Category Archives: Don’t miss

New infosec products of the week​: September 21, 2018

Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites Attracting users to fake websites that contain differences from legitimate websites, is a technique that cyber criminals use to gather personal information, such as birth dates, email addresses, and voting preferences. Symantec announced the availability of a free service, powered by Symantec’s artificial intelligence technology, that political candidates and campaigns can use to test the security and authenticity of their websites. XebiaLabs … More

The post New infosec products of the week​: September 21, 2018 appeared first on Help Net Security.

Why identity verification needs to be a part of your digital transformation strategy

Smartphones and tablets are an indispensable part of daily life, and consumers expect nothing less than a streamlined mobile experience. With this in mind, businesses are focusing on digital transformation efforts in order to deliver an excellent customer experience. According to a recent Forrester report, 56 percent of companies said digitization is currently underway, and 38 percent of companies said digital transformation will have the greatest effect on business decisions over the next year. As … More

The post Why identity verification needs to be a part of your digital transformation strategy appeared first on Help Net Security.

Security priorities are shifting in response to increased cybersecurity complexity

The increased complexity of the IT environment, combined with increasingly sophisticated attacks and a rapidly evolving threat landscape, is causing organizations to invest more money in cybersecurity and start to focus on the impact of cyber threats and cybersecurity from a business perspective, according to a research report conducted by Enterprise Strategy Group (ESG). Reasons why cybersecurity has become more difficult One of the report’s key findings is that in many organizations (96 percent), the … More

The post Security priorities are shifting in response to increased cybersecurity complexity appeared first on Help Net Security.

Security data reveals worldwide malicious login attempts are on the rise

According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise. Akamai detected approximately 3.2 billion malicious logins per month from January through April 2018, and over 8.3 billion malicious login attempts from bots in May and June 2018 – a monthly average increase of 30 percent. In total, from the beginning of November 2017 through the end of June 2018, researcher analysis … More

The post Security data reveals worldwide malicious login attempts are on the rise appeared first on Help Net Security.

New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg

With the Magecart attackers compromising web shops left and right, online shopping is becoming a risky proposition. After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg. Compromised shops Security researcher Willem de Groot flagged the ABS-CBN compromise a few days ago and he believes the attackers added the payment card skimming script on or before August 16th. RiskIQ and Volexity researchers shared details … More

The post New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg appeared first on Help Net Security.

How do you protect digital channels from cyber threats?

A well-thought out and managed social media presence is a must for most companies and their workforce, but too few of them think about the potential repercussions of an attack targeting it. Social media is increasingly seen as a battleground, providing the platform for complex influence campaigns mounted by nation-states (Iran, Russia), various hacker groups to get their message out and to advertise their services, and attackers looking to trick other users into parting with … More

The post How do you protect digital channels from cyber threats? appeared first on Help Net Security.

Manipulation tactics that you fall for in phishing attacks

It’s 6 p.m. on a Friday. Just as you finish packing up for the day, an email from your boss pops up on your phone asking why an urgent payment didn’t go out earlier in the week. He’s tied up in a business dinner, so he needs you to wire payment to a specific vendor immediately and send him a confirmation email here once you’ve done so. Eager to help (and get out of the … More

The post Manipulation tactics that you fall for in phishing attacks appeared first on Help Net Security.

Better security needed to harness the positive potential of AI, mitigate risks of attacks

Despite heightened interest in enterprise deployment of artificial intelligence, only 40 percent of respondents to ISACA’s second annual Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning. This becomes especially striking given the potential for serious consequences from maliciously trained AI; survey respondents identify social engineering, manipulated media content and data poisoning as the types of malicious AI attacks that pose the greatest … More

The post Better security needed to harness the positive potential of AI, mitigate risks of attacks appeared first on Help Net Security.

Building security into DevOps versus bolting it on

In this podcast, Hari Srinivasan, Director of Product Management for Qualys, talks about building security into DevOps versus bolting it on, specifically for containers. Here’s a transcript of the podcast for your convenience. Hello! My name is Hari Srinivasan, Director of Product Management for Qualys, cloud and virtualization security. Welcome to this Help Net Security podcast. Today we’re going to talk about building security into DevOps versus bolting it on, specifically for containers. Containers are … More

The post Building security into DevOps versus bolting it on appeared first on Help Net Security.

eBook: 9 Tips to Supercharge Your IT Security Career

Demand for IT security skills has never been higher. As cybercrime rises, the world faces a shortfall of 1.8 million cybersecurity professionals by 2022. Now’s the time to own your future. (ISC)² research shows 70% of employers plan to hire cybersecurity staff. But many organizations don’t really know what they need to secure the enterprise. To get ahead, you need to plan your strategy now. This Career eBook explains employer challenges and how you can … More

The post eBook: 9 Tips to Supercharge Your IT Security Career appeared first on Help Net Security.

Bogus finance apps on Google Play target users worldwide

ESET researchers have discovered malicious apps impersonating various financial services and the Austrian cryptocurrency exchange Bitpanda on Google Play. The fake apps Uploaded to Google’s official app store in June 2018 and collectively downloaded and installed over a thousand times, upon launch the apps would immediately request the user to enter credit card details and/or login credentials to the targeted bank or service. The entered information would then be sent to the attacker’s server, and … More

The post Bogus finance apps on Google Play target users worldwide appeared first on Help Net Security.

Malicious hacking activity increasingly targeting critical infrastructure

In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about how the traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking … More

The post Malicious hacking activity increasingly targeting critical infrastructure appeared first on Help Net Security.

Why humans are necessary to the threat hunting process

For thousands of years, humans have worked to collect intelligence on their enemies. Intelligence gathering is not a new practice; in fact, it is one of the oldest war tactics dating back to biblical times, when warlords and army commanders used it to gain advantages over their rivals. However, the methods have changed as new technologies and new forms of “warfare” have been developed. In recent years, cyber-attacks have led to an entirely new host … More

The post Why humans are necessary to the threat hunting process appeared first on Help Net Security.

Facebook offers bounties for user token bugs in third-party apps, websites

Facebook is expanding its bug bounty program to include vulnerabilities in third-party apps and websites that involve improper exposure of Facebook user access tokens. What’s in scope? “Access tokens allow people to log into another app using Facebook and are uniquely generated for the specific person and app,” security engineer Dan Gurfinkel noted. “If exposed, a token can potentially be misused, based on the permissions set by the user. We want researchers to have a … More

The post Facebook offers bounties for user token bugs in third-party apps, websites appeared first on Help Net Security.

Improved features and security fixes in iOS 12, watchOS 5, tvOS 12, and Safari 12

Apple has released new versions of iOS, watchOS, tvOS and Safari and has plugged a number of security holes in each. iOS 12 iOS 12 comes with improved usability, stability, reliability, speed, but also with some interesting new and improved features that should help users choose and manage passwords and use two-factor authentication. Apple software engineer Ricky Mondello has highlighted a number of them, including: A revamped iCloud Keychain password manager that generates passwords when … More

The post Improved features and security fixes in iOS 12, watchOS 5, tvOS 12, and Safari 12 appeared first on Help Net Security.

ENISA launches Cybersecurity Strategies Evaluation Tool

The European Union Agency for Network and Information Security (ENISA) has launched a tool that will help EU Member States evaluate their priorities according to their National Cyber Security Strategies. ENISA supports EU Member States Since 2012, ENISA has been supporting the EU Member States to develop, implement and evaluate their National Cyber Security Strategies. To achieve this goal, ENISA has developed several tools, studies, guidelines and a group of experts. Initially, only 12 Member … More

The post ENISA launches Cybersecurity Strategies Evaluation Tool appeared first on Help Net Security.

How to create a Hall of Fame caliber cybersecurity playbook

Whether the sport is football, basketball or hockey, all the best coaches have playbooks and reports with the latest information on opponents. They study the playing field and never go into a game unprepared, spending hours fine tuning strategies, whether that’s finding the perfect angle to swoop past defenders or knowing an offenses’ weakness and stopping them dead in their tracks. Cybersecurity should be no different. Sure, you’re not a quarterback looking for a lane … More

The post How to create a Hall of Fame caliber cybersecurity playbook appeared first on Help Net Security.

Seizing cyber resilience mastery in financial services

Despite the volume of cyberattacks doubling in 2017, financial services firms are closing the gap on cyberattacks, having stopped four in five of all breach attempts last year, up from two-thirds in 2016, according to Accenture. However, firms will need to improve their security procedures to heed off increasingly sophisticated attacks powered by new technologies. The study, “2018 State of Cyber Resilience for Financial Services,” is based on a survey of more than 800 enterprise … More

The post Seizing cyber resilience mastery in financial services appeared first on Help Net Security.

Data breaches make companies underperform the market in the long run

While the share prices of companies that experienced a sizeable/huge data breach suffer just a temporary hit, in the long term breached companies underperformed the market, an analysis by consumer tech product review and comparison site Comparitech has shown. This is the site’s second annual analysis into the share prices and overall performance of 24 companies that are listed on the New York Stock Exchange and have suffered a data breach in the last ten … More

The post Data breaches make companies underperform the market in the long run appeared first on Help Net Security.

(IN)SECURE Magazine issue 59 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 59 has been released today. Table of contents The importance of career pathing in the cybersecurity industry Securing healthcare organizations: The challenges CISOs face Fingerprinting HTTP anomalies to dissect malicious operations How to keep cryptominers from opening up your IT container boxes Report: Black Hat USA 2018 Vulnerability research and responsible disclosure: Advice from an industry veteran Managing … More

The post (IN)SECURE Magazine issue 59 released appeared first on Help Net Security.

Break out of malware myopia by focusing on the fundamentals

Organizations today suffer from malware myopia, a condition characterized by threat-centric security programs caused by the ease of imagining a takedown by malicious code. Malware myopia is a mental bug; a defect in reasoning that scrambles people’s judgment. If asked point-blank, few would say that malware is an existential threat. To be sure, it is vital to acknowledge that an attacker only has to be ‘right’ once, and given eye-catching headlines surrounding new forms of … More

The post Break out of malware myopia by focusing on the fundamentals appeared first on Help Net Security.

How to gain visibility with global IT asset inventory

In this podcast recorded at Black Hat USA 2018, Pablo Quiroga, Director of Product Management at Qualys, talks about how to gain unprecedented visibility with global IT asset inventory. Here’s a transcript of the podcast for your convenience. My name is Pablo Quiroga. I’m the Director of Product Management at Qualys, and today I’m going to be speaking about how to gain unprecedented visibility with global IT asset inventory. A complete visibility of your IT … More

The post How to gain visibility with global IT asset inventory appeared first on Help Net Security.

Data privacy automation: Unlock your most valuable asset

In years past, data privacy was the purview of the chief privacy officer. However, increasingly, CTOs are being tasked with operationalizing a data privacy solution for the company. That’s because data privacy is fundamentally a data issue, with privacy being an outcome of a comprehensive data protection strategy. In a world of exploding data, it’s impossible for privacy professionals using manual, survey-based approaches to stay on top of this ever-changing sea of information. Companies constantly … More

The post Data privacy automation: Unlock your most valuable asset appeared first on Help Net Security.

Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes

A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection. They’ve also demonstrated that creating and maintaining many fakes can be relatively inexpensive for the defenders, that the real document can … More

The post Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes appeared first on Help Net Security.

Tech support scammers leverage “evil cursor” technique to “lock” Chrome

Tech scammers are constantly coming up with new techniques to make users panic and seek their bogus services. The latest one, documented by Malwarebytes researchers, has been dubbed “evil cursor”. “Evil cursor” The trick works against a recent version of Google Chrome (69.0.3497.81) and prevents the victims from closing a tab or browser window by clicking on the “X” in the upper right corner. The victims believe that they are pressing the “X”, but code … More

The post Tech support scammers leverage “evil cursor” technique to “lock” Chrome appeared first on Help Net Security.

New infosec products of the week​: September 14, 2018

Exabeam adds updated Case Management module to behavioral analytics product Exabeam Case Management is a module that provides a user interface designed for the workflows of security teams, and that adds intelligence to help analysts resolve incidents. Machine learning helps make the interface context aware, presenting users with fields, values, and data for different incident types. The resulting workflows bring details to analysts when and where they are needed. Arxan launches advanced protection for client-side … More

The post New infosec products of the week​: September 14, 2018 appeared first on Help Net Security.