Author Archives: Help Net Security

Quantum computing: The new moonshot in the cyber space race

In 2016, China launched Micius, the world’s first quantum communications enabled satellite. For some, that launch eerily echoed the launch of the Soviet Union’s Sputnik satellite in 1957, which caught the United States off guard and spurred a decades-long contest to regain and maintain global technological and military supremacy. The parallel wasn’t lost on the Chinese. Jian-Wei Pan, the lead researcher on the Micius project, hailed the start of “a worldwide quantum space race.” Indeed, … More

The post Quantum computing: The new moonshot in the cyber space race appeared first on Help Net Security.

Facebook phishing surges, Microsoft still most impersonated brand

Vade Secure published the results of its Phishers’ Favorites report for Q2 2019. According to the report, which ranks the 25 most impersonated brands in phishing attacks, Microsoft was by far the top target for the fifth straight quarter. There was also a significant uptick in Facebook phishing, as the social media giant moved up to the third spot on the list as a result of a staggering 176 percent YoY growth in phishing URLs. … More

The post Facebook phishing surges, Microsoft still most impersonated brand appeared first on Help Net Security.

New cross-industry consortium aims to accelerate confidential computing adoption

The Linux Foundation announced the intent to form the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. Companies committed to this work include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. What is confidential computing? Across industries computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move these workloads to different environments, they need protection … More

The post New cross-industry consortium aims to accelerate confidential computing adoption appeared first on Help Net Security.

Cybersecurity salary, skills, and stress survey

Exabeam is conducting an annual survey to understand skills, compensation trends and workplace trends among SOC and security analysts. All participants will receive the results of the survey. Questions include certifications, security responsibilities, compensation ranges, and perceptions around new tech like machine learning and AI. Completing the survey takes 7 minutes (less if you are a really fast reader). The results of the survey are anonymous. Prizes for participants They will randomly select 10 winners … More

The post Cybersecurity salary, skills, and stress survey appeared first on Help Net Security.

Unlocking the future of blockchain innovation with privacy-preserving technologies

The origins of blockchain as many are familiar with it today can be traced back to the Bitcoin whitepaper, first published in 2008 by Satoshi Nakamoto, which offered a vision of a new financial system underscored by cryptography and trust in code. Throughout the past decade, iterations of this technological infrastructure have gradually built out a diverse industry ecosystem, allowing for use cases that extend beyond cryptocurrencies and peer-to-peer transactions. From smart contracts to asset … More

The post Unlocking the future of blockchain innovation with privacy-preserving technologies appeared first on Help Net Security.

From SmarterChild to Siri: Why AI is the competitive advantage securing businesses

The dream of an AI-influenced world is finally here. After decades of writing about it, AI has reached a point where it’s ingrained into our daily lives. From the days of SmarterChild – for many, the AIM messenger bot was the first foray into AI – to now the ubiquitous presence of the AI-enabled digital assistant such as Siri, the vision of artificial intelligence transforming
 from sci-fi to reality has come to fruition. But instead … More

The post From SmarterChild to Siri: Why AI is the competitive advantage securing businesses appeared first on Help Net Security.

Identifying evasive threats hiding inside the network

There is no greater security risk to an organization than a threat actor that knows how to operate under the radar. Malicious insiders and external cybercriminals are getting savvier. They are better at blending in without tripping any alerts. They skip over tools and techniques that trigger standard security systems. How can a company tell them apart from the noise created by legitimate logins to the network that day? The answer lies in context. It … More

The post Identifying evasive threats hiding inside the network appeared first on Help Net Security.

Consumers care deeply about their privacy, security, and how their personal information is handled

65% of consumers are concerned with the way connected devices collect data. More than half (55%) do not trust their connected devices to protect their privacy and a similar proportion (53%) do not trust connected devices to handle their information responsibly, according to a survey by IPSOS Mori on behalf of the Internet Society and Consumers International. The survey was conducted in the United States, Canada, Japan, Australia, France and the United Kingdom. Connected devices … More

The post Consumers care deeply about their privacy, security, and how their personal information is handled appeared first on Help Net Security.

Cybercriminals targeting social media: Facebook and Instagram are becoming phishers’ favorites

Social media phishing, primarily Facebook and Instagram, saw the highest quarter- over-quarter growth of any industry with a 74.7 percent increase, according to the Vade Secure Phishers’ Favorites report for Q1 2019. While Facebook has been in the top 10 since report’s inception, Instagram cracked the top 25 for the first time, taking the #24 spot on the Phishers’ Favorites list. With the headlines about Facebook storing hundreds of millions of user passwords in plain … More

The post Cybercriminals targeting social media: Facebook and Instagram are becoming phishers’ favorites appeared first on Help Net Security.

Cybercriminals thriving on companies overlooking fundamental security requirements

IT leaders in the United States are putting business data at risk by not effectively managing employees’ passwords, according to OneLogin research. Despite the fact that 91% report they have company guidelines in place around password complexity, and 92% believe their current password protection measures and guidelines provide adequate protection for their business, the results suggest there is still a lot of work to be done. OneLogin surveyed 300 IT decision makers across the U.S. … More

The post Cybercriminals thriving on companies overlooking fundamental security requirements appeared first on Help Net Security.

60% of businesses have experienced a serious security breach in the last two years

There is an increase in security breaches and businesses still face challenges surrounding cyberattacks due to lack of IT security and operations basics. With digital transformation on the rise and technology massively outpacing policy, companies must take the lead when it comes to securing their estates. While cybersecurity has received much fanfare – with global spend predicted to exceed $1 trillion through 2021 – the biggest gaps continue to endure in plain sight. Vanson Bourne … More

The post 60% of businesses have experienced a serious security breach in the last two years appeared first on Help Net Security.

A wave of regulation is coming to the cryptocurrency economy

There is a concerning trend of cross-border crypto payments leaving U.S. exchanges and entering offshore and untraceable wallets, a CipherTrace report reveals. In the twelve months ending March 2019, crypto transfers from U.S. exchanges to offshore exchanges grew 21 points or 46 percent compared to the same period two years ago. Once these payments reach exchanges and wallets in other parts of the globe, they fall off the radar of U.S. authorities. This highlights a … More

The post A wave of regulation is coming to the cryptocurrency economy appeared first on Help Net Security.

Open source security: The risk issue is unpatched software, not open source use

Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an inflection point has been reached, with many organizations improving their ability to manage open source risk, possibly due to heightened awareness and the maturation of commercial software composition analysis solutions. The 2019 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center … More

The post Open source security: The risk issue is unpatched software, not open source use appeared first on Help Net Security.

Supply chain attacks: Mitigation and protection

In software development, a supply chain attack is typically performed by inserting malicious code into a code dependency or third-party service integration. Unlike typical cyber attacks, supply chain attacks provide two major advantages to attackers. Firstly, a single supply chain attack can target multiple companies at once (since multiple companies use the same code dependencies and third-party scripts); as such, the potential return of investment of the attack is higher. Secondly, and unlike common cyber … More

The post Supply chain attacks: Mitigation and protection appeared first on Help Net Security.

Cybercriminals continue to target intellectual property, putting brand reputation at risk

Despite improvements in combating cybercrime and threats, IT security professionals are still struggling to fully secure their organization and protect against breaches with 61 percent claiming to have experienced a data breach at their current employer, according to McAfee. Adding to this challenge, data breaches are becoming more serious as cybercriminals continue to target intellectual property putting the reputation of the company brand at risk and increasing financial liability. The McAfee’s Grand Theft Data II … More

The post Cybercriminals continue to target intellectual property, putting brand reputation at risk appeared first on Help Net Security.

Only 55% of companies plan to be ready for CCPA implementation

While reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date, according to the OneTrust and the IAPP research. The CCPA is the first of its kind U.S. consumer privacy law which broadly expands the data protection and privacy rights of California residents. The law, inspired by the EU’s General Data Protection Regulation (GDPR), requires organizations that do … More

The post Only 55% of companies plan to be ready for CCPA implementation appeared first on Help Net Security.

Consumers increasingly deploying biometrics as PINs and passwords continue to fail

The UK is ready to fight fraud with biometrics, according to new research revealed by Nuance on World Password Day. The new research carried out by OnePoll asked 1,000 adults aged 18+ in the UK how they feel about traditional passwords and the potential of new technologies designed to safeguard their data and reduce fraud. According to the poll, consumer comfort over the use of biometrics – which authenticates individuals by their physical and behavioural … More

The post Consumers increasingly deploying biometrics as PINs and passwords continue to fail appeared first on Help Net Security.

Researchers develop cybersecurity system to test for vulnerabilities in technologies that use GPS

Southwest Research Institute has developed a cybersecurity system to test for vulnerabilities in automated vehicles and other technologies that use GPS receivers for positioning, navigation and timing. “This is a legal way for us to improve the cyber resilience of autonomous vehicles by demonstrating a transmission of spoofed or manipulated GPS signals to allow for analysis of system responses,” said Victor Murray, head of SwRI’s Cyber Physical Systems Group in the Intelligent Systems Division. GPS … More

The post Researchers develop cybersecurity system to test for vulnerabilities in technologies that use GPS appeared first on Help Net Security.

As organizations continue to adopt multicloud strategies, security remains an issue

97 percent of organizations are adopting multicloud strategies for mission-critical applications and nearly two-thirds are using multiple vendors for mission-critical workloads, a Virtustream survey reveals. The study, conducted by Forrester Consulting, is based on a global survey of more than 700 cloud technology decision makers at businesses with more than 500 employees. The study examines the current state of enterprise IT strategies for cloud-based workloads and details the increasing interest and needs of IT decision … More

The post As organizations continue to adopt multicloud strategies, security remains an issue appeared first on Help Net Security.

How much does the average employee know about data privacy?

With the impacts and repercussions of the looming California Consumer Privacy Act (CCPA) on the minds of many privacy professionals, new research from MediaPRO shows more work is needed to train U.S. employees of this first-of-its-kind privacy regulation. MediaPRO’s 2019 Eye on Privacy Report reveals 46 percent of U.S. employees have never heard of CCPA, which sets specific requirements for the management of consumer data for companies handling the personal data of California residents. Passed … More

The post How much does the average employee know about data privacy? appeared first on Help Net Security.

Security and compliance obstacles among the top challenges for cloud native adoption

Cloud native adoption has become an important trend among organizations as they move to embrace and employ a combination of cloud, containers, orchestration, and microservices to keep up with customers’ expectations and needs. To discover more about the motivations and challenges of companies adopting cloud native infrastructure, the O’Reilly “How Companies Adopt and Apply Cloud Native Infrastructure” report surveyed 590 practitioners, managers and CxOs from across the globe, and found that while nearly 70 percent … More

The post Security and compliance obstacles among the top challenges for cloud native adoption appeared first on Help Net Security.

5G brings great opportunities but requires a network transformation

Telecom operators are overwhelmingly optimistic about the 5G business outlook and are moving forward aggressively with deployment plans. Twelve percent of operators expect to roll out 5G services in 2019, and an additional 86 percent expect to be delivering 5G services by 2021, according to a Vetiv survey of more than 100 global telecom decision makers with visibility into 5G and edge strategies and plans. The “Telco Study Reveals Industry Hopes and Fears: From Energy … More

The post 5G brings great opportunities but requires a network transformation appeared first on Help Net Security.

Hacking our way into cybersecurity for medical devices

Hospitals are filled with machines connected to the internet. With a combination of both wired and wireless connectivity, knowing and managing which devices are connected has become more complicated and, consequently, the institutions’ attack surface has expanded. When did these devices get smart? A brief timeline shows the FDA didn’t start regulating the connectivity of devices until 2005, but medical devices started to leverage software back in the ‘80s. Clinical capabilities have benefited greatly from … More

The post Hacking our way into cybersecurity for medical devices appeared first on Help Net Security.

SEC demands better disclosure for cybersecurity incidents and threats

As companies increasingly rely on networked systems and on the Internet, cybersecurity threats have grown. Companies that fall victim to a successful cyberattack incur substantial costs for remediation, including increased costs for cyber protection, lost revenues, legal costs and more. All of these costs can impact the riskiness and value of a public company’s stock. Given the frequency, magnitude and cost of cybersecurity incidents, the Securities and Exchange Commission (SEC) has stated that it is … More

The post SEC demands better disclosure for cybersecurity incidents and threats appeared first on Help Net Security.

Companies face regulatory fines and cybersecurity threats, still fail to protect sensitive data

22% of a company’s folders are accessible, on average, to every employee, according to the new report from the Varonis Data Lab, which analyzed more than 54 billion files. The report shines a light on security issues that put organizations at risk from data breaches, insider threats and crippling malware attacks. Key findings from the 2019 Global Data Risk Report include: Out-of-control permissions expose sensitive files and folders to every employee: 53% of companies had … More

The post Companies face regulatory fines and cybersecurity threats, still fail to protect sensitive data appeared first on Help Net Security.

GE trade secret theft case demonstrates need for document behavior monitoring

A former GE engineer and a Chinese national have been formally charged with 14 counts of economic espionage by the U.S. Department of Justice after stealing trade secrets from GE. The indictment describes the calculated theft of sensitive documents related to the proprietary design of GE’s gas and steam turbines. According to the unsealed indictment, the engineer at GE Power & Water in Schenectady, New York “exploited his access to GE’s files by stealing multiple … More

The post GE trade secret theft case demonstrates need for document behavior monitoring appeared first on Help Net Security.

The leading sources of stress for cybersecurity leaders? Regulation, threats, skills shortage

A perfect storm of regulation, increased threats and technological complexity is overwhelming cybersecurity decision makers, reveals new research from Symantec. Cybersecurity suffers from information overload Four in five (82 percent) security leaders across France, Germany and the UK report feeling burned out, whilst just under two-thirds (63 percent) think about leaving the industry or quitting their job (64 percent). Surveying 3,045 cybersecurity decision makers across the across France, Germany and the UK, the research – … More

The post The leading sources of stress for cybersecurity leaders? Regulation, threats, skills shortage appeared first on Help Net Security.

Researchers develop new technique to identify malware in embedded systems

A technique for detecting types of malware that use a system’s architecture to thwart traditional security measures has been developed by researchers from North Carolina State University and the University of Texas at Austin. The new detection approach works by tracking power fluctuations in embedded systems. “Embedded systems are basically any computer that doesn’t have a physical keyboard – from smartphones to Internet of Things devices,” says Aydin Aysu, co-author of a paper on the … More

The post Researchers develop new technique to identify malware in embedded systems appeared first on Help Net Security.

Most SMBs would pay a ransom in order to recover stolen data

More than half (55 percent) of executives at SMBs said they would pay hackers in order to recover their stolen data in ransomware attacks, according to the second quarterly AppRiver Cyberthreat Index for Business Survey. That number jumps to 74 percent among larger SMBs that employ 150-250 employees, with nearly 4 in 10 (39 percent) going as far as saying they “definitely would pay ransom at almost any price” to prevent their data from being … More

The post Most SMBs would pay a ransom in order to recover stolen data appeared first on Help Net Security.

A surprising number of used drives sold on eBay hold sensitive data

42% of used drives sold on eBay are holding sensitive data, with 15% containing personally identifiable information (PII), according to Blancco Technology Group. Conducted in conjunction with partner, Ontrack, the Blancco Technology Group study analyzed 159 drives purchased in the U.S., U.K., Germany and Finland. The information found included: A drive from a software developer with a high level of government security clearance, with scanned images of family passports and birth certificates, CVs and financial … More

The post A surprising number of used drives sold on eBay hold sensitive data appeared first on Help Net Security.

Week in review: Oracle WebLogic zero-day under attack, a new way to improve network security

Here’s an overview of some of last week’s most interesting news and articles: Qualcomm chips leak crypto data from secure execution environment A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, NCC Group researchers have found. PDF: The vehicle of choice for malware and fraud There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall … More

The post Week in review: Oracle WebLogic zero-day under attack, a new way to improve network security appeared first on Help Net Security.

Best practices when implementing SD-WAN

Telecoms is an overall complex business – delivering network circuits and optimizing connections – but SD-WAN has its own very specific set of obstacles. SD-WAN involves many components that contribute to overall internet network performance such as national policy, security, hardware delivery, installation and cloud applications. Each element can significantly affect a successful SD-WAN transformation. Below, we explore the most common questions that spring up when implementing SD-WAN, and how to make the process as … More

The post Best practices when implementing SD-WAN appeared first on Help Net Security.

Too fast, too insecure: Securing Mongo Express web administrative interfaces

Mongo Express is a lightweight web-based administrative interface deployed to manage MongoDB databases interactively. It is authored using Node.js, Express and Bootstrap packages. This case study highlights the deployment of Mongo Express admin panels without authentication on the Internet and the various measures to prevent the exposure. The authentication scheme Mongo Express comes with a config-default.js file. It primarily supports basic authentication, which encompasses the base64 encoded payload of a username:password combination. This means that, … More

The post Too fast, too insecure: Securing Mongo Express web administrative interfaces appeared first on Help Net Security.

Consumers trust banks most with their personal data, 68% still fear identity theft

People trust banks and other financial entities to safeguard their personal data more than other organizations. New nCipher Security research also illustrates how easily that trust can be eroded, along with Americans’ personal data protection concerns relative to banking and digital payments. Consumers trust banks most The survey results show that people trust the financial sector in general and their banks in particular more than any other industry vertical or organizations that touch their data. … More

The post Consumers trust banks most with their personal data, 68% still fear identity theft appeared first on Help Net Security.

Global spending on digital transformation to reach $1.18 trillion in 2019

Enterprises around the world are making significant investments in the technologies and services that enable the digital transformation (DX) of their business models, products and services, and organizations. In the latest update to its Worldwide Semiannual Digital Transformation Spending Guide, IDC forecasts global DX spending to reach $1.18 trillion in 2019, an increase of 17.9% over 2018. “Worldwide DX technology investments are expected to total more than $6 trillion over the next four years,” said … More

The post Global spending on digital transformation to reach $1.18 trillion in 2019 appeared first on Help Net Security.

Cybercriminals are becoming more methodical and adaptive

Cybercriminals are deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations improve in areas such as time to detection and response to threats, according to Trustwave. The 2019 Trustwave Global Security Report is based on the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data breach and forensic investigations, manual penetration tests, network vulnerability scans and internal research. Asia … More

The post Cybercriminals are becoming more methodical and adaptive appeared first on Help Net Security.

You can’t fix what you can’t see: A new way of looking at network performance

Network performance, or the service quality of a business’ network, is critical to running a successful enterprise. Imagine the cost to an organization when the corporate network or the e-commerce site is down or experiencing unacceptable latency. Customers get frustrated, prospects immediately turn away from purchases, and internally, IT and network admins are in a panic to get systems up and running again, fueled by C-suite pressure. Defining today’s network performance To optimize network performance, … More

The post You can’t fix what you can’t see: A new way of looking at network performance appeared first on Help Net Security.

Employers should develop cybersecurity protocols and invest more in employee training programs

Organizations want to trust their employees when it comes to cybersecurity, but to do so, they need to better leverage technology. The ObserveIT global survey of 600 IT leaders across various industries found that employers should develop clear cybersecurity protocols and invest more in employee training programs and monitoring tools to verify safe user activity. Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent, and by 53 … More

The post Employers should develop cybersecurity protocols and invest more in employee training programs appeared first on Help Net Security.

Researchers develop new tool for safety-critical software testing

We entrust our lives to software every time we step aboard a high-tech aircraft or modern car. A long-term research effort guided by two researchers at the National Institute of Standards and Technology (NIST) and their collaborators has developed new tools to make this type of safety-critical software even safer. Augmenting an existing software toolkit, the research team’s new creation can strengthen the safety tests that software companies conduct on the programs that help control … More

The post Researchers develop new tool for safety-critical software testing appeared first on Help Net Security.

Legacy infrastructures and unmanaged devices top security risks in the healthcare industry

The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes. Healthcare detections per 10,000 host devices by month Published in the Vectra 2019 Spotlight Report on Healthcare, these findings underscore the importance of utilizing machine … More

The post Legacy infrastructures and unmanaged devices top security risks in the healthcare industry appeared first on Help Net Security.

Where data privacy executives plan to focus their strategies and budgets

Adapting to an increasingly volatile regulatory environment is the top priority for privacy executives, with only approximately four in 10 confident in their current abilities to keep pace with new requirements, according to a Gartner. Conversations with Gartner clients and Gartner’s annual survey data reveals where data privacy executives plan to focus their strategies and budgets for 2019. Their top five priorities highlighted the need to strengthen strategic approaches to engage with quickly shifting regulatory, … More

The post Where data privacy executives plan to focus their strategies and budgets appeared first on Help Net Security.

Nearly half of firms suffer data breaches at hands of vendors

As trusted partners, third-party vendors often become the overlooked or unwitting accomplice in criminal activities. As privacy laws and cybersecurity regulations continue to increase accountability around data confidentiality and protection, eSentire wanted to know how seriously firms take the risks associated with third-party vendors, and their vendors’ vendors. Earlier this year, eSentire commissioned Spiceworks to survey 600 IT and security decision-makers about their top concerns around their supply chain and the policies or procedures used … More

The post Nearly half of firms suffer data breaches at hands of vendors appeared first on Help Net Security.

A casual approach to workplace communications presents major security risks

Workers are comfortable sharing personal, sensitive and confidential information over chat platforms. They practice risky digital habits, and don’t care if their communications are leaked. Symphony Communication Services Workplace Confidential Survey, which polled over 1,500 workers in the U.S. and U.K., examined the growth of new collaboration tools and platforms entering the workplace. The findings highlight a worryingly casual attitude to workplace communications that pose a threat to businesses. “The way we work is changing,” … More

The post A casual approach to workplace communications presents major security risks appeared first on Help Net Security.

Research on private key generation reveals theft of ETH funds from accounts with discoverable keys

Researchers at Independent Security Evaluators (ISE) have discovered 732 actively used private keys on the Ethereum blockchain. In their new study titled Ethercombing, ISE found that poorly implemented private key generation is also facilitating the theft of cryptocurrency. Example flow of deriving an Ethereum address from a private key The researchers identified 13,319 Ether (ETH) which was transferred to both invalid destination addresses and forever lost, as well as to wallets derived from weak private … More

The post Research on private key generation reveals theft of ETH funds from accounts with discoverable keys appeared first on Help Net Security.

Whitepaper: Third-Party Risk to the Nth Degree

For many, cost-effective scalability usually means outsourcing some or all of your business functions to a complex web of third-party vendors. The Third-Party Risk to the Nth Degree whitepaper provides quantitative and contextual measures by which your organization can compare current practices and investment to help mitigate third-party risk. Key findings 44 percent of organizations revealed that they had experienced a third-party-related data breach in the last year. 33 percent of organizations cited lack of … More

The post Whitepaper: Third-Party Risk to the Nth Degree appeared first on Help Net Security.

The foundation: Quantifying risk with focused security measurement

When you hear “quantify risk,” you might think it’s the buzz-term du jour. You might be right. Risk quantification is a hot topic right now. It seems everyone who touches security – from the C-suite to the board – has this at the forefront of their mind. As a security leader, you’re likely being asked about quantifying risk, perhaps more so now than ever before. You might be pressed to answer with much confidence. When … More

The post The foundation: Quantifying risk with focused security measurement appeared first on Help Net Security.

Attackers are weaponizing more vulnerabilities than ever before

2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of exploits discovered in the wild before a patch was available was nearly three times higher last year than the previous record set in 2010. The RiskSense Vulnerability Weaponization Insights Report provides an in-depth analysis of vulnerabilities and weaponization patterns across the Adobe family of products from August 1996 … More

The post Attackers are weaponizing more vulnerabilities than ever before appeared first on Help Net Security.

PDF: The vehicle of choice for malware and fraud

There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall Capture Labs threat researchers. This fraud campaign takes advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations. “Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape,” said SonicWall President and CEO Bill Conner. “In all … More

The post PDF: The vehicle of choice for malware and fraud appeared first on Help Net Security.

Scientists may have identified a new way to improve network security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it. Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security. Many cybersecurity systems use distributed network intrusion detection that allows a … More

The post Scientists may have identified a new way to improve network security appeared first on Help Net Security.

As bad bots grow more sophisticated, so does the number of industries impacted by them

Bot attack sophistication continues to evolve, as advanced attackers learn to adapt their techniques in order to invalidate existing defense tactics, according to Distil Networks. The report investigates hundreds of billions of bad bot requests from 2018 over thousands of domains to provide deeper insight into the daily automated attacks wreaking havoc on websites, mobile apps and APIs. “Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used … More

The post As bad bots grow more sophisticated, so does the number of industries impacted by them appeared first on Help Net Security.

Underserved populations unaware of cybersecurity risks

Members of underserved populations are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are also less likely to access vital online services, such as banking, health services, educational programs, and other resources, which could lead to them falling behind economically, according to a survey of more than 150 San Franciscans at diverse community-based organizations across San … More

The post Underserved populations unaware of cybersecurity risks appeared first on Help Net Security.

Week in review: G Suite security enhancements, Microsoft 365 security

Here’s an overview of some of last week’s most interesting news and articles: One hundred percent of endpoint security tools eventually fail Endpoint security tools and agents fail, reliably and predictably, according to the 2019 Global Endpoint Security Trends Report from Absolute. Microsoft 365 security: Protecting users from an ever-evolving threat landscape In this age of frequent security and data breaches, the statement “We take our customers’ privacy and security very seriously” has been heard … More

The post Week in review: G Suite security enhancements, Microsoft 365 security appeared first on Help Net Security.

Building a modern data registry: Go beyond data classification

For organizations, understanding what data they store and analyze is gaining increasing urgency due to new privacy regulations, from the Global Data Privacy Regulation (GDPR) to the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD). But these regulations are not the only reason organizations are focused on privacy. Security imperatives and pressure to extract more value from the information they store has also put pressure on companies to get data privacy … More

The post Building a modern data registry: Go beyond data classification appeared first on Help Net Security.

Worldwide IT spending to grow just 1.1% in 2019

Worldwide IT spending is projected to total $3.79 trillion in 2019, an increase of 1.1 percent from 2018, according to the latest forecast by Gartner. “Currency headwinds fueled by the strengthening U.S. dollar have caused us to revise our 2019 IT spending forecast down from the previous quarter,” said John-David Lovelock, research vice president at Gartner. “Through the remainder of 2019, the U.S. dollar is expected to trend stronger, while enduring tremendous volatility due to … More

The post Worldwide IT spending to grow just 1.1% in 2019 appeared first on Help Net Security.

The biggest hurdles to digital transformation initiatives? Budget and top-down support

More than half of enterprise IT professionals need help from industry partners and prefer agile service providers to implement digital transformation, according to a new study released by Masergy. The 2019 Digital Transformation Market Trends Report, facilitated by independent research firm Webtorials, surveyed IT professionals from companies both large and small across 35 different countries. By surveying those professionals in a variety of industries, the report sheds light on the mindsets and technology investments needed … More

The post The biggest hurdles to digital transformation initiatives? Budget and top-down support appeared first on Help Net Security.