Category Archives: Don’t miss

Webinar: Inside a Docker cryptojacking exploit

In this webinar, Ethan Hansen, Security Analyst for Threat Stack’s Cloud Security Operations Program, will discuss recently observed Docker exploit attempts from the field, where attackers were looking for web applications vulnerable to command injection. He’ll also provide examples of what to watch for in your logs, cryptojacking and container breakout attempts among them.

The post Webinar: Inside a Docker cryptojacking exploit appeared first on Help Net Security.

Cisco fixes critical vulnerabilities in its SD-WAN, DNA Center solutions

Cisco has released another batch of fixes for many of its products, including its SD-WAN and DNA Center solutions, its Email Security Appliance, Security Manager, SOHO routers/firewalls, and more. Critical flaws CVE-2019-1625 could allow an authenticated, local attacker to elevate lower-level privileges to the root user on a device running a vulnerable version of the Cisco SD-WAN Solution. Cisco SD-WAN on a number of Cisco’s vEdge routers, its vBond Orchestrator Software, its vSmart Controller Software, … More

The post Cisco fixes critical vulnerabilities in its SD-WAN, DNA Center solutions appeared first on Help Net Security.

(IN)SECURE Magazine issue 62 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 62 has been released today. Table of contents What’s your company’s risk exposure? The modern threat landscape and expanding CISO challenges Product showcase: Veriato Cerebral user & entity behavior analytics software Building a modern data registry: Go beyond data classification What happened to trust and transparency in cybersecurity? Prioritising risks in a climate of geopolitical threats An intelligence-driven … More

The post (IN)SECURE Magazine issue 62 released appeared first on Help Net Security.

IoT explodes worldwide, researchers investigate security issues present in the devices real users own

About 40 percent of households across the globe now contain at least one IoT device, according to Avast. In North America, that number is almost double, at 66 percent, bringing with it an associated growth in cybersecurity risks. The findings have been published in a new research paper “All Things Considered: An Analysis of IoT Devices on Home Networks”. The research is the largest global study to date examining the state of IoT devices. Avast … More

The post IoT explodes worldwide, researchers investigate security issues present in the devices real users own appeared first on Help Net Security.

How to add security to digital transformation processes

In this Help Net Security podcast, Marco Rottigni, Chief Technical Security Officer for Qualys across EMEA, talks about adding security to digital transformation processes. Here’s a transcript of the podcast for your convenience. Hello everybody. My name is Marco Rottigni and I’m the Chief Technical Security Officer for Qualys across EMEA. I’m here today for a podcast of Help Net Security about how to add security or to build in security in digital transformation processes. … More

The post How to add security to digital transformation processes appeared first on Help Net Security.

Research shows Tesla Model 3 and Model S are vulnerable to GPS spoofing attacks

Tesla Model S and Model 3 electric cars are vulnerable to cyberattacks aimed at their navigation systems, according to research from Regulus Cyber. Staged attack caused the car to veer off the main road During a test drive using Tesla’s Navigate on Autopilot feature, a staged attack caused the car to suddenly slow down and unexpectedly veer off the main road. Regulus Cyber initially discovered the Tesla vulnerability during its ongoing study of the threat … More

The post Research shows Tesla Model 3 and Model S are vulnerable to GPS spoofing attacks appeared first on Help Net Security.

Mozilla plugs critical Firefox zero-day used in targeted attacks

A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday. About the vulnerability (CVE-2019-11707) Mozilla did not share many details about the flaw – it simply stated that it is a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, and that it can trigger an exploitable crash. The flaw can be exploited to achieve arbitrary code … More

The post Mozilla plugs critical Firefox zero-day used in targeted attacks appeared first on Help Net Security.

Another Oracle WebLogic Server RCE under active exploitation

Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About the vulnerability (CVE-2019-2729) “This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network … More

The post Another Oracle WebLogic Server RCE under active exploitation appeared first on Help Net Security.

Regulation readiness: Embracing the privacy legislation wave ahead

There are a few certainties in life. Your attempt to use the fifteen-item express checkout line with sixteen items will be denied by the seventeen-year-old cashier. The motorcycle cop will write you a $150 ticket instead of warning for going just three miles over the speed limit in your neighborhood. Your tactic of ignoring that federal privacy regulation just enacted will result in significant fines and penalties for your burgeoning business. Whatever the scenario, the … More

The post Regulation readiness: Embracing the privacy legislation wave ahead appeared first on Help Net Security.

Executives now recognize cybersecurity as a key business driver

Cybersecurity is now recognized as a key business driver by the C-Suite, according to a new Radware report. Executives that participated in the survey found that the four main business impacts of a security incident were customer loss (45%), brand reputation loss (44%) and revenue loss or operational (32% each). Cybersecurity as a business issue The predominance of cybersecurity as a business issue extends to the board, with a majority (72%) of executives reporting information … More

The post Executives now recognize cybersecurity as a key business driver appeared first on Help Net Security.

Slack + Snapchat = AppSec? Breaking down the complexity of messaging apps

Recently messaging applications got hit hard with vulnerabilities, hacking attempt disclosures by nation-states and insider employee inappropriate behaviors. As organizations continue to prioritize cybersecurity, outfitting their infrastructure with the latest and greatest defensive and offensive technologies, there is one clear area that is lacking security – communication and messaging tools. Why is that? In the age of ISO, FEDRAMP, SOC2 and the rest of the trees in the acronym forest of security compliance, why is … More

The post Slack + Snapchat = AppSec? Breaking down the complexity of messaging apps appeared first on Help Net Security.

Insecure password memory aids: A passwordless future could be the solution

There is a readiness for passwordless security methods such as biometrics, with 70% workers believing biometrics would benefit the workplace, according to Okta. The Passwordless Future Report, which demonstrates how passwords negatively impact the security of organizations and mental health of employees, surveyed 4,000+ workers across the UK, France and the Netherlands. Dr. Maria Bada, Research Associate, Cambridge University said, “Okta’s research clearly showed that employees can experience negative emotions and stress due to forgetting … More

The post Insecure password memory aids: A passwordless future could be the solution appeared first on Help Net Security.

SACK TCP flaws can crash, slow down Linux-based systems

An engineering manager at Netflix has unearthed several TCP networking vulnerabilities in Linux and FreeBSD kernels that could lead to systems crashing or consuming too many resources and (consequently) slowing down. About the vulnerabilities The flaws were discovered by Jonathan Looney, who apart from working at Netflix is also a FreeBSD developer. They all affect the Selective Acknowledgments (SACK) TCP mechanism, which allows a receiving machine to acknowledge which data/packets it has received so that … More

The post SACK TCP flaws can crash, slow down Linux-based systems appeared first on Help Net Security.

Vulnerable TP-Link Wi-Fi extenders open to attack, patch now!

Several TP-Link Wi-Fi extender devices sport a critical remote code execution vulnerability that could allow attackers to take over the devices and command them with the same privileges of their legitimate user, IBM X-Force researcher Grzegorz Wypych warns. Aside from making the device part of a botnet, attackers could carry out sophisticated malicious activity by executing any shell command on the device’s operating system. “An attacker compromising this type of device, and the device being … More

The post Vulnerable TP-Link Wi-Fi extenders open to attack, patch now! appeared first on Help Net Security.

Why phishing education has never been more critical to your business

Our cyber defenses are becoming stronger and stronger every year. Even the smallest companies can now deploy advanced anti-malware and intrusion detections tools that were, until recently, only within the reach of larger enterprises. Today, sandboxed behavior detection and machine-learning/artificial intelligence powered security services make it easy for organizations of any size to crack down on even the most sophisticated malware. Users are still the weakest link But as our network perimeter and endpoint security … More

The post Why phishing education has never been more critical to your business appeared first on Help Net Security.

One year of GDPR application: Europeans well aware of their digital rights

Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated, according to the European Commission. “European citizens have become more aware of their digital rights and this is encouraging news. However, only three in ten Europeans have heard of all their new data rights. For companies, their customers’ trust is hard currency … More

The post One year of GDPR application: Europeans well aware of their digital rights appeared first on Help Net Security.

Researchers develop app to detect Twitter bots in any language

Thanks to fruitful collaboration between language scholars and machine learning specialists, a new application that can detect Twitter bots independent of the language used was developed by researchers at the University of Eastern Finland and Linnaeus University in Sweden. In recent years, big data from various social media applications have turned the web into a user-generated repository of information in ever-increasing number of areas. Because of the relatively easy access to tweets and their metadata, … More

The post Researchers develop app to detect Twitter bots in any language appeared first on Help Net Security.

Web-based DNA sequencers getting compromised through old, unpatched flaw

Unknown attackers are trying to exploit a vulnerability in dnaLIMS, a Web based bioinformatics laboratory information management system, to implant a bind shell into the underlying web server. Researcher Ankit Anubhav first noticed the attacks on June 12 and they are apparently still going on. About dnaLIMS DnaLIMS is developed by Colorado-based dnaTools. It provides software tools for processing and managing DNA sequencing requests. These tools use browsers to access a UNIX-based web server on … More

The post Web-based DNA sequencers getting compromised through old, unpatched flaw appeared first on Help Net Security.

What does runtime container security really mean?

End-to-end protection for containers in production is required to avoid the steep operational and reputational costs of data breaches. As news of container attacks and fresh vulnerabilities continues to prove, short cuts (or incomplete security strategies) aren’t going to work. Runtime container security means vetting all activities within the container application environment, from analysis of container and host activity to monitoring the protocols and payloads of network connections. Containers running in production environments actively fulfill … More

The post What does runtime container security really mean? appeared first on Help Net Security.

Are U.S. companies overpaying to attract new talent?

While compensation remains a top driver to attract and retain talent in the U.S., employees only expect about a 10% salary increase to switch employers, while companies are offering average compensation increases around 15%, according to a recent survey by Gartner. While many U.S. employers continue to extend lucrative compensation offers to persuade workers to switch companies, the premiums to attract talent might not be as high as employers think. “Not only are U.S. employers … More

The post Are U.S. companies overpaying to attract new talent? appeared first on Help Net Security.

Human error still the cause of many data breaches

With the incidence of reported data breaches on the rise, more than half of all C-suite executives (C-Suites) (53%) and nearly three in 10 Small Business Owners (SBOs) (28%) who suffered a breach reveal that human error or accidental loss by an external vendor/source was the cause of the data breach, according to a Shred-it survey conducted by Ipsos. When assessing additional causes of data breaches, the report found that nearly half of all C-Suites … More

The post Human error still the cause of many data breaches appeared first on Help Net Security.

Linux servers under attack via latest Exim flaw

It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected exploitation attempts five days ago: Just detected the first attempts to exploit recent #exim remote command execution (RCE) security flaw (CVE-2019-10149). Tries to downloads a script located at http://173.212.214.137/s (careful). If you run Exim, make sure it's up-to-date. @qualys pic.twitter.com/s7veGBcKWO — Freddie Leeman (@freddieleeman) June 9, 2019 Amit Serper, Cybereason’s head of security research, … More

The post Linux servers under attack via latest Exim flaw appeared first on Help Net Security.

Vulnerabilities allow attackers to take over infusion pumps

Two vulnerabilities in Windows CE-powered Alaris Gateway Workstations (AWGs), which provide support for widely used infusion pumps, could allow remote attackers to disable the device, install malware, report false information, and even instruct the pumps to alter drug dosages and infusion rates. About Alaris Gateway Workstations Developed by US-based medical device maker Becton, Dickinson and Company (BD), Alaris Gateway Workstations are deployed in healthcare establishments in Europe and Asia. A company spokesperson told TechCrunch that … More

The post Vulnerabilities allow attackers to take over infusion pumps appeared first on Help Net Security.

New infosec products of the week: June 14, 2019

Skybox Security Suite 10 to simplify enterprise security management processes Skybox Security Suite 10 brings an intuitive, customizable user experience to simplify management of vulnerabilities, security policies, firewalls and changes from a central solution. Cloud and operational technology (OT) security insights are integrated seamlessly for uniform risk management across hybrid networks. SecBI extends its threat detection solution with automated response SecBI announced the extension of its agent-less, threat detection solution with automated response. Now security … More

The post New infosec products of the week: June 14, 2019 appeared first on Help Net Security.

Organizations are advancing their efforts, investing in OT cybersecurity programs

ICS cybersecurity threats remain high and present evolving challenges, a new SANS report reveals. However, since the last SANS OT/ICS report released in 2017, a growing majority of organizations have significantly matured their security postures over the last two years and are adopting strategies that address OT/IT convergence. “The findings in this latest SANS report make it clear that 2019 is the year for ICS cybersecurity,” said Nozomi Networks CEO Edgard Capdevielle. “We see the … More

The post Organizations are advancing their efforts, investing in OT cybersecurity programs appeared first on Help Net Security.

Ransomware disrupts worldwide production for Belgian aircraft parts maker

ASCO Industries, a manufacturer of aerospace components with headquarters in Zaventem, Belgium, has been hit with ransomware, which ended up disrupting its production around the world. The attack reportedly started on Friday and the extent of the internal damage is still unknown. About ASCO Industries ASCO Industries is a privately held company that was acquired by Kansas-based Spirit AeroSystems in 2018. At the time it had 1,400 employees world-wide. It designs and manufactures wing components, … More

The post Ransomware disrupts worldwide production for Belgian aircraft parts maker appeared first on Help Net Security.

Evernote Chrome extension flaw could have allowed access to personal info

Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of Guardio’s ongoing security analysis efforts using a combination of internal technology and researchers. Guardio disclosed the vulnerabilities to Evernote during the last week of May, which prompted Evernote to address them and roll out a … More

The post Evernote Chrome extension flaw could have allowed access to personal info appeared first on Help Net Security.

GDPR implementation lessons can help with CCPA compliance

The ever increasing number of data breaches has made consumers more aware of how their data is being used and has emphasized the importance of keeping personal data private, says Sovan Bin, CEO and founder of cloud data management firm Odaseva. “In terms of the general public, the California Consumer Privacy Act (CCPA) is a wake-up call for consumers to know and understand their data privacy rights. They should feel free to exercise these rights … More

The post GDPR implementation lessons can help with CCPA compliance appeared first on Help Net Security.

CISO do’s and don’ts for board reporting

Security is no longer just a job for IT – it impacts all areas of a business, from brand perception to the bottom line. As a result, CISOs are increasingly being asked to deliver cybersecurity reports to their boards, including information on global trends, security performance, security strategy, and security spend. In an ideal world, this increase in board visibility would foster a new collaborative relationship between security leaders and their executive stakeholders; one that … More

The post CISO do’s and don’ts for board reporting appeared first on Help Net Security.

Whitepaper: Maturing a Threat Intelligence Program

Whether you are getting started with TI or seeking to expand an existing program, the Threat Intelligence Maturity Model provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program and how it can better apply threat intelligence to drive smarter security processes, unite all resources behind a common defense, and take decisive action to keep your business on course.

The post Whitepaper: Maturing a Threat Intelligence Program appeared first on Help Net Security.

The Cynet Free Visibility experience: Unmatched insight into IT assets and activities

Real-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with, from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now offering end-users and service providers free access to its end-to-end visibility capabilities. The offering consists of 14 days access to the Cynet … More

The post The Cynet Free Visibility experience: Unmatched insight into IT assets and activities appeared first on Help Net Security.

Researchers devise RAMBleed attack to grab secret data from memory

Researchers have demonstrated a new variation of the Rowhammer attack: dubbed RAMBleed, it may allow attackers to read data stored inside the computer’s physical memory. “While the end-to-end attack we demonstrated read out OpenSSH 7.9’s RSA key, RAMBleed can potentially read any data stored in memory. In practice, what can be read depends on the victim program’s memory access patterns,” they explained. About Rowhammer and RAMBleed Rowhammer is an exploitable issue in some computer chips … More

The post Researchers devise RAMBleed attack to grab secret data from memory appeared first on Help Net Security.

June 2019 Patch Tuesday: A little something for everybody

For June 2019 Patch Tuesday, Microsoft has fixed a whooping 88 CVE-numbered vulnerabilities, Adobe has plugged many critical security holes in ColdFusion and Flash Player, and Intel has released security updates and mitigations for multiple products. Adobe’s fixes The Flash Player updates plug one but critical code execution flaw (CVE-2019-7845). Users of the ColdFusion web application development platform are getting patches for three critical code execution bugs and should consult the offered tech notes to … More

The post June 2019 Patch Tuesday: A little something for everybody appeared first on Help Net Security.

First framework to score the agility of cyber attackers and defenders

To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the U.S. Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders. “The DOD and U.S. Army recognize that the cyber domain is as important a battlefront as ground, air and sea,” said Dr. Purush Iyer, division chief, network sciences at Army Research … More

The post First framework to score the agility of cyber attackers and defenders appeared first on Help Net Security.

3.4 billion fake emails are sent around the world every day

At least 3.4 billion fake emails are sent around the world every day — with most industries remaining vulnerable to spear-phishing and “spoofing” cyberattacks simply because they’re not implementing industry-standard authentication protocols, according to a Valimail report. The research report also found that the vast majority of suspicious emails emanate from U.S.-based sources. It’s not all bad news, however. Ongoing research also indicates that many industries are making progress in the fight against impersonation, some … More

The post 3.4 billion fake emails are sent around the world every day appeared first on Help Net Security.

Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine

The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These vulnerabilities allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS. The research shows that all Windows versions are vulnerable. The flaws allow attackers to bypass existing mitigations NTLM is susceptible to relay attacks, … More

The post Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine appeared first on Help Net Security.

US border agency contractor breached, license plate and travelers’ photos stolen

US Customs and Border Protection (CBP) announced that a hacker may have stolen sensitive data collected by the agency from a subcontractor’s network. “On May 31, 2019, CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack,” the CBP stated and … More

The post US border agency contractor breached, license plate and travelers’ photos stolen appeared first on Help Net Security.

Europe’s online economy risks losing €57 billion as SCA is enforced

Europe stands to lose €57 billion in economic activity in the first 12 months after SCA takes effect, according to a Stripe study conducted by 451 Research. The findings are based on surveys conducted with 500 qualified payment professionals at online businesses and 1000 consumers in the UK, France, Germany, the Netherlands and Spain. European businesses are unprepared for SCA and small businesses will bear the brunt of it With just over three months to … More

The post Europe’s online economy risks losing €57 billion as SCA is enforced appeared first on Help Net Security.

Hackproofing smart meters and boosting smart grid security

Smart electricity meters are useful because they allow energy utilities to efficiently track energy use and allocate energy production. But because they’re connected to a grid, they can also serve as back doors for malicious hackers. Cybersecurity researcher Karthik Pattabiraman, an associate professor of electrical and computer engineering at UBC, recently developed an automated program aimed at improving the security of these devices and boosting security in the smart grid. “Our program uses two detection … More

The post Hackproofing smart meters and boosting smart grid security appeared first on Help Net Security.

How human bias impacts cybersecurity decision making

The human brain is a fantastic machine, but we’re all subject to cognitive bias and reasoning errors – and cybersecurity pros are no exception. In a newly released report, Dr Margaret Cunningham, psychologist and Principal Research Scientist at Forcepoint, examined six universal unconscious human biases, how they can influence cybesecurity decision making, and urges infosec pros and leaders to make an effort to overcome them. Inconvenient cognitive biases Our days are filled with decision making: … More

The post How human bias impacts cybersecurity decision making appeared first on Help Net Security.

Malware peddlers hit Office users with old but reliable exploit

Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, Microsoft researchers have warned. Exploit delivers backdoor The exploit takes advantage of a vulnerability in an older version of the Office Equation Editor, which was manually patched by Microsoft in November 2017. “The CVE-2017-11882 vulnerability was fixed in 2017, but to this day, we still observe the exploit in attacks. Notably, … More

The post Malware peddlers hit Office users with old but reliable exploit appeared first on Help Net Security.

Is there a weak link in blockchain security?

Recent research revealed that blockchain is set to become ubiquitous by 2025, entering mainstream business and underpinning supply chains worldwide. This technology is set to provide greater transparency, traceability and immutability, allowing people and organizations to share data without having to be concerned about security. However, blockchain is only as strong as its weakest link. Despite the hails surrounding blockchain’s immutable security, there are still risks surrounding it that organizations must be aware of – … More

The post Is there a weak link in blockchain security? appeared first on Help Net Security.

New user keystroke impersonation attack uses AI to evade detection

A sophisticated attack, called Malboard, in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics, was developed by Ben-Gurion University of the Negev (BGU) cybersecurity researchers. Using artificial intelligence Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard … More

The post New user keystroke impersonation attack uses AI to evade detection appeared first on Help Net Security.

Two-thirds of iOS apps don’t use App Transport Security

Most iOS apps don’t take advantage of App Transport Security​ (ATS), a networking security feature offered by Apple that ensures encrypted connections between apps and the servers they communicate with. The main reason, it seems, might be interrupted ad delivery. What is App Transport Security? “On Apple platforms, a networking security feature called App Transport Security (ATS) is available to apps and app extensions, and is enabled by default. It improves privacy and data integrity … More

The post Two-thirds of iOS apps don’t use App Transport Security appeared first on Help Net Security.

June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets

Can you believe it is June already? Summer is rapidly approaching, but it’s been slow to warm up our temperatures here in the US. I can’t say the same thing about the temperature in our security community – things have been hot! The first months of 2019 have seen a record number of vulnerabilities reported and the latest, BlueKeep associated with CVE-2019-0708, has set the forums and security advisory lists on fire. The May updates … More

The post June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets appeared first on Help Net Security.

Critical Exim flaw exploitable locally and remotely, patch ASAP!

A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the “root” user. About CVE-2019-10149 CVE-2019-10149 was discovered by Qualys researchers. It is a remote command execution vulnerability that is exploitable instantly by a local attacker and by a remote attacker in certain non-default configurations. “The vulnerability is critical: it allows a local user to easily run commands as … More

The post Critical Exim flaw exploitable locally and remotely, patch ASAP! appeared first on Help Net Security.

Criminals are selling hacking services targeting world’s biggest companies

A new study – undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey, and underwritten by Bromium – provides details of first-hand intelligence gathered from covert discussions with dark net vendors, alongside analysis by a panel of global industry experts across law enforcement and government. Network compromise tools and services on the dark net Key findings: 4 in 10 dark net vendors are selling targeted hacking services aimed at FTSE … More

The post Criminals are selling hacking services targeting world’s biggest companies appeared first on Help Net Security.

Global communications service providers struggling to fend off growing number of DDoS attacks

Global communications service providers, whose businesses are predicated on continuous availability and reliable service levels, are struggling to fend off a growing number of DDoS attacks against their networks. A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection, according to A10 Networks. The critical need for DDoS protection The A10 Networks study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels … More

The post Global communications service providers struggling to fend off growing number of DDoS attacks appeared first on Help Net Security.

Workforce diversity key to plugging the IT skills gap

An (ISC)2 study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern, as organizations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cybersecurity recruitment and staff retention. Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity initiatives, according … More

The post Workforce diversity key to plugging the IT skills gap appeared first on Help Net Security.

Trust nothing: A life in infosec is a life of suspicion

Like many before him, Amit Serper started his cybersecurity career in one of Israel’s intelligence agencies. Nine years later, he left for the private sector: he joined Cybereason, a cyber security company started by former colleagues which specializes in endpoint (EDR) and managed detection and response (MDR). When he started there as a senior security researcher, then progressed to different research roles. Today, he’s the company’s head of security research, leading Nocturnus, its advanced global … More

The post Trust nothing: A life in infosec is a life of suspicion appeared first on Help Net Security.

An intelligence-driven approach to cyber threats

In the age of big data, it is easy to think that only machines can detect a signal amid the noise. While it’s true that big data tools can discover signals that might not be obvious, they can also create their own kind of noise in which the true signal — a true threat — can be lost. That’s a problem anyone dealing with traditional security monitoring systems over the past few years has come … More

The post An intelligence-driven approach to cyber threats appeared first on Help Net Security.

Advancing transparency and accountability in the cybersecurity industry

NSS Labs, the Texas-based company that specializes in testing the world’s security products, has a new CEO. Jason Brvenik, the company’s CTO since early 2017, took over the role from Vikram Phatak, the company’s founder. But, as Brvenik told Help Net Security, the company’s strategic priorities remain unchanged: their mission is to advance transparency and accountability in the cybersecurity industry. “If you look at the dollars being spent to improve cyber protections versus the dollars … More

The post Advancing transparency and accountability in the cybersecurity industry appeared first on Help Net Security.

Embrace chaos to improve cloud infrastructure resilience

Netflix is a champion of using chaos engineering to improve the resilience of its cloud infrastructure. That’s how it ensures its customers don’t have their Stranger Things binge watching sessions interrupted. Netflix is one of a growing number of companies including Nike, Amazon and Microsoft that leverage chaos engineering as a means of stress testing their cloud infrastructures against a variety of unpredictable cloud events, such as a loss of cloud resources or entire regions. … More

The post Embrace chaos to improve cloud infrastructure resilience appeared first on Help Net Security.

2018 in numbers: Data breaches cost $654 billion, expose 2.8 billion data records in the U.S.

Cybercriminals exposed 2.8 billion consumer data records in 2018, costing over $654 billion to U.S. organizations, according to ForgeRock. Cyberattacks to U.S. financial services organizations cost the industry over $6.2 billion in Q1 2019 alone, up from just $8 million in Q1 2018. Even though investments in information security products and services have been on the rise, with $114 billion invested in 2018, cybercriminals continue to attack organizations across a wide spectrum of industries to … More

The post 2018 in numbers: Data breaches cost $654 billion, expose 2.8 billion data records in the U.S. appeared first on Help Net Security.

Despite disclosure laws, cybercrime may be widely underreported

While attack vectors remain largely the same year over year, attack volume will increase and cybercrime may be vastly underreported, according to the 2019 State of Cybersecurity Study from global IT and cybersecurity association ISACA. “Underreporting cybercrime – even when disclosure is legally mandated – appears to be the norm, which is a significant concern,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO. “Half … More

The post Despite disclosure laws, cybercrime may be widely underreported appeared first on Help Net Security.

Apple debuts privacy-minded “Sign in with Apple” SSO

Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the “Sign in with Apple” feature Apple’s new single sign-on (SSO) authentication mechanism is similar to the one provided by Facebook, Google, LinkedIn, Twitter, and others, in that it will allow users to sign in to apps and websites without creating a new account. But there are important differences, mainly focused on … More

The post Apple debuts privacy-minded “Sign in with Apple” SSO appeared first on Help Net Security.

Nearly 12 million Quest Diagnostics patients affected by data breach

Quest Diagnostics, a US-based company that offers medical testing services, has announced that a third-party billing collections company they use has been hit by a data breach, affecting 11.9 million of Quest’s customers. The potentially compromised information includes the patients’ personal information (including Social Security number), financial and medical information, but not laboratory test results. What happened? “American Medical Collection Agency (AMCA), a billing collections service provider, has informed Quest Diagnostics that an unauthorized user … More

The post Nearly 12 million Quest Diagnostics patients affected by data breach appeared first on Help Net Security.

Is your private equity firm exposed to these hidden IT risks?

Skydivers know that there is a risk their parachute won’t open. Police officers know their daily jobs come with the inherent risk of danger. And private equity firms know there is a risk they won’t realize the expected return on investment in any given deal thesis – but even with that understanding, and the standard due diligence a firm will perform prior to a deal, hidden IT risks may lie within an investment company. These … More

The post Is your private equity firm exposed to these hidden IT risks? appeared first on Help Net Security.

Hack The Sea: Bridging the gap between hackers and the maritime sector

There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry. The limitations that keep that number low are obvious: both the specialized knowledge and equipment is difficult to come by. And, as Ken Munro of UK-based Pen Test Partners told us a year ago, not many people move from shipping into pentesting (and into information security in general). But things are looking up for those who are interested: … More

The post Hack The Sea: Bridging the gap between hackers and the maritime sector appeared first on Help Net Security.

Is AI fundamental to the future of cybersecurity?

While a significant proportion of SMEs believe in their current approach to security, they are struggling when it comes to allocation of budget, according to a Senseon research project. There is increasing uncertainty on whether the investment into the security solutions they’re currently using is worth the cost. The survey also reveals that SMEs have been slow to implement AI solutions, despite the vast majority of SMEs surveyed (81 percent) thinking that AI will be … More

The post Is AI fundamental to the future of cybersecurity? appeared first on Help Net Security.

How organizations are managing vulnerability risks

Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched vulnerabilities, with an even higher rate in Europe (34 percent). Vulnerability management starts with visibility of the attack surface, and Tripwire’s report found that 59 percent of global organizations are able to detect new hardware and software on their networks within minutes or hours. However, this is a … More

The post How organizations are managing vulnerability risks appeared first on Help Net Security.

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential … More

The post Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT appeared first on Help Net Security.

How likely are weaponized cars?

It is easy to become absorbed by the exaggerated Hollywood depictions of car hacking scenarios – to imagine a not-so-distant future when cars or their supporting infrastructures are hacked by criminals or terrorists and turned into lethal weapons. There are reasons why such a scenario has not happened yet. But could it? And if so, how can we prevent it? Some might argue that the likelihood of cars being weaponized is extremely low, but from … More

The post How likely are weaponized cars? appeared first on Help Net Security.

Why zero trust is crucial to compliance

The enterprise faces a brand new world when it comes to data privacy and security. New regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have joined PCI-DSS, HIPAA, and more than 25,000 other cybersecurity regulations passed since 2008. Together, these regulations have vastly increased the workload on security teams already stretched thin by the sheer scale and complexity of modern software business services. The challenge posed by these … More

The post Why zero trust is crucial to compliance appeared first on Help Net Security.

Chrome extension devs must drop deceptive installation tactics

After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out content, Google has followed up with announcements for a few more changes meant “to create stronger security, privacy, and performance guarantees”: Chrome extension developers must ditch any deceptive installation tactic they have been using Extensions must only request access to the appropriate data needed to implement their features Extensions that handle user-provided … More

The post Chrome extension devs must drop deceptive installation tactics appeared first on Help Net Security.

Siemens LOGO!, a PLC for small automation projects, open to attack

LOGO!, a programmable logic controller (PLC) manufactured by Siemens, sports three vulnerabilities that could allow remote attackers to reconfigure the device, access project files, decrypt files, and access passwords. About LOGO! LOGO! is an intelligent logic module meant for small automation projects in industrial (control of compressors, conveyer belts, door control, etc.), office/commercial and home settings (lighting control, pool-related control tasks, access control, etc.). It is deployed worldwide and can be controlled remotely. About the … More

The post Siemens LOGO!, a PLC for small automation projects, open to attack appeared first on Help Net Security.

Researchers fight ransomware attacks by leveraging properties of flash-based storage

Ransomware continues to pose a serious threat to organizations of all sizes. In a new paper, “Project Almanac: A Time-Traveling Solid State Drive,” University of Illinois students Chance Coats and Xiaohao Wang and Assistant Professor Jian Huang from the Coordinated Science Laboratory look at how they can use the commodity storage devices already in a computer, to save the files without having to pay the ransom. Recovering data encrypted by a variety of ransomware families … More

The post Researchers fight ransomware attacks by leveraging properties of flash-based storage appeared first on Help Net Security.

New infosec products of the week: May 31, 2019

SailPoint Predictive Identity platform: The future of identity governance SailPoint unveiled the SailPoint Predictive Identity platform, the intelligent cloud identity platform of the future that accelerates the industry to the next generation of identity governance. The solution automates identity processes using AI-driven recommendations while finding new areas of access and bringing them under governance with auto-discovery. Zyxel SD-WAN gets security, usability and speed boost Zyxel SD-WAN provides a reliable and secure WAN through an annual … More

The post New infosec products of the week: May 31, 2019 appeared first on Help Net Security.

What mechanisms can help address today’s biggest cybersecurity challenges?

In this Help Net Security podcast, Syed Abdur Rahman, Director of Products with unified risk management provider Brinqa, talks about their risk centric knowledge-driven approach to cybersecurity problems like vulnerability management, application security and cloud and container security. Here’s a transcript of the podcast for your convenience. Hi, my name is Syed Abdur and I’m the Director of Products at Brinqa, where I’m responsible for product management and technical product marketing. Brinqa is a cyber … More

The post What mechanisms can help address today’s biggest cybersecurity challenges? appeared first on Help Net Security.

Attackers are exploiting WordPress plugin flaw to inject malicious scripts

Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company has discovered 47 affected sites (some have been cleaned up in the meantime) but that number is unlikely to be final. The source of the compromise The stored cross-site script vulnerability vulnerability the attackers are exploiting was discovered by Sucuri researchers earlier this year and the plugin developers … More

The post Attackers are exploiting WordPress plugin flaw to inject malicious scripts appeared first on Help Net Security.

G Suite to get Gmail confidential mode, on by default

Earlier this year, Google introduced Gmail confidential mode for both consumer and G Suite users. While the former were able to use it immediately, the latter depended on whether their domain admin chose to enable it (as it was and is still in beta). But, starting on June 25, the feature will be turned on by default and it will be on admins to turn it off – if they don’t explicitly choose to disable … More

The post G Suite to get Gmail confidential mode, on by default appeared first on Help Net Security.

A veteran’s look at the cybersecurity industry and the problems that need solving

For many in the infosec industry, Daniel Miessler needs no introduction, as he’s a 20-year industry veteran, a professional that fulfilled a variety of security roles at companies like HP and IOActive, a leader of the OWASP IoT Security Project and, most prominently, the author of the popular Unsupervised Learning podcast, newsletter and blog. Apart from effectively curating and summarizing content produced by others, Miessler is also the source of interesting ideas and occasionally unorthodox … More

The post A veteran’s look at the cybersecurity industry and the problems that need solving appeared first on Help Net Security.

Security overconfidence and immaturity continue to endanger organizations

The majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector, according to Centrify and Techvangelism. Seventy-nine percent of organizations do not have a mature approach to Privileged Access Management (PAM), yet 93% believe they are at least somewhat prepared against threats that involve privileged credentials. This overconfidence and immaturity are underscored by 52% of organizations surveyed stating they do not use a password vault, indicating that the majority … More

The post Security overconfidence and immaturity continue to endanger organizations appeared first on Help Net Security.

Businesses are struggling to implement adequate IAM and PAM processes, practices and technologies

Businesses find identity and access management (IAM) and privileged access management (PAM) security disciplines difficult yet un-concerning. The results infer that IAM- and PAM-related security tasks may be deprioritized or neglected, potentially exposing organizations to data breaches and other cyber risks. Conducted at RSA Conference in early March 2019, One Identity’s study polled 200 conference attendees on their biggest security challenges and concerns, as well as their workplace behaviors related to network and system access. … More

The post Businesses are struggling to implement adequate IAM and PAM processes, practices and technologies appeared first on Help Net Security.

When it comes to email-based threats, Emotet dominates

Emotet displaced credential stealers, stand-alone downloaders and RATs and became the most prominent threat delivered via email, Proofpoint has shared. According to the firm’s statistics, in Q1 2019 a whooping 61 percent of all malicious payloads distributed via email were Emotet. The nature of the malicious payloads Emotet started its life as a banking Trojan, but has morphed over time and became a malware multi-tool, capable of downloading additional malware, stealing passwords, performing brute-force attacks … More

The post When it comes to email-based threats, Emotet dominates appeared first on Help Net Security.

BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable

Two weeks have passed since Microsoft released security fixes and mitigation advice to defang expected exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable unauthenticated remote code execution flaw in Remote Desktop Services (RDP). The vulnerability, reported by UK’s National Cyber Security Centre (NCSC), has the potential to be the means for attacks that could rival the 2017 WannaCry onslaught and NotPetya attacks. A recent scanning effort by Robert Graham, head of offensive security research … More

The post BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable appeared first on Help Net Security.

IoT cyberattacks are the new normal, the security mindset isn’t

Eight in ten organizations have experienced a cyberattack on their IoT devices in the past 12 months, according to new research by Irdeto. Of those organizations, 90% experienced an impact as a result of the cyberattack, including operational downtime and compromised customer data or end-user safety. This demonstrates the security limitations of many IoT devices and the need for organizations to think carefully about a cybersecurity strategy amidst an IoT deployment. The impact of IoT … More

The post IoT cyberattacks are the new normal, the security mindset isn’t appeared first on Help Net Security.

Structural integrity: Quantifying risk with security measurement

In my previous post, we set up the foundation for a risk quantification program. Many organizations have begun this part of their security strategy and are learning how to approach this challenge, which has plagued the security industry for years. In this part, we talk about how a winning security metrics strategy aligns with the business’ goals and objectives and lay out the framework to develop the metrics strategy. Security metrics are business metrics A … More

The post Structural integrity: Quantifying risk with security measurement appeared first on Help Net Security.

SD-WAN alone cannot address the networking challenges of digital business

Enterprise IT professionals are turning to managed services for their SD-WAN deployments. At the same time, a new Cato Networks survey finds legacy telco services inadequately address customer expectations around speed, agility, and overall value. “The digital business demands a faster, more agile network to drive growth and compete effectively in the marketplace. Legacy telcos rely on rigid, fragmented, and expensive bundles of point solutions — an approach incompatible with the digital business. To support … More

The post SD-WAN alone cannot address the networking challenges of digital business appeared first on Help Net Security.

GitHub introduces Dependabot-powered automated security fixes

GitHub, the largest code-hosting site in the world, has announced many new features and changes at the 2019 GitHub Satellite conference that took place last week in Berlin. The feature that drew the most attention is GitHub Sponsors, which will allow users to financially support developers and maintainers of software they use every day. Microsoft – GitHub’s owner since October 2018 – has waived platform fees for sponsors, has pledged to cover payment processing fees … More

The post GitHub introduces Dependabot-powered automated security fixes appeared first on Help Net Security.

Handle personal data: What we forget is as important as what we remember

This spring, Facebook addressed the issue of permanence across its messaging platforms – from Instagram to Messenger to WhatsApp – with the aim to “set a new standard” for consumers’ private communication platforms. Shortly after, Telegram took it further, announcing new capabilities that enable users to delete any message in both ends of any private chat, at any time. While these announcements focus on the consumer audience, global businesses have been grappling with the same … More

The post Handle personal data: What we forget is as important as what we remember appeared first on Help Net Security.

How to diminish the great threat of legacy apps

The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in Apache Struts was exploited. The reality is enterprises are supporting an ever-growing number of applications, both commercial and homegrown which has created many challenges in maintaining proper security patches for even the most critical applications. That same challenge becomes even more difficult when you consider legacy enterprise applications that are … More

The post How to diminish the great threat of legacy apps appeared first on Help Net Security.

Most global workers noticed stricter policies at work as a result of GDPR

When enforcement of the GDPR went into effect on May 25, 2018, it had worldwide implications on data protection and privacy legislation. One year later, there are conflicting sentiments from the global workforce about whether the regulation has been effective, according to Snow Software. A new survey, which polled 3,000 professionals in the United States, Europe and Asia Pacific region, found that only 39% of respondents feel their personal data is better protected since GDPR … More

The post Most global workers noticed stricter policies at work as a result of GDPR appeared first on Help Net Security.

Volume and quality of training data is the largest barrier to applying machine learning

IDC predicts worldwide spending on artificial intelligence (AI) systems will reach $35.8 billion in 2019, and 84% of enterprises believe investing in AI will lead to greater competitive advantages (Statista). However, nearly eight out of 10 enterprise organizations currently engaged in AI and machine learning (ML) report that projects have stalled, and 96% of these companies have run into problems with data quality, data labeling required to train AI, and building model confidence, according to … More

The post Volume and quality of training data is the largest barrier to applying machine learning appeared first on Help Net Security.

US charges Assange with 17 counts under Espionage Act

The US Department of Justice has hit WikiLeaks founder Julian Assange with 17 charges related to illegally obtaining, receiving and disclosing classified information related to the national defense. He is charged with violating the Espionage Act. The conspiracy to commit computer intrusion charge revealed in April, when Assange was arrested in London after having been carried out of Ecuador’s Embassy following the country’s asylum revocation, has been incorporated in this batch of charges. US government … More

The post US charges Assange with 17 counts under Espionage Act appeared first on Help Net Security.

How mainstream media coverage affects vulnerability management

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive plus. But among those people are also partners and regulators, and executives and boards of directors who may demand their … More

The post How mainstream media coverage affects vulnerability management appeared first on Help Net Security.

New infosec products of the week: May 24, 2019

Infocyte HUNT Cloud for AWS: Detection and IR for high-growth cloud environments Infocyte announced the availability of Infocyte HUNT Cloud for AWS, a solution combining detection and IR for high-growth cloud environments, unlike traditional endpoint protection platforms which don’t address cloud workloads. The solution features agentless deployment through AWS APIs and AI to identify, categorize and respond to persistent, hidden and other advanced threats and vulnerabilities. JASK launches a new Heads Up Display for security … More

The post New infosec products of the week: May 24, 2019 appeared first on Help Net Security.

Solving the network visibility problem with NaaS

Network visibility is crucial for many things: making sure that the equipment works properly monitoring and tweaking the network’s performance and protecting it against attacks. “Network visibility also helps you update your cybersecurity strategy based on current threats. It’s important for the short term, as this is a very dynamic world, and for the long term because it allows an organization to improve its cyber resilience,” says Amit Bareket, CEO of Perimeter 81. The most … More

The post Solving the network visibility problem with NaaS appeared first on Help Net Security.

Enterprises: Analyze your IoT footprint to address security, privacy concerns

The Zscaler ThreatLabZ research team analyzed 56 million IoT device transactions to understand the types of devices in use, the protocols used, the locations of the servers with which they communicated, and the frequency of inbound and outbound communications. The analysis showed that more than 1,000 organizations have at least one IoT device transmitting data from the network to the internet via the Zscaler cloud platform. The most commonly detected IoT device categories included IP … More

The post Enterprises: Analyze your IoT footprint to address security, privacy concerns appeared first on Help Net Security.

If you haven’t yet patched the BlueKeep RDP vulnerability, do so now

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). But, as many infosec experts have noted, we’re not far off from when one is created and leveraged by attackers in the wild. With the vulnerability being wormable, when it hits, the exploit could end up compromising millions of systems around the world, … More

The post If you haven’t yet patched the BlueKeep RDP vulnerability, do so now appeared first on Help Net Security.

How to write an effective data breach notification?

Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found. The problem(s) The researchers have analyzed 161 data breach notifications sent by companies to US consumers between January and June 2018, and discovered that: Most were lengthy and would be difficult to understand for the general public (they require advanced reading skills). Many companies downplay or obscure the likelihood of the receiver being … More

The post How to write an effective data breach notification? appeared first on Help Net Security.

Data privacy: A hot-button issue for Americans one year after GDPR

The General Data Protection Regulation (GDPR) went into effect in the European Union a year ago this month. GDPR, which gives EU citizens more control over their personal data by mandating how businesses must handle that information, has attracted great interest around the world. In addition, it has inspired government officials elsewhere in the world to develop laws addressing consumer data privacy concerns. In recognition of GDPR’s first anniversary, nCipher Security conducted a survey to … More

The post Data privacy: A hot-button issue for Americans one year after GDPR appeared first on Help Net Security.

Cybercriminals continue to evolve the sophistication of their attack methods

Cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities, according to the Fortinet latest report. Pre- and post-compromise traffic Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximize opportunity to their benefit. When comparing Web filtering volume for … More

The post Cybercriminals continue to evolve the sophistication of their attack methods appeared first on Help Net Security.

Companies increasingly investing in container adoption, security remains an issue

87 percent of IT professionals are now running container technologies, with 90 percent of those running in production and 7 in 10 running at least 40 percent of their application portfolio in containers — an impressive increase from two years ago, when just 67 percent of teams were running container technologies in production, a Portworx and Aqua Security survey reveals. Hurdles Yet despite their pervasiveness, containers aren’t without hurdles: when asked to name their top … More

The post Companies increasingly investing in container adoption, security remains an issue appeared first on Help Net Security.

Official Tor Browser for Android available on Google Play

The Tor Project has released the first stable version of the Tor Browser for Android. The release is referred to as version 8.5, mainly to prevent confusion: Tor Browser releases for Windows, macOS, and Linux are currently on that version. About Tor Browser for Android The Tor Project released an alpha version of the app in September 2018 and has been working on tweaking it ever since. “Mobile browsing is increasing around the world, and … More

The post Official Tor Browser for Android available on Google Play appeared first on Help Net Security.

Getting ready for digital transformation: The biggest cybersecurity challenges

Digital transformation (DX) is becoming the largest driver of new technology investments and projects among businesses and IDC forecasts that global spending on DX will reach $1.18 trillion in 2019. But DX efforts come with many challenges that need to be effectively addressed so as not to hamper the success of companies’ digital transformation program and strategies. Convincing the leaders Those who have yet to start the process, the initial mission must be to make … More

The post Getting ready for digital transformation: The biggest cybersecurity challenges appeared first on Help Net Security.

The security challenges of managing complex cloud environments

Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios, a Cloud Security Alliance and AlgoSec study reveals. The survey of 700 IT and security professionals aims to analyze and better understand the state of adoption and security in current hybrid cloud and multi-cloud security environments, including public cloud, private cloud, or use of more than one public cloud platform. Key findings of the study include: Cloud … More

The post The security challenges of managing complex cloud environments appeared first on Help Net Security.

Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS

Historically, security teams and tools have used IP addresses to define their targets and scopes. But in a world where applications and networks are increasingly cloud-hosted or integrated with third-party services, IP addresses alone aren’t enough to ensure coverage. Modern perimeters are dynamic and constantly changing, which can lead organizations to have an inaccurate picture of their risk simply by failing to properly catalog what Internet facing assets they have. Testing against a stale set … More

The post Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS appeared first on Help Net Security.

Core Elastic Stack security features now available to all users

Elastic, the company developing enterprise search engine Elasticsearch and the Elastic Stack, has decided to make core Elastic Stack security features accessible to all users (and not just those who have a Gold subscription). What is the Elastic Stack? Elasticsearch is the most widely used enterprise search engine in the world. It is usually used for log, business, operational and security intelligence analytics. It is part of the Elastic Stack, an integrated solution that also … More

The post Core Elastic Stack security features now available to all users appeared first on Help Net Security.

Microsoft updates break AV software, again!

Microsoft’s May 2019 security fixes have again disrupted the normal functioning of some endpoint security products on certain Windows versions. Current problems “We have had a few customers reporting that following on from the Microsoft Windows 14th May patches they are experiencing a hang on boot where the machines appear to get stuck on ‘Configuring 30%’,” UK-based Sophos explained. “We have currently only identified the issue on a few customers running Windows 7 and Windows … More

The post Microsoft updates break AV software, again! appeared first on Help Net Security.

Five ways automating IAM saves you money

Identity is the foundation of security, so a robust automated identity and access management (IAM) system is by far the best way to keep your company’s information safe. It’s also a great way to increase efficiency and save money. It’s no wonder so many businesses are adopting IAM systems. The global market value of identity and access management systems has grown from $4.5 billion in 2012 to $7.1 billion in 2018. By 2021, it is … More

The post Five ways automating IAM saves you money appeared first on Help Net Security.

Traditional approach to data security hindering digital transformation initiatives

Security professionals who adopted a more traditional or reactive approach to their data protection and security program did not believe they would reach their digital transformation goals, according to a TITUS report. The report, “The Vital Role of Security in Digital Transformation,” is based on a survey conducted by Market Strategies International of more than 600 IT decision makers at leading brands across a diverse set of industries in the United States, Canada and the … More

The post Traditional approach to data security hindering digital transformation initiatives appeared first on Help Net Security.

On the path to Zero Trust security: Time to get started

No need to belabour the point. We all know that trying to defend the network perimeter is a bit futile in today’s mobile and cloud first world. So, the obvious question – what’s next? Vendors are quick to come to your aid with their latest, next generation, virtualized, machine learning and AI based security platform. Industry analysts on the other hand are proposing various security frameworks and approaches for reducing risk. Whether it’s Gartner with … More

The post On the path to Zero Trust security: Time to get started appeared first on Help Net Security.

Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too

Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new software or configuration changes. About Attack Surface Analyzer The initial version of the tool (v1.0, aka “classic”) was released in 2012 and worked only on Windows. It can be still downloaded, but is not supported any longer. This newest version (v.2.0) is built using .NET Core 2.1 and Electron, and … More

The post Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too appeared first on Help Net Security.

Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector

There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. The results were released in the Q1 2019 Vulnerability QuickView Report. CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities. Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD … More

The post Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector appeared first on Help Net Security.

New infosec products of the week: May 17, 2019

Alcide launches continuous security and hygiene scanner for Kubernetes and Istio Alcide Advisor is a continuous security and hygiene scanner for Kubernetes & Istio, which automatically scans for the widest range of compliance, security and governance risks and vulnerabilities. Already deployed in numerous customer environments, and fully integrated with the CI/CD pipeline, it empowers engineering teams to maintain engineering motion and identify security drifts and risks, even before they are introduced to production. Keysight Technologies … More

The post New infosec products of the week: May 17, 2019 appeared first on Help Net Security.

How can we give cybersecurity analysts a helping hand?

It’s tough being a cybersecurity analyst these days. Over the last few years we have been repeatedly reminded of the challenge they are now facing, primarily through the steady stream of high-profile data breaches that have hit the headlines. In the last month alone Microsoft has been in the news after suffering a breach that enabled hackers to access customer email accounts, while a breach at beleaguered social giant Facebook was believed to have left … More

The post How can we give cybersecurity analysts a helping hand? appeared first on Help Net Security.

Memory analysis is the ground truth

In recent years, enterprises have adopted next-gen endpoint protection products that are doing an admirable job detecting anomalies. For example, searching for patterns such as remote access to memory, modification of specific registry keys and alerting on other suspicious activities. However, typically anomalies only provide us with an indication that something is wrong. In order to understand the root problem, respond and ensure that a machine is entirely clean, we must search for the malicious … More

The post Memory analysis is the ground truth appeared first on Help Net Security.

Intel MDS attack mitigation: An overview

Intel has revealed on Tuesday that some of its CPUs are vulnerable to a number of new speculative execution attacks that may allow attackers to stealing sensitive data and keys/passwords. ZombieLoad, RIDL and Fallout attacks have been extensively written about by the various groups of researchers that came up with them, but many customers and enterprise users are still unclear on whether these could affect them and what they can do to protect themselves. A … More

The post Intel MDS attack mitigation: An overview appeared first on Help Net Security.

Identity theft victims could lead us to accept more security-improving friction

Far too many individuals who have never been victims of identity theft and financial crimes don’t understand how devastating those are to victims. “There are many victim services organizations that assist violent crime victims and the understanding of the trauma and the victim experience is not questioned (which is very appropriate and as it should be),” Eva Velasquez, president and CEO of the Identity Theft Resource Center (ITRC), told Help Net Security. After all, we … More

The post Identity theft victims could lead us to accept more security-improving friction appeared first on Help Net Security.

CISOs: What would you do over?

Just after the new year I was catching up with a CISO over lunch in Pike Place Market in Seattle. We were reminiscing about how tough it is to get a security program up and running in the beginning. Pausing to dip his taco in the excellent house salsa, he commented, “Y’know, if I had to do it all over again…” and he proceeded to tell me a story. My brain twitched with possibilities—here was … More

The post CISOs: What would you do over? appeared first on Help Net Security.

When all else fails, organizations realize they must share threat intel

A large majority of security IT decision makers are ready and willing to share valuable threat intelligence data to help the collective industry make better, more informed decisions when it comes to cyber attacks, an IronNet Cybersecurity report reveals. To compile the “Collective Offense Calls for a Collective Defense: A Reality Check for Cybersecurity Decision Makers” report, IronNet commissioned survey firm Vanson Bourne to interview 200 U.S. security IT decision makers across many industries including … More

The post When all else fails, organizations realize they must share threat intel appeared first on Help Net Security.

Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities

For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a “wormable” RDP flaw that is expected to be weaponised by attackers very soon. About CVE-2019-0708 It’s a remote code execution vulnerability in Remote Desktop Services (formerly known as Terminal Services) that allows unauthenticated attackers to connect to the target system using RDP and send specially crafted requests. The flaw … More

The post Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities appeared first on Help Net Security.

What does it take to be an infosec product strategist?

Choosing a security product that will best fit your organization’s needs is a challenge exacerbated by the “polluted, turbulent sea of ineffectual security products” that you’ll need to wade through in order to find the right and effective solution. “I tend to maintain an overwhelming sense that the majority of security products exist ‘just because’ – ‘just because’ the underlying technology seemed cool to build, ‘just because’ it is what has always been used despite … More

The post What does it take to be an infosec product strategist? appeared first on Help Net Security.

Security spring cleaning: 5 tips for tidying up network safeguards

Networks need regular cleaning just like your home, car or garage. Why? The answer is simple – poor security hygiene can lead to major data breaches. If you don’t regularly review your network, potential weaknesses and vulnerabilities will stack up. As we enter into spring cleaning season, now is as good a time as any for IT administrators and security professionals to catch up on yearly security maintenance. Here are several tasks that should be … More

The post Security spring cleaning: 5 tips for tidying up network safeguards appeared first on Help Net Security.