues that put organizations at risk from data breaches, insider threats … More

The post How companies continue to expose sensitive data to threats appeared first on Help Net Security.

Industry leaders struggle to balance digital innovation and security

Companies are struggling with the tug-of-war between advancing digital innovation and ensuring secure digital experiences that maintain user trust and mitigate risk. As part of a study of more than 350 global information technology leaders conducted by Forrester Consulting for Akamai, the results also show that the companies defined as being the most digitally mature – best balancing innovation and security – grow faster than their competitors. Digital innovation sits at the helm of today’s … More

The post Industry leaders struggle to balance digital innovation and security appeared first on Help Net Security.

How safe is your personal information?

Another day, another data breach. Recent news about cybercriminals obtaining more than 5 million credit card numbers from high-end U.S. retailers joined a series of major hacks and online data breaches. Unfortunately, the frequency of attacks on Americans’ personal information has fostered a feeling of inevitability. In fact, according to results released today from a telephone survey conducted by The Harris Poll for the American Institute of CPAs (AICPA) of 1,006 Americans adults in the … More

The post How safe is your personal information? appeared first on Help Net Security.

Report: What two years of real pen testing findings will tell you

The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests Cobalt performed in 2017. Additionally, they provide data (Portfolio Coverage, Pen Test Frequency) from 75 survey respondents in security, management, operations, DevOps, product, and developer roles. Industry thought-leaders Caroline Wong and Mike Shema offer guidance on pen testing metrics that adds functional value for infosec practitioners. Key takeaways: Proven methods to … More

The post Report: What two years of real pen testing findings will tell you appeared first on Help Net Security.

Are legacy technologies a threat to EU’s telecom infrastructure?

Telecommunications is a key infrastructure based on how our society works. It constitutes the main instrument that allows our democracy and our EU core values such as freedom, equality, rule of law and human rights to function properly. Common types of attacks There are currently over 5 billion unique mobile subscribers and over 2000 mobile operators worldwide. In Europe, we have 456 million unique mobile subscribers, which is equivalent to 84% of the population. Mobile … More

The post Are legacy technologies a threat to EU’s telecom infrastructure? appeared first on Help Net Security.

Most healthcare pros believe their organizations adequately protect patient data

Most of the healthcare professionals polled remain confident regarding their own organization’s cyber security protocols despite apprehensions connected with their own healthcare information and general healthcare infrastructure, according to a Venafi survey querying 122 healthcare professionals at the HIMSS18 conference in Las Vegas. In fact, seventy-nine percent said they are concerned about the cyber security of their own healthcare information. At the same time, sixty-eight percent believe their organizations are doing enough to adequately protect … More

The post Most healthcare pros believe their organizations adequately protect patient data appeared first on Help Net Security.

Secure software development practices for developers, organizations and technology users

SAFECode announced today the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition). The authoritative best practices guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their software assurance programs and encourage the industry-wide adoption of fundamental secure development practices. The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and … More

The post Secure software development practices for developers, organizations and technology users appeared first on Help Net Security.

RSAC onDemand: A new way to experience RSA Conference

RSA Conference announced the addition of RSAC onDemand to its RSAC AdvancedU education program. AdvancedU at RSA Conference is a series of programs that teaches cyber-awareness for children, provides outreach to college students to introduce and encourage a career in information security and supports education throughout the various stages of a career within the industry. The new RSAC onDemand program will provide participants the RSA Conference experience without leaving their home or office. Those who … More

The post RSAC onDemand: A new way to experience RSA Conference appeared first on Help Net Security.

Week in review: Hacking intelligent buildings, trust in critical systems under attack

Here’s an overview of some of last week’s most interesting news and articles: The current state of USB data protection The vast majority of employees rely on USB devices. In fact, nine out of 10 employees rely on USB devices today and 69 percent of respondents maintain that USB drives increase workplace productivity. Macro-less word document attacks on the rise Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft … More

The post Week in review: Hacking intelligent buildings, trust in critical systems under attack appeared first on Help Net Security.

Are there too many cybersecurity companies?

The most potent global threat in 2018 may not be armed conflict or civil unrest, but cybersecurity. While cybersecurity awareness has increased with high profile breaches in recent years, the core problem remains of how industries can protect themselves and their customers when so much of our interaction has gone digital. Here are some predictions for the challenges companies may face in 2018: There are too many security vendors, and many of them will go … More

The post Are there too many cybersecurity companies? appeared first on Help Net Security.

Crypto mining runs rampant in higher education: Is it students?

The higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors, according to Vectra. The Attacker Behavior Industry Report reveals cyberattack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform, across 14 different industries. From September 2017 through January 2018, Vectra monitored traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. By analyzing this … More

The post Crypto mining runs rampant in higher education: Is it students? appeared first on Help Net Security.

Macro-less word document attacks on the rise

WatchGuard released its Internet Security Report for Q4 2017. Among the report’s most notable findings, threat intelligence showed that total malware attacks are up by 33 percent, and that cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads. “After a full year of collecting and analyzing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” … More

The post Macro-less word document attacks on the rise appeared first on Help Net Security.

The current state of USB data protection

Data protection, whether related to personal customer or patient information, is critical across virtually all industries. So how can organizations best protect their most sensitive and confidential information? To answer this question, Apricorn surveyed more than 400 employees in September 2017, ranging in ages from 18 to 65 across numerous industries that included education, finance, government, healthcare, legal, retail and manufacturing. Among other things, the survey revealed that while USB drives are ubiquitous and widely … More

The post The current state of USB data protection appeared first on Help Net Security.

Worldwide spending on security solutions to reach $91 billion in 2018

Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. According to IDC, worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 10.0% over the … More

The post Worldwide spending on security solutions to reach $91 billion in 2018 appeared first on Help Net Security.

20 hackers arrested in EUR 1 million banking phishing scam

A two-year long cybercrime investigation between the Romanian National Police and the Italian National Police, with the support of Europol, its Joint Cybercrime Action Taskforce (J-CAT) and Eurojust, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March. 9 individuals in Romania and 11 in Italy remain in custody over a banking fraud netted EUR 1 million from hundreds of customers of 2 major banking institutions. The Romanian … More

The post 20 hackers arrested in EUR 1 million banking phishing scam appeared first on Help Net Security.

Businesses suspect their mobile workers are being hacked

More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018. Overall, 81% of respondents said they had seen Wi-Fi related security incidents in the last 12 months, with cafés and coffee shops (62%) ranked as the venues where such incidents had occurred most. That was closely followed by airports (60%) and hotels (52%), … More

The post Businesses suspect their mobile workers are being hacked appeared first on Help Net Security.

Consumers worry that small privacy invasions may lead to a loss of civil rights

A new report by The Economist Intelligence Unit (EIU) shows that consumers around the world perceive wide ranging risks in how their personal information is collected and shared with third parties. They want greater transparency and control, as well as commitments from government and industry to protect privacy. Large shares of the consumers surveyed indicate a host of concerns related to the collection and transmission of their personal information. These range from identity theft to … More

The post Consumers worry that small privacy invasions may lead to a loss of civil rights appeared first on Help Net Security.

Compliance functions make a turn towards innovation-fueled strategies

Faced with growing threats of ‘industry shocks’ such as cyber fraud, cryptocurrency, quantum computing and open banking, financial institutions expect to increase their compliance investments over the next two years as they seek new approaches to strengthening compliance capabilities, according to a new report from Accenture. Compliance investments increase Based on a survey of 150 compliance executives at financial services institutions, Accenture’s fifth annual compliance risk report, “Comply and Demand,” found that 89 percent of … More

The post Compliance functions make a turn towards innovation-fueled strategies appeared first on Help Net Security.

Organizations blame legacy antivirus protection for failed ransomware prevention

More than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack, according to SentinelOne. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections. AV fails to foil ransomware Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful … More

The post Organizations blame legacy antivirus protection for failed ransomware prevention appeared first on Help Net Security.

You can’t hide from this top trend at RSA Conference, no matter where you operate

Every year, there are certain buzzwords and trends that rise to popularity within the technology community. In years prior, it’s been things like “cloud,” “bitcoin,” or “IoT,” that set the trend. So it’s no surprise when those words fill the agenda at major events like RSA Conference. Leaving us to wonder what the trending topics will be at RSAC 2018, taking place April 16-20 in San Francisco. But, lucky for us, that’s exactly what one … More

The post You can’t hide from this top trend at RSA Conference, no matter where you operate appeared first on Help Net Security.

Using deception to gain enterprise IoT attack visibility

The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus implement strong encryption for communications. Also, having IoT devices connected to standard PC platforms is not advised given endpoints are often the foothold in most attacks. Case in point with … More

The post Using deception to gain enterprise IoT attack visibility appeared first on Help Net Security.

Analysis of 560 incidents demonstrates need for cyber resilience

Many entities face the same types of security incidents – some are viewed as handling the incident well, and for some it’s a disruptive and costly lesson. The ones that fare better have prepared for an incident and use lessons-learned from prior incidents. Recognizing that entities need a source of reliable information on what actually happens during an incident, the BakerHostetler Privacy and Data Protection team published the 2018 edition of its Data Security Incident … More

The post Analysis of 560 incidents demonstrates need for cyber resilience appeared first on Help Net Security.

Bad bot traffic increases, gambling and airlines most targeted industries

Distil Networks analyzed hundreds of billions of bad bot requests at the application layer to provide insight and guidance on the nature and impact of automated threats in 2017. Bad bots are up from last year “This year bots took over public conversation, as the FBI continues its investigation into Russia’s involvement in the 2016 U.S. presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks. “Yet, … More

The post Bad bot traffic increases, gambling and airlines most targeted industries appeared first on Help Net Security.

New coalition aims to advance cybersecurity across sectors, around the world

Six global organizations have joined together to launch The Coalition to Reduce Cyber Risk (CR²). CR² members, including AT&T, Cisco, HSBC, JPMorgan Chase, Mastercard and Microsoft will partner with each other and governments to advance cyber risk management to strengthen the resilience of economies and infrastructure around the world. “In today’s global, interdependent economy, improving cybersecurity requires organizations to work not only within their enterprise but also with partners, customers, and governments,” said Tom Burt, … More

The post New coalition aims to advance cybersecurity across sectors, around the world appeared first on Help Net Security.

IoT device management market size worth $5.1 billion by 2025

The global IoT device management market size is anticipated to reach USD 5.1 billion by 2025, according to a new report by Grand View Research, exhibiting a 28.3% CAGR during the forecast period. Growing demand for IoT services, need for digitalization, and increasing penetration of communication and networking technologies are expected to drive the market over the coming years. In the past few years, the industry has witnessed increasing investments in R&D activities for development … More

The post IoT device management market size worth $5.1 billion by 2025 appeared first on Help Net Security.

Axonius goes retro to see and secure all devices

Just 6 months after its seed funding, Axonius today announced the general availability of its Cybersecurity Asset Management Platform to enable customers to see and secure all devices. With over 100,000 devices already managed at early customers worldwide, today’s announcement marks the official availability of the platform in advance of RSA Conference 2018 held in San Francisco. “We started this company to solve a very specific, acute problem – fragmentation,” said Dean Sysman, CEO and … More

The post Axonius goes retro to see and secure all devices appeared first on Help Net Security.

Third-party IoT risk management not a priority

With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks. Has your organization experienced a data breach or cyber attack caused by unsecured IoT devices or applications in the past 12 months? This year’s … More

The post Third-party IoT risk management not a priority appeared first on Help Net Security.

Digital innovation held back as IT teams firefight security threats

43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the GDPR comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services. The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts … More

The post Digital innovation held back as IT teams firefight security threats appeared first on Help Net Security.

Like any threat, malware evolves: Discover new trends

Cofense released the 2018 Cofense Malware Review, detailing the trends that defined malware attacks in 2017 and the emerging trends for network defenders to prioritize in 2018. While a couple of high profile breaches stole the spotlight in 2017, Cofense’s global security team uncovered a number of less visible evolutions that dramatically changed the threat landscape and continue to pose threats. Malicious actors demonstrated how quickly they could exploit recently disclosed vulnerabilities, change how they … More

The post Like any threat, malware evolves: Discover new trends appeared first on Help Net Security.

RSA Conference announces 2018 keynote speakers

RSA Conference, the world’s leading information security conferences and expositions, today announces its full line-up of keynote speakers for the 2018 Conference, which begins Monday, April 16th and runs through Friday, April 20th at the Moscone Center in San Francisco, CA. Keynote speakers at this year’s Conference will bring forward-thinking stories to the keynote stage on a wide variety of industry-relevant topics including artificial intelligence, cyber bullying, gamification, the history of technology and innovation, among … More

The post RSA Conference announces 2018 keynote speakers appeared first on Help Net Security.

How Facebook’s data issue is a lesson for everyone

The headlines have been dominated by the recent news around Facebook, Cambridge Analytica and the misuse of customer data. The impact of these revelations has led to millions being wiped off Facebook’s share price and an ongoing investigation into the incident. With just two months left until the General Data Protection Regulation (GDPR) comes into effect, this scandal could not be timelier. The ongoing discussions around Facebook’s use of customer data are a clear reminder … More

The post How Facebook’s data issue is a lesson for everyone appeared first on Help Net Security.

Businesses know breaches are happening, but do they know how, why and when?

Nearly four in five companies (79%) were hit by a breach in the last year, according to Balabit. Their research also revealed that 68% businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months. The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security … More

The post Businesses know breaches are happening, but do they know how, why and when? appeared first on Help Net Security.

Phishing, malware, and cryptojacking continue to increase in sophistication

Attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products. The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence. Cryptojacking is gaining traction as a profitable and … More

The post Phishing, malware, and cryptojacking continue to increase in sophistication appeared first on Help Net Security.

Experiences and attitudes towards cloud-specific security capabilities

Dimensional research conducted a survey of IT professionals responsible for cloud environments. The survey, which is comprised of data collected from over 600 respondents from around the world, provides an overview of experiences and attitudes in regards to cloud security. In your opinion, how does the overall security posture for your company’s cloud services compare to your on-premises security? The cloud is redefining the role of the firewall An overwhelming 83 percent of respondents have … More

The post Experiences and attitudes towards cloud-specific security capabilities appeared first on Help Net Security.

Week in review: PKI and IoT, Facebook’s trust crisis, understanding email fraud

Here’s an overview of some of last week’s most interesting news and articles: Top cybersecurity evasion and exfiltration techniques used by attackers SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. Malware leverages web injects to empty users’ cryptocurrency accounts Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with … More

The post Week in review: PKI and IoT, Facebook’s trust crisis, understanding email fraud appeared first on Help Net Security.

1 in 10 targeted attack groups use malware designed to disrupt

Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec’s Internet Security Threat Report (ISTR), Volume 23. “Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and COO, Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coinminers siphoning resources from their systems, further motivating criminals to … More

The post 1 in 10 targeted attack groups use malware designed to disrupt appeared first on Help Net Security.

Top cybersecurity evasion and exfiltration techniques used by attackers

SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. During the past year, SS8 sensors and analytics deployed globally within live production networks have detected a variety of techniques used to compromise and steal data (intellectual property) from organizations in key industries spanning critical infrastructure, enterprises and telecommunications. The networks SS8 assesses exhibit the presence of the following evasion and exfiltration activity: … More

The post Top cybersecurity evasion and exfiltration techniques used by attackers appeared first on Help Net Security.

Malicious apps in app stores decrease 37 percent

Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to RiskIQ in its Q4 mobile threat landscape report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources. Listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of potentially malicious apps, the report … More

The post Malicious apps in app stores decrease 37 percent appeared first on Help Net Security.

Excessive alerts, outdated metrics, lead to over-taxed security operations centers

A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). SOCs are overwhelmed The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. As the threat landscape changes and enterprises move to adopt additional layers of defensive … More

The post Excessive alerts, outdated metrics, lead to over-taxed security operations centers appeared first on Help Net Security.