Category Archives: Featured news

Microsoft 365 security: Protecting users from an ever-evolving threat landscape

In this age of frequent security and data breaches, the statement “We take our customers’ privacy and security very seriously” has been heard from breached companies so often as to become a point of mockery, anger and frustration. But when Rob Lefferts, CVP of Microsoft 365 Security and Compliance, tells me the same thing (and the statement is not in response to a security breach), I believe him. If they didn’t, this cloud-based SaaS offering … More

The post Microsoft 365 security: Protecting users from an ever-evolving threat landscape appeared first on Help Net Security.

One hundred percent of endpoint security tools eventually fail

Endpoint security tools and agents fail, reliably and predictably, according to the 2019 Global Endpoint Security Trends Report from Absolute. From there, every additional security tool only amplifies complexity and increases the probability of failure and decay, in turn, exposing the dangers of equating IT security spending with security and risk maturity. The study analyzed data from six million devices and one billion change events over the course of a year. The endpoint has quickly … More

The post One hundred percent of endpoint security tools eventually fail appeared first on Help Net Security.

The perimeter is vanishing, how will you secure your network?

There’s a new reality to network security, driven by the fact that the perimeter is vanishing. The concept of a network being fully enclosed within a building or virtual organization, and therefore easier to defend, is gone. The concept of a defensible, impermeable perimeter is dead. This is not news to anyone who is in the position to protect an organization from cyberattacks, and we understand the challenges security teams face under these circumstances. What … More

The post The perimeter is vanishing, how will you secure your network? appeared first on Help Net Security.

Consumers willing to adopt smart payments but companies need to guarantee security

Smart payments adoption shows substantial growth, but consumers have significant security concerns. TNS’ Consumers Confirm Smart Payments Adoption report evaluates US, UK and Australian consumer experiences with and attitudes toward smart payment technologies on Internet of Thing (IoT) based devices, including voice assistants, Wi-Fi refrigerators and connected cars. It reveals that an impressive 26% of respondents that own a voice assistant have used it to make a payment, 57% would be willing to make a … More

The post Consumers willing to adopt smart payments but companies need to guarantee security appeared first on Help Net Security.

Which organizations place a premium on security and privacy?

70 percent of websites qualified for the 2018 Online Trust Audit and Honor Roll, the highest proportion ever, and up from 52 percent in 2017, driven primarily by improvements in email authentication and session encryption. This tenth annual audit of more than 1,200 predominantly consumer-facing websites was expanded this year to include payment services, video streaming, sports sites, and healthcare. The Federal government category surged to the front with 91 percent of sites placing on … More

The post Which organizations place a premium on security and privacy? appeared first on Help Net Security.

HITB Haxpo 2019: Celebrating the culture of hacking through the years

HITB Haxpo is a free and open to public exposition for everyone interested in hacking, security, privacy and technology. Organized by the same folks who run the HITB Security Conference, HITB Haxpo is where the latest technology is showcased, the best hackers are gathered and where art of the hack is celebrated. HITB Haxpo 2019 will showcase the journey of the hacker culture over the years – from the joys of the past, the current … More

The post HITB Haxpo 2019: Celebrating the culture of hacking through the years appeared first on Help Net Security.

Attention CISOs: Five steps to get the security funding you need

Going in front of the board to request or increase your security funding is no easy task – especially when the organization is facing budget restraints or, worse, the board does not agree with your sense of urgency in securing the organization. If you’re about to make such a presentation, remember your focus should be describing your organization’s overall cyber security maturity, risks caused by company deficiencies, existing risk position based on current weaknesses, and … More

The post Attention CISOs: Five steps to get the security funding you need appeared first on Help Net Security.

What’s in a cybersecurity question? Getting to the root of cyber insights

The day to day practice of cybersecurity is based around asking questions. How do I secure my applications? How do I protect my data’s integrity? How do I manage storage and access? We all know the countless challenges of being on the front lines of cybersecurity. The barrage of new threats, the mundanity of being reactive, and the disconnect between security teams and executives. These problems aren’t new. But they subsist. Stubbornly. Unwavering. Now to … More

The post What’s in a cybersecurity question? Getting to the root of cyber insights appeared first on Help Net Security.

What you can expect at Cyber Week 2019

Cyber Week is a large international cybersecurity event, hosted each year at Tel Aviv University in Israel. Over the past eight years, Cyber Week has become internationally acclaimed as one of the top cybersecurity events in the world. In this interview with Help Net Security, Major Gen. (Ret.) Prof. Isaac Ben-Israel, Director of the ICRC – Blavatnik Interdisciplinary Cyber Research Center, talks about this unique gathering of cybersecurity experts, industry leaders, startups, investors, academics, diplomats, … More

The post What you can expect at Cyber Week 2019 appeared first on Help Net Security.

Cyber espionage and sabotage attacks pose an increasing threat to the energy industry

Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time. As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences. “Espionage and sabotage … More

The post Cyber espionage and sabotage attacks pose an increasing threat to the energy industry appeared first on Help Net Security.

Banks continue to prioritize risk management over customer convenience

Almost three in four banks in Asia Pacific anticipate that fraud in their country will increase in 2019, according to a recent poll by FICO. Of specific concern are transactions completed when neither the card nor the cardholder is physically present (card-not-present or CNP fraud), as well as cards taken out by criminals under false identities (application fraud). These were identified as the two key concerns, as well as the biggest fraud challenges faced by … More

The post Banks continue to prioritize risk management over customer convenience appeared first on Help Net Security.

Employee cybersecurity essentials part 2: Lost devices and unsafe connections

Security is only as strong as its weakest link, and as we have seen, that includes your employees. Faulting workers for behavior they’ve become accustomed to in their private lives is tricky. It can reinforce ITs added challenge of protecting company assets by having to address employees’ daily habits, some of which can jeopardize the organization’s security posture. First, employees need education – for example, those who regularly use public Wi-Fi, Bluetooth, or USB drives … More

The post Employee cybersecurity essentials part 2: Lost devices and unsafe connections appeared first on Help Net Security.

Bad security hygiene still a major risk for enterprise IT networks

Unpatched vulnerabilities, along with growing network and application complexity pose an ongoing security risk which could threaten the security of enterprise IT networks. Analyzing the biggest security findings over the past year, Keysight has released the third annual security report from Ixia’s Application and Threat Intelligence (ATI) Research Center. Humans are the weakest link In 2018, Ixia detected 662,618 phishing pages in the wild, and 8,546,295 pages hosting or infected by malware – so a … More

The post Bad security hygiene still a major risk for enterprise IT networks appeared first on Help Net Security.

As IT security automation increases, so does the need for highly skilled staff

The adoption of automation for IT security functions is on the rise across the US, UK and APAC, the latest DomainTools/Ponemon report has shown. The report, which is based on answers from over 1,400 IT and IT security practitioners who participate in attracting, hiring, promoting and retaining IT security personnel within their companies, says that the US is embracing automation at a faster pace than in other areas, with 79 percent of respondents saying they … More

The post As IT security automation increases, so does the need for highly skilled staff appeared first on Help Net Security.

What is driving organizations’ cloud adoption?

Cloud adoption is gaining momentum, as 36 percent of organizations are currently in the process of migrating to the cloud while close to 20 percent consider themselves to be in the advanced stages of implementation, according to the second annual cloud usage survey by data virtualization company Denodo. Due to the number of ways data is stored and the amount of time it takes to migrate these sources to the cloud, hybrid cloud is the … More

The post What is driving organizations’ cloud adoption? appeared first on Help Net Security.

Google introduces many G Suite security enhancements

Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. But at the event Google also announced a number of G Suite enhancements, many of which are aimed at improving user and enterprise security. Some of the features are still in beta. Some are available to users of all G Suite editions, others only … More

The post Google introduces many G Suite security enhancements appeared first on Help Net Security.

Healthcare orgs have to achieve true cybersecurity, not only compliance

How many organizations in the healthcare sector are conforming with the HIPAA Security and Privacy Rules and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)? According to a report by CynergisTek, which is based on aggregate ratings from privacy and security assessments performed in 2018 at nearly 600 healthcare provider organizations and business associates across the US, an average of 72% of orgs conform with the HIPAA’s rules and a 47% with … More

The post Healthcare orgs have to achieve true cybersecurity, not only compliance appeared first on Help Net Security.

Manufacturing sector most vulnerable to insider threats

Almost three quarters of the 650+ international IT professionals Gurucul canvassed said they are vulnerable to insider threats, and ranked user error (39%) and malicious insiders (35%) ahead of account compromise (26%) as their leading concern. Small enterprises reported being least vulnerable, while manufacturing companies led all sectors for being exceedingly vulnerable. Meanwhile, nearly half of them said they can’t detect insider threats before data has left the organization. “Insider threats have emerged as the … More

The post Manufacturing sector most vulnerable to insider threats appeared first on Help Net Security.

The top emerging risks organizations are facing

Gartner surveyed 98 senior executives across industries and geographies and found that “accelerating privacy regulation” had overtaken “talent shortages” as the top emerging risk in the Q1 2019 Emerging Risk Monitor survey. Concerns around privacy regulations were consistently spread across the globe, denoting the increasingly numerous and geographically specific regulations that companies must now comply with. “With the General Data Protection Regulation (GDPR) now in effect, executives realize that complying with privacy regulations is more … More

The post The top emerging risks organizations are facing appeared first on Help Net Security.

The correlation between DDoS attacks and cryptomining

There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month. DDoS attacks in 2018 In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence … More

The post The correlation between DDoS attacks and cryptomining appeared first on Help Net Security.

Enterprise VPN apps store authentication and session cookies insecurely

CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be determined number of enterprise Virtual Private Network (VPN) applications. “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” Carnegie Mellon University’s CERT Coordination Center (CERT/CC) explained. “An attacker would then … More

The post Enterprise VPN apps store authentication and session cookies insecurely appeared first on Help Net Security.

77% of orgs lack a cybersecurity incident response plan

How prepared are organizations when it comes to withstanding and recovering from a cyberattack? The fourth annual benchmark study on Cyber Resilience by IBM Security and the Ponemon Institute showed that 77 percent of them are still do not have a cybersecurity incident response plan applied consistently across the enterprise. Of the organizations surveyed that do have a plan in place, more than half (54%) do not test their plans regularly, which can leave them … More

The post 77% of orgs lack a cybersecurity incident response plan appeared first on Help Net Security.

The surveillance economy has set its sights on smartphone sensors

The most successful companies of our time are those who’ve mastered user data – collecting it, analyzing it and profiting from it – typically at the expense of user privacy. The Internet of things (IoT) has given tech companies, advertisers, data brokers and others in the surveillance economy the ability to track not just the actions we take on our screens but the actions we take in our homes, including what we say and what … More

The post The surveillance economy has set its sights on smartphone sensors appeared first on Help Net Security.

How password-less security benefits helpdesks

IT departments and helpdesk teams are desperately overworked and understaffed, and unfortunately, they continue to get inundated with even more tasks. Helpdesk teams are there for everything from huge system outages to simple password resets, and everything in between. As the list of helpdesk tasks continues to grow, IT teams can improve efficiency and effectiveness by making changes to eliminate some of the most mundane and time-consuming tasks. Chief among these are password resets. The … More

The post How password-less security benefits helpdesks appeared first on Help Net Security.

WPA3 design flaws affect security of new Wi-Fi standard

Researchers have discovered a number of design flaws affecting the security of the recently introduced WPA3 data transmission protocol. Collectively dubbed Dragonblood (because they affect WPA3’s Dragonfly handshake), they can be exploited to mount a DoS attack against a vulnerable access point or, more worryingly, to recover the password of a Wi-Fi network. “Attackers can then read information that WPA3 was assumed to safely encrypt. This can for example be abused to steal sensitive information … More

The post WPA3 design flaws affect security of new Wi-Fi standard appeared first on Help Net Security.

WikiLeaks’ Julian Assange arrested in London

Wikileaks founder Julian Assange has been arrested by officers of the Metropolitan Police at the Embassy of Ecuador in London. “He has been taken into custody at a central London police station where he will remain, before being presented before Westminster Magistrates’ Court as soon as is possible,” the Met confirmed. The arrest was executed on a warrant issued by Westminster Magistrates’ Court in 2012, for failing to surrender to the court. “The MPS had … More

The post WikiLeaks’ Julian Assange arrested in London appeared first on Help Net Security.

TRITON attackers detected at another critical infrastructure facility

The attackers who were first spotted wielding the custom TRITON framework have targeted another critical infrastructure facility, FireEye researchers have revealed on Wednesday. Although, since they seem to have been active since at least 2014, its quite likely that they have managed to get access to other target environments and may still be present in some of them. About TRITON When first detected and analyzed back in 2017, the TRITON (aka TRISIS) attack framework was … More

The post TRITON attackers detected at another critical infrastructure facility appeared first on Help Net Security.

Vendor risk management programs are running harder just to stay in place

Increasing pressures in the risk and regulatory environments continue to pose severe challenges to third-party vendor risk management (VRM) programs, a recent survey by Protiviti and the Shared Assessments Program has shown. But despite increased regulatory scrutiny at a global, national and state level, growing cyber threats and a riskier business environment, the overall maturity level of VRM programs has neither increased or decreased over the past 12 months. Survey findings The survey polled 554 … More

The post Vendor risk management programs are running harder just to stay in place appeared first on Help Net Security.

Regulating the IoT: Impact and new considerations for cybersecurity and new government regulations

In 2019 we have reached a new turning point in the adoption of IoT – more markets and industries are migrating to a cloud-based infrastructure, and as the IoT continues to gain popularity and more devices and data move online, lawmakers and legislators around the globe are taking note. An often-critiqued part of IoT growth is its impact on cybersecurity and concerns around the ability to keep networks secure from cyber-attacks as they grow in … More

The post Regulating the IoT: Impact and new considerations for cybersecurity and new government regulations appeared first on Help Net Security.

Finance knocks business and professional services off top spot in four most attacked industries

Finance is the most attacked sector in EMEA, accounting for 30% of all attacks – compared to 17% globally, according to NTT Security. It knocks business and professional services off the top spot, which was last year’s most attacked sector at 20%. The 2019 Global Threat Intelligence Report (GTIR) also reveals that the finance sector is joined by business and professional services (24%), technology (17%) and manufacturing (9%) in the list of top four attacked … More

The post Finance knocks business and professional services off top spot in four most attacked industries appeared first on Help Net Security.

Mainframe security is top priority for 85% of IT pros yet few are adequately protecting their systems

While 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security. The “Don’t Let Mainframe Security Complacency Leave Your Critical Customer Data At Risk” study commissioned by Key Resources and conducted by Forrester Consulting, surveyed 225 IT management and security decision makers at North American companies with $500 million or more in annual revenue. “Despite widespread awareness concerning the stakes, enterprises simply … More

The post Mainframe security is top priority for 85% of IT pros yet few are adequately protecting their systems appeared first on Help Net Security.

April 2019 Patch Tuesday: Microsoft fixes two actively exploited bugs

Microsoft has plugged 74 CVE-numbered security holes on this April 2019 Patch Tuesday, including two vulnerabilities actively exploited by attackers. All of the bugs are rated either Critical or Important. Adobe has also released security updates for many of its products, including the widely used Flash Player and Shockwave Player (the freeware software plug-in for viewing multimedia and video games in web pages). The Adobe updates Adobe has provided security updates for many software packages. … More

The post April 2019 Patch Tuesday: Microsoft fixes two actively exploited bugs appeared first on Help Net Security.

Hacking healthcare: A call for infosec researchers to probe biomedical devices

It is a brave new connected world out there and there is no shortage of cybersecurity risks associated with everything we do. We can’t even be sure that the technologies that keep as alive and healthy will work as intended if malicious actors set their sights on them. With innovative attacks against a variety of biomedical devices being demonstrated seemingly every day, ransomware attacks might end up to be the least of our and the … More

The post Hacking healthcare: A call for infosec researchers to probe biomedical devices appeared first on Help Net Security.

What hackers inside your company are after: Convenience

Digital transformation is not a technology trend. Rather, it is a convenience trend. Businesses are changing because customer expectations demand it. Each day, consumers find yet another use for mobile connectivity. Corporations, meanwhile, hasten the rush of data into the cloud. And the so-called Internet of Things, or IoT, is woven more tightly into the fabric of our lives. The truth is we’ve all become addicted to the amazing, modern conveniences driven mainly by advances … More

The post What hackers inside your company are after: Convenience appeared first on Help Net Security.

Closed loop automation combats IoT security threats in the 5G age

The 5G race is on as carriers prepare for the onset of the next wireless generation in their own ways. While some have pseudo-definitions of 5G, others like Verizon and AT&T, are leading the 5G wars in a marketing-defined battle. Regardless of current status, the reality is that 5G will reach millions with nationwide and global launches giving rise to explosive connectivity growth. A recent report from Cisco reminds us of the tremendous proliferation of … More

The post Closed loop automation combats IoT security threats in the 5G age appeared first on Help Net Security.

Windows 10: New update controls for end users, automatic removal of broken updates

It seems that last year’s Windows 10 updating troubles have spurred Microsoft to make some changes to the operating system’s update experience and the company’s quality testing of updates. “In previous Windows 10 feature update rollouts, the update installation was automatically initiated on a device once our data gave us confidence that device would have a great update experience. Beginning with the Windows 10 May 2019 Update, users will be more in control of initiating … More

The post Windows 10: New update controls for end users, automatic removal of broken updates appeared first on Help Net Security.

Coinhive stops digging, but cryptomining still dominates

While cryptomining services such as Coinhive have closed down, cryptominers are still the most prevalent malware aimed at organizations globally, according to the Check Point Global Threat Index for March 2019. As announced last month, both Coinhive and Authedmine stopped their mining services on March 8th. For the first time since December 2017, Coinhive dropped from the Index’s top position but, despite having only operated for eight days in March, it was still the 6th … More

The post Coinhive stops digging, but cryptomining still dominates appeared first on Help Net Security.

Gain immediate visibility into your actual cyber risk for free

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today, is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering based on more than 72 hours of data collection and enabling organizations to benchmark their security posture against their industry vertical peers and take actions accordingly. Cynet Free Threat … More

The post Gain immediate visibility into your actual cyber risk for free appeared first on Help Net Security.

PoC exploit for Carpe Diem Apache bug released

Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a proper exploit. I added tons of comments, it is meant to be educational as well,” he noted, but added that it “might fail for a dozen of reasons.” Still, it might help attackers to create a more stable one and deploy it in attacks, so admins – … More

The post PoC exploit for Carpe Diem Apache bug released appeared first on Help Net Security.

Is your organization getting physical security right?

For most organizations (and especially for tech companies), the physical security of data centers and headquarters is of the utmost importance. As Tim Roberts, a senior security consultant with NTT Security’s Threat Services group, duly points out, “it won’t matter if your data is encrypted or how secure your virtual network is if an attacker just walks in the door and gains access physically.” The most common physical security breach tools and tactics Roberts and … More

The post Is your organization getting physical security right? appeared first on Help Net Security.

Adhering to the mobility requirements of NIST 800-171 does not have to keep you awake at night

The majority of companies in the United States and Europe are required to comply with at least one IT security regulation – often times more. This forces companies to exert strong control over how data is transferred, accessed and maintained throughout its lifecycle. One particularly toothy regulation is referred to as NIST SP 800-171, and it requires that all non-federal organizations that want to continue working with U.S. government agencies need to be compliant with … More

The post Adhering to the mobility requirements of NIST 800-171 does not have to keep you awake at night appeared first on Help Net Security.

Framing supply chain attacks

The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice. As the NIST puts it, “This ecosystem has evolved to provide a set of highly refined, cost-effective, reusable ICT solutions.”. … More

The post Framing supply chain attacks appeared first on Help Net Security.

90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited

90% of OT organizations stated their environments had been damaged by at least one cyberattack over the past two years, with 62% experiencing two or more attacks. These are the results of the Tenable “Cybersecurity in Operational Technology: 7 Insights You Need to Know” report, an independent study by the Ponemon Institute. Key highlights from the study include: Insufficient visibility into the attack surface: 80% of respondents cited lack of visibility into the attack surface … More

The post 90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited appeared first on Help Net Security.

FileTSAR: Free digital forensic investigations toolkit for law enforcement

Purdue University cybersecurity experts have created FileTSAR, an all-in-one digital forensic investigations toolkit for law enforcement. About FileTSAR FileTSAR, which stands for Toolkit for Selective Analysis & Reconstruction of Files, combines open source tools and code wrappers to provide a tool for network forensic investigators to capture, selectively analyze, and reconstruct files from network traffic. The toolkit collects data at the network packet level and allows investigators to reconstruct documents, images, email and VoIP sessions … More

The post FileTSAR: Free digital forensic investigations toolkit for law enforcement appeared first on Help Net Security.

Magento sites under attack through easily exploitable SQLi flaw

A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it. Magento devs, if you haven't patched already, do it ASAP. We've already seen attempts at two of our shops using the published POC. We're safe because we already patched every shop on Wednesday. https://t.co/5nZjMGBEUu — Peter Jaap Blaakmeer … More

The post Magento sites under attack through easily exploitable SQLi flaw appeared first on Help Net Security.

Perimeter solutions: Do layers of security make a difference?

As an enterprise, it is always important to constantly reevaluate information security solutions. When doing so, take a good look at the perimeter solutions in place and their associated detection mechanisms. What’s interesting is that many vendors that offer detection offerings use more than one solution as their engines. Some of these detection mechanisms are developed in-house, others combine with external solutions and some collaborate with other vendors to provide a solution with improved security. … More

The post Perimeter solutions: Do layers of security make a difference? appeared first on Help Net Security.

CIOs and CISOs hold off on crucial updates due to potential impact on business operations

CIOs and CISOs around the world have held back from implementing critical measures that keep them resilient against disruption and cyber threats. Over eight out of ten (81%) said that they have refrained from adopting an important security update or patch, due to concerns about the impact it might have on business operations. In fact, over half (52%) said they had done so on more than one occasion, according to the new research released by … More

The post CIOs and CISOs hold off on crucial updates due to potential impact on business operations appeared first on Help Net Security.

Securing your app and driving down call center fraud

In this Help Net Security podcast, Angie White, Product Marketing Manager at iovation, talks about how optimizing the customer journey through your mobile app can help you optimize your call center. Here’s a transcript of the podcast for your convenience. Hi, this is Angie White, Product Marketing Manager for Iovation, a TransUnion company. In this Help Net Security podcast, I’m going to discuss how optimizing the customer journey through your mobile app can help you … More

The post Securing your app and driving down call center fraud appeared first on Help Net Security.

Insights gained from working on more than 750 cybersecurity incidents

Many entities face the same security risks so it is essential to have an insight on how to manage them and respond in case of occurrence. BakerHostetler’s privacy and data protection team released its 2019 Data Security Incident Response Report, which leverages the metrics and insights drawn from 750 potential incidents in 2018 to help entities identify and prioritize the measures necessary to address their digital risk posture. “Privacy laws around the globe are shifting … More

The post Insights gained from working on more than 750 cybersecurity incidents appeared first on Help Net Security.

The unique business-critical threats facing converged IT-OT systems

Manufacturing networks still running outdated technology could risk their intellectual property and production processes. The Trend Micro report, Securing Smart Factories: Threats to Manufacturing Environments in the Era of Industry 4.0, outlines the security dimension of a new era for manufacturing driven by IoT and connectivity everywhere. Manufacturers are heavily investing in the convergence of traditional operational technology (OT) with IT networks in 2019, adding new technology to environments that are still vulnerable to more … More

The post The unique business-critical threats facing converged IT-OT systems appeared first on Help Net Security.

Scaling innovation is critical for digital transformation success, but clearly presents a challenge

Standout industrial companies have found highly effective ways to scale their digital innovation efforts, resulting in much higher returns on digital investment. These “Champions” consistently scale more of their proofs of concepts (PoCs) and achieve higher-than-average returns on their efforts compared to their peers. For the new Industry X.0 research, which was unveiled at Hannover Messe in Germany, Accenture surveyed 1,350 senior and C-suite executives from industrial businesses across 13 industries, representing both discrete and … More

The post Scaling innovation is critical for digital transformation success, but clearly presents a challenge appeared first on Help Net Security.

Consumer routers targeted by DNS hijacking attackers

Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks. Targeted Cisco routers The Cisco routers targeted are Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers. The exploited vulnerabilities are CVE-2019-1653, CVE-2019-1652, and CVE-2019-1828. All three are in the web-based management interface of the routers and could allow … More

The post Consumer routers targeted by DNS hijacking attackers appeared first on Help Net Security.

April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits

April Patch Tuesday is nearly here with two significant topics of concern. The first relates to end-of-service milestones and the second issue is browser exploits. Let’s start with end-of-service. This is a fitting topic this month given we have two Windows 10 versions that are hitting end of service milestones in April, but I do want to expand the conversation beyond Windows 10 to discuss Windows 7, Server 2008 and 2008 R2, Flash Player, Java … More

The post April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits appeared first on Help Net Security.

WHOIS after GDPR: A quick recap for CISOs

2018 was a big year for data protection with the implementation of the General Data Protection Regulation (GDPR) last May — forcing CISOs and other professionals to rethink how the personal data of European consumers should be collected and processed. Taking a closer a look at WHOIS in connection to that, the protocol gives access to public domain data including TLDs and ccTLDs as well as more personal information like the names and addresses of … More

The post WHOIS after GDPR: A quick recap for CISOs appeared first on Help Net Security.

Only 12% of enterprises are consistently able to detect insider threats

73 percent of IT professionals believe that insider attacks have become more frequent in the past year. Additionally, 59 percent said that their organizations experienced at least one insider attack over the last 12 months. As corporate data moves to more devices and cloud applications, failing to implement the appropriate security controls will only serve to further enable these threats. In partnership with a leading cybersecurity community, Bitglass surveyed IT professionals about insider threats, as … More

The post Only 12% of enterprises are consistently able to detect insider threats appeared first on Help Net Security.

What is shadow mining and why is it a security threat?

The majority of organizations are overlooking the threat of shadow mining, with 65 percent of organizations unfamiliar with the term and more than half (57 percent) unfamiliar with the wider-but-related threat of cryptojacking. Cryptojacking is an external threat that occurs when a hacker compromises a privileged user to covertly ‘mine’ cryptocurrencies using an organization’s IT resources. Yet, shadow mining – a form of shadow IT – occurs when a malicious insider compromises their organization’s computing … More

The post What is shadow mining and why is it a security threat? appeared first on Help Net Security.

New infosec products of the week: April 5, 2019

Free cybersecurity threat assessment for midsize and large organizations Cynet unveiled the Cynet Threat Assessment program. The free offering for organizations with 500 or more endpoints identifies critically exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment, as well as security scoring relative to industry peers. 0patch PRO simplifies Windows security patching ACROS Security, a globally recognized provider of security micropatches, launched 0patch PRO, a service … More

The post New infosec products of the week: April 5, 2019 appeared first on Help Net Security.

85% of organizations fail to meet even basic PAM security hygiene

While nearly four out of five organizations (78 percent) now include privileged credential protection as part of their cybersecurity policies, their privileged access management (PAM) security practices are woefully lacking and even worse than you might expect. Eighty-five percent are still struggling to get beyond the initial phase of PAM maturity, according to the Thycotic 2019 State of PAM Maturity Report. Among those failing to reach even a basic level of maturity: 55 percent of … More

The post 85% of organizations fail to meet even basic PAM security hygiene appeared first on Help Net Security.

Vendor revenue from IT infrastructure products for cloud environments grew 28% year over year

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, grew 28.0% year over year in the fourth quarter of 2018 (4Q18), reaching $16.8 billion. For 2018, annual spending (vendor revenue plus channel mark-up) on public and private cloud IT infrastructure totaled $66.1 billion, slightly higher (1.3%) than forecast in Q3 2018, according to the IDC Worldwide Quarterly Cloud IT Infrastructure Tracker. IDC … More

The post Vendor revenue from IT infrastructure products for cloud environments grew 28% year over year appeared first on Help Net Security.

Vulnerability found in Guard Provider, Xiaomi’s pre-installed security app

Check Point Research discovered a vulnerability in one of the preinstalled apps on devices manufactured by one of the world’s biggest mobile vendors, Xiaomi. The vulnerability would have allowed an attacker to carry out a Man-in-the-Middle (MiTM) attack and inject any rogue code he chooses such as password stealing, ransomware, tracking or any other kind of malware onto the device. The vulnerability is in the pre-installed security app, Guard Provider, which should protect the phone … More

The post Vulnerability found in Guard Provider, Xiaomi’s pre-installed security app appeared first on Help Net Security.

Microsoft rolls out new security capabilities for Azure customers

Microsoft has announced new security features for customers of its Azure cloud computing service. They are a mix of features for storage and compute services: Advanced Threat Protection for Azure Storage A regulatory compliance dashboard in Azure Security Center Security assessments, recommendations and disk encryption for Virtual Machine Scale Sets Azure Dedicated Hardware Security Module (HSM) service availability in more regions. Azure ATP and the regulatory compliance dashboard Advanced Treat Protection, which detects unusual and … More

The post Microsoft rolls out new security capabilities for Azure customers appeared first on Help Net Security.

The security challenges that come with serverless computing

Serverless computing (aka Function-as-a-Service) has been a boon to many enterprises: it simplifies the code development and deployment processes while improving utilization of server resources, minimizing costs and reducing security overhead. “Serverless infrastructure adoption is growing faster than most people realize,” says Doug Dooley, COO of modern application security provider Data Theorem. “It is outpacing virtual container (e.g., Docker) adoption by more than 2X in the past 4 years. And the impact of this rapid … More

The post The security challenges that come with serverless computing appeared first on Help Net Security.

Attackers fighting back against security teams while also targeting supply chains

According to the world’s leading IR professionals, increasingly sophisticated attacks involving instances of “island hopping,” counter incident response (IR), and lateral movement within a network are quickly becoming the new normal. Carbon Black’s 100+ IR partners conducted more than 500 response engagements in 2018 and continue to use Carbon Black solutions in more than one engagement per day, on average. The insights from the Global Incident Response Threat Report chronicle Carbon Black partners’ experiences during … More

The post Attackers fighting back against security teams while also targeting supply chains appeared first on Help Net Security.

79% of organizations want a federal privacy law amid lack of compliance

There is a significant enthusiasm for a federal privacy law amid organizations’ lack of ability to comply with data privacy rules stemming from both mushrooming government regulations and complex data sharing agreements between companies. Organizations are also overconfident in knowing where private data resides, and tend to use inadequate tools such as spreadsheets to track it. Integris Software’s 2019 Data Privacy Maturity Study gathered detailed responses from 258 mid to senior executives from IT, general … More

The post 79% of organizations want a federal privacy law amid lack of compliance appeared first on Help Net Security.

As fraud attacks grow more sophisticated, a need for contextual detection strategies increases

Fraudsters are using a complex array of tools to build armies of fake accounts, 74% of all fraudulent accounts are created from desktops, and cloud service provider IP ranges are at a higher risk. How fraudsters behave Fraudsters rely heavily on cloud datacenter IP ranges and cloud services are becoming a favorite attack tool; whether to mask the true origin of fraudulent accounts or to easily orchestrate attacks at scale by exploiting virtual servers, according … More

The post As fraud attacks grow more sophisticated, a need for contextual detection strategies increases appeared first on Help Net Security.

Organizations still use low levels or no automation of key security and incident response tasks

Most organizations understand that automation is the path to achieve optimal workflows in the face of staff shortages and alert fatigue. Yet, 59% of the D3 Security 2019 Automation and Integration Survey respondents indicated that their organizations use low levels or no automation of key security and incident response tasks. The study surveyed over 250 professionals with representation from five key industries that are considered enablers of automation (banking and finance; cybersecurity; government; technology; and … More

The post Organizations still use low levels or no automation of key security and incident response tasks appeared first on Help Net Security.

Backdoors inevitably create vulnerabilities that can be exploited by malicious actors

73 percent of IT security professionals believe countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. The Venafi survey on government-mandated encryption backdoors evaluated the opinions of 517 IT security professionals attending the RSA Conference 2019. “This is a tense moment for industry professionals because they know backdoors make our critical infrastructure more vulnerable,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “This is not rocket science; backdoors … More

The post Backdoors inevitably create vulnerabilities that can be exploited by malicious actors appeared first on Help Net Security.

Patched Apache flaw is a serious threat for web hosting providers

Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via scripts and could allow unprivileged web host users to execute code with root privileges, i.e. allow them to gain complete control of the machine. About CVE-2019-0211 Discovered by security researcher Charles Fol and dubbed Carpe Diem, the vulnerability affects only Apache HTTP Server on Unix systems. “In Apache HTTP … More

The post Patched Apache flaw is a serious threat for web hosting providers appeared first on Help Net Security.

Georgia Tech data breach: 1.3M students and staff potentially affected

The Georgia Institute of Technology, commonly referred to as Georgia Tech, has suffered yet another data breach. This time, the number of affected individuals may have reached 1.3 million. What is known about the breach? “Application developers for the Institute noticed a significant performance impact in one of its web applications and began an investigation on March 21, 2019. During this investigation it was determined the performance issue was the result of a security incident,” … More

The post Georgia Tech data breach: 1.3M students and staff potentially affected appeared first on Help Net Security.

To DevSecOps or not to DevSecOps?

Would your organization benefit from introducing DevSecOps? Dan Cornell, CTO of application security company Denim Group, believes that most organizations would. With one caveat, though: they must realize that the transition is, first and foremost, cultural rather than technological. Breaking down barriers between DevOps teams and security teams helps to align incentives and accelerate the rate at which organizations can innovate safely, he says, but organizations focused on adopting new technologies without also committing to … More

The post To DevSecOps or not to DevSecOps? appeared first on Help Net Security.

Digital transformation goes hand-in-hand with Zero Trust security

Forward-looking organizations are investing in Zero Trust security and strong MFA, modern app development, IaaS, and digital transformation, a recently released Okta report has shown. Current situation and expectations Based on the answers by 1,050 IT, security, and engineering decision makers at global companies (from a wide variety of industries) with over $1 billion in revenue: 63% of the companies are expected to increase the number of contractors and remote workers 59% are either actively … More

The post Digital transformation goes hand-in-hand with Zero Trust security appeared first on Help Net Security.

Women are increasingly climbing the cybersecurity leadership ladder

Women now represent 24% of the cybersecurity workforce. While the stronger representation of women in the cybersecurity workforce is encouraging, challenges like wage inequality remain, according to the (ISC)2 2019 Women in Cybersecurity report. This estimate is a higher percentage than in past reports in part due to the adoption of a new sample methodology that creates a more accurate and holistic representation of the cybersecurity and IT/ICT professionals responsible for securing their organizations’ critical … More

The post Women are increasingly climbing the cybersecurity leadership ladder appeared first on Help Net Security.

Securing your home increasingly means securing all of your IoT devices

The Internet of Things explosion has proven controversial due to the insufficient security measures in many of these internet-connected devices. IoT attacks increase And a new report from cyber security provider F-Secure finds that threats and the number of attacks continue to increase, but still rely on well-known security weaknesses, such as unpatched software and weak passwords. The report, using data collected and analyzed by F-Secure Labs, highlights that threats targeting internet-connected devices are beginning … More

The post Securing your home increasingly means securing all of your IoT devices appeared first on Help Net Security.

Current and emerging third-party cyber risk management approaches and challenges

Managing third-party cyber risk is critical for businesses, but a lack of continuous monitoring, consistent reporting, and other blind spots are creating challenges that could leave organizations vulnerable to data breaches and other consequences. Most organizations work with hundreds, if not thousands, of third parties, creating new risks that must be actively managed. The financial industry, in particular, has a massive business ecosystem made up of legal organizations, accounting and human resources firms, management consulting … More

The post Current and emerging third-party cyber risk management approaches and challenges appeared first on Help Net Security.

Consumers concerned about privacy but willing to take risks for convenience

In today’s connected world, businesses are prime targets for cyber attacks and unintentional missteps can result in critical exposure of consumers’ sensitive personal information. Nearly three out of four Americans (72 percent) are more alarmed than ever about their privacy. However, the majority accept certain risks to their online privacy in exchange for convenience (66 percent). They are also willing to sell or give away certain personal information, such as their location (55 percent) and … More

The post Consumers concerned about privacy but willing to take risks for convenience appeared first on Help Net Security.

A LockerGoga primer and decrypters for Mira and Aurora ransomwares

There’s some good news for victims of the Mira and Aurora ransomwares: free decrypters have been made available. New decrypters F-Secure has released a decrypter for victims of the Mira ransomware. (You’ll known you’ve been hit if the encrypted files sport the .mira extension.) “Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an … More

The post A LockerGoga primer and decrypters for Mira and Aurora ransomwares appeared first on Help Net Security.

90% of companies interested in crowdsourced security programs

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Key findings of the Security Leadership Study – Trends in Application Security report released by Bugcrowd include: Crowdsourced security making waves: Nearly 90 percent of companies surveyed are already running, plan to run in the next 12 months, or are interested in running … More

The post 90% of companies interested in crowdsourced security programs appeared first on Help Net Security.

Financial sector recognizes the benefits of hybrid cloud but still struggles to enable IT transformation

The financial sector outpaces other industries in the adoption of hybrid cloud, with the deployment of hybrid cloud reaching 21% penetration today, compared to the global average of 18.5%. Financial services firms today are facing mounting competitive pressure to streamline operations while delivering a differentiated experience to their customers, including leveraging new technologies such as blockchain. This FinTech revolution, combined with the growing burdens of regulatory compliance, data privacy, and security issues are pushing CIOs … More

The post Financial sector recognizes the benefits of hybrid cloud but still struggles to enable IT transformation appeared first on Help Net Security.

45% of taxpayers do not securely store tax documents

Despite almost four in 10 (38 percent) taxpayers saying they are worried they will become a victim of tax fraud or tax identity theft during tax season, 45 percent admit to storing tax paperwork in a box, desk drawer or unlocked cabinet at home or work. What’s more, nearly one in five (19 percent) admit they do not shred tax paperwork or physical documents containing sensitive information before throwing them away. That is according to … More

The post 45% of taxpayers do not securely store tax documents appeared first on Help Net Security.

Microsoft adds tamper protection to Microsoft Defender ATP

Microsoft has added a new tamper protection feature to Microsoft Defender ATP (formerly Windows Defender ATP) antimalware solution. When turned on, it should prevent malicious apps and actors from disabling the antimalware solution or some of its key security features. Foiling often-used tactics Malware developers are forever looking for ways to make its wares “invisible” to users, AV/antimalware software and malware analysts. They pursue the first goal by disguising the malware as a legitime document … More

The post Microsoft adds tamper protection to Microsoft Defender ATP appeared first on Help Net Security.

3.1 million customer records possibly stolen in Toyota hack

Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday. The announcement comes a few weeks after Toyota Australia said they have been “the victim of an attempted cyber attack”. New breaches The attackers targeted TMC sales subsidiaries (Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor,Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo) and three independent dealers (Lexus Koishikawa Sales, Jamil Shoji, Toyota … More

The post 3.1 million customer records possibly stolen in Toyota hack appeared first on Help Net Security.

How to Marie Kondo your data

By now you’ve heard about Marie Kondo, the author of New York Times bestseller, The Life Changing Magic of Tidying Up, and star of Tidying Up, the new Netflix show that puts her principles of organization and decluttering into practice in family homes throughout Los Angeles. While the #KonMariMethod has put households across America in an organizing frenzy, we found that her tidying principles can also be applied to solve a core challenge for the … More

The post How to Marie Kondo your data appeared first on Help Net Security.

Nearly all consumers are backing up their computers, but data loss is here to stay

65.1 percent of consumers or their family member lost data as a result of an accidental deletion, hardware failure or software problem – a jump of 29.4 percentage points from last year. Yet for the first time in its four-year history nearly all consumers (92.7 percent) are backing up their computers – an increase of more than 24.1 percent from last year and the single largest year-over-year increase, as shown in the Acronis’ 2019 World … More

The post Nearly all consumers are backing up their computers, but data loss is here to stay appeared first on Help Net Security.

Main threat source to industrial computers? Mass-distributed malware

Malicious cyber activities on Industrial Control System (ICS) computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities. Attack workflow In 2018, the share of ICS computers that experienced such activities grew to 47.2 percent from 44 percent in 2017, indicating that the threat is rising. According to the new Kaspersky Lab ICS CERT report, the top three countries in terms of … More

The post Main threat source to industrial computers? Mass-distributed malware appeared first on Help Net Security.

Organizations investing in security analytics and machine learning to tackle cyberthreats

IT security’s greatest inhibitor to success is contending with too much security data. To address this challenge, 47 percent of IT security professionals acknowledged their organization’s intent to acquire advanced security analytics solutions that incorporate machine learning (ML) technology within the next 12 months. Such investments help to mitigate the risks of advanced cyberthreats missed by traditional security defenses, aiding enterprise cyberthreat hunting endeavors, according to the CyberEdge Group sixth annual Cyberthreat Defense Report (CDR). … More

The post Organizations investing in security analytics and machine learning to tackle cyberthreats appeared first on Help Net Security.

Security and privacy still the top inhibitors of cloud adoption

Cloud adoption is gaining momentum, as 36 percent of organizations are currently in the process of migrating to the cloud while close to 20 percent consider themselves to be in the advanced stages of implementation. Top cloud challenges Due to the number of ways data is stored and the amount of time it takes to migrate these sources to the cloud, hybrid cloud is the most common and popular architecture (46 percent) followed by private … More

The post Security and privacy still the top inhibitors of cloud adoption appeared first on Help Net Security.

Automatically and invisibly encrypt email as soon as it is received on any trusted device

While an empty email inbox is something many people strive for, most of us are not successful. And that means that we probably have stored away hundreds, even thousands, of emails that contain all kinds of personal information we would prefer to keep private. What users see E3 as their insecure email + their devices = secure encrypted email. Current defenses, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), rely on … More

The post Automatically and invisibly encrypt email as soon as it is received on any trusted device appeared first on Help Net Security.

Serverless, shadow APIs and Denial of Wallet attacks

In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise security leaders are having to tackle. Here’s a transcript of the podcast for your convenience. Hi, my name is Doug Dooley of Data Theorem. We are a leading provider of modern application security and I want to talk a little bit about a new area that both DevOps leaders … More

The post Serverless, shadow APIs and Denial of Wallet attacks appeared first on Help Net Security.

New infosec products of the week: March 29, 2019

Guardicore launches freely available public resource for investigating malicious IP addresses and domains Guardicore Threat Intelligence is a freely available public resource for identifying and investigating malicious IP addresses and domains. With an easy to understand dashboard, it rates top attackers, top attacked ports and top malicious domains, giving security teams the insight they need to research and understand attacks and mitigate risks. F5’s new delivery model leverages the AWS SaaS Enablement Framework F5 Networks … More

The post New infosec products of the week: March 29, 2019 appeared first on Help Net Security.

Enterprises fear disruption to business critical applications, yet don’t prioritize securing them

The majority of organizations (nearly 70 percent) do not prioritize the protection of the applications that their business depend on – such as ERP and CRM systems – any differently than how low-value data, applications or services are secured. Even the slightest downtime affecting business critical applications would be massively disruptive, with 61 percent agreeing that the impact would be severe, according to the CyberArk survey conducted among 1,450 business and IT decision makers, primarily … More

The post Enterprises fear disruption to business critical applications, yet don’t prioritize securing them appeared first on Help Net Security.

Lessons learned from the many crypto hacks

The one poignant lesson that crypto investors globally have learned over the years is that despite the immutable, impenetrable nature of the technology behind cryptocurrencies and blockchain, their crypto investments and transactions are not secure. 2018, for example, witnessed some of the largest crypto exchange hacks globally. Not to mention, the alarming volatility in the crypto market that continues to make headlines each day. According to the Cryptocurrency Anti-Money Laundering Report published by Cipher Trace, … More

The post Lessons learned from the many crypto hacks appeared first on Help Net Security.

CIOs admit certificate-related outages routinely impact critical business applications and services

Certificate-related outages harm the reliability and availability of vital network systems and services while also being extremely difficult to diagnose and remediate. Unfortunately, the vast majority of businesses routinely suffer from these events. In fact, according to the study released by Venafi, almost two-thirds of organizations (60 percent) experienced certificate-related outages that impacted critical business applications or services within the last year. In addition, 74 percent faced similar events within the last 24 months. Certificate-related … More

The post CIOs admit certificate-related outages routinely impact critical business applications and services appeared first on Help Net Security.

Status of AI implementation at automotive organizations

Just 10 percent of major automotive companies are implementing artificial intelligence (AI) projects at scale, with many falling short of an opportunity that could increase operating profit by up to 16 percent. Fewer automotive companies are implementing AI than in 2017, despite the cost, quality and productivity advantages. The “Accelerating Automotive’s AI Transformation: How driving AI enterprise-wide can turbo-charge organizational value” study from the Capgemini Research Institute surveyed 500 executives from large automotive companies in … More

The post Status of AI implementation at automotive organizations appeared first on Help Net Security.

Cisco botched patches for its RV320/RV325 routers

Cisco RV320 and RV325 WAN VPN routers are still vulnerable to attack through two flaws that Cisco had supposedly patched. #Cisco Small Business Routers still vulnerable to remote code execution & configuration export due to incomplete patch 🚨 #RCE #RV320 #RV325 New advisories: https://t.co/fPzrrkb3Hk https://t.co/xZex3wdfpb https://t.co/iZUuCCEnGx — RedTeam Pentesting (@RedTeamPT) March 27, 2019 There are still many vulnerable devices CVE-2019-1652 and CVE-2019-1653 were discovered in September 2018 by security experts from RedTeam Pentesting and disclosed … More

The post Cisco botched patches for its RV320/RV325 routers appeared first on Help Net Security.

Identify web application vulnerabilities and prioritize fixes with Netsparker

In this Help Net Security podcast, Ferruh Mavituna, CEO at Netsparker, talks about web application security and how Netsparker is helping businesses of any size keep their web applications secure. Here’s a transcript of the podcast for your convenience. Hello. Thank you for tuning in. Today we’ll be talking about web application security because hacked web sites and security breaches are no longer news. They have become a daily occurrence, even though professionals know how … More

The post Identify web application vulnerabilities and prioritize fixes with Netsparker appeared first on Help Net Security.

When it comes to file sharing, the cloud has very few downsides

Organizations storing data and documents they work on in the cloud is a regular occurrence these days. The cloud offers scalability in terms of storage and cloud services often provide helpful folder- and file-sharing capabilities and content control measures. Users can track changes and comments and collect files from people with file requests, but also control what other people they’ve shared data with can and can’t do with it (e.g., view, comment, download, edit), set … More

The post When it comes to file sharing, the cloud has very few downsides appeared first on Help Net Security.

Security remains a top concern for IoT executives, but small fixes can shore up ecosystem resilience

66 percent of companies say their c-suite executives are supportive of their IoT implementation, but even with strong support they noted there are hurdles to overcome. A research, released by Internet of Things World, focused on the top concerns decision makers have related to implementation, employee training, cybersecurity and blockchain, as well as how they plan to overcome them. According to respondents, the top challenges included: implementing the technology (34 percent), security (25 percent), initial … More

The post Security remains a top concern for IoT executives, but small fixes can shore up ecosystem resilience appeared first on Help Net Security.

Algorithms can now find bugs in computer chips before they are made

In early 2018, cybersecurity researchers discovered two security flaws they said were present in almost every high-end processor made and used by major companies. UPEC product development team (l to r): Mo Fadiheh, Wolfgang Kunz, Dominik Stoffel. Known, ominously, as Spectre and Meltdown, these flaws were troubling because they represented a new type of breach not previously known that could allow hackers to infer secret data – passwords, social security numbers, medical records – from … More

The post Algorithms can now find bugs in computer chips before they are made appeared first on Help Net Security.

Third-party cyber risk management is a burden on human and financial resources

Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision makers: Current practices and technologies used to support TPCRM and assess third parties are costly, inadequate and inefficient. Investing in better assessment and vetting tools can increase effectiveness in TPCRM while decreasing the cost of maintaining the program. Applying the same approach to all third parties can be quite costly. Taking … More

The post Third-party cyber risk management is a burden on human and financial resources appeared first on Help Net Security.

SMBs willing to invest more to protect their businesses

Cybersecurity demands of SMBs have become both a major risk and revenue opportunity to managed service providers (MSPs). MSPs are at risk of losing their SMB clients if they don’t provide competitive, comprehensive solutions to their clients, according to Vanson Bourne’s research. Nearly nine in ten (89 percent) SMBs surveyed would consider hiring a new MSP if they offered the right cybersecurity solution, and nearly 1 in 4 SMBs (24 percent) has already changed MSPs … More

The post SMBs willing to invest more to protect their businesses appeared first on Help Net Security.

The ransomware attack cost Norsk Hydro $40 million so far

A little over a week after the beginning of the ransomware attack targeting Norsk Hydro, the company has estimated that the costs it incurred because of it have reached 300-350 million Norwegian crowns ($35-41 million). The current Norsk Hydro situation The majority of those costs stem from lost margins and volumes in the Extruded Solutions business area. “As of Tuesday, Extruded Solutions is producing at an overall production rate of 70-80 % in the three … More

The post The ransomware attack cost Norsk Hydro $40 million so far appeared first on Help Net Security.

ASUS confirms server compromise, releases fixed Live Update tool

ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday. “ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated … More

The post ASUS confirms server compromise, releases fixed Live Update tool appeared first on Help Net Security.

Build-time security: Block risk and security issues from production rings

Build-time security has become a standard part of any security program and continues to grow in popularity with the shift left movement. In its most popular form, it’s a series of checks that take place as code makes its way from a developer’s laptop into production to ensure that the code is free from known vulnerabilities. While they share some similarities with production environments, it’s important to realize that build servers have a unique threat … More

The post Build-time security: Block risk and security issues from production rings appeared first on Help Net Security.

Weighing the options: The role of cyber insurance in ransomware attacks

The Norsk Hydro cyberattack is a real-time case study of what an international company goes through when a ransomware attack is successful. Over the last week, we’ve witnessed a global manufacturing giant being brought to its knees by an orchestrated cyberattack. Hydro was forced to switch its operations to manual in multiple countries and was operating at 50% of normal capacity. When companies become victims of a ransomware event, it may be tempting for them … More

The post Weighing the options: The role of cyber insurance in ransomware attacks appeared first on Help Net Security.

Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports

In 2018, SonicWall recorded the decline of cryptojacking, but more ransomware, highly targeted phishing, web application attacks and encrypted attacks. The company’s annual threat report, compiled based on threat intelligence obtained from 1+ million sensors around the world, marks a: 217.5 percent increase in IoT attacks in 2018 (compared to 2017) 11 percent increase in ransomware attacks 56 percent increase in web app attacks 22 percent increase in malware attacks 38 percent increase in intrusion … More

The post Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports appeared first on Help Net Security.

New blockchain system uses reputation to fend off 51 percent attacks

A blockchain system has been proposed to guarantee proper performance even when more than 51% of the system’s computing power is controlled by an attacker. The system, RepuCoin, introduces the concept of “reputation” to blockchain, effectively making it thousands of times more expensive to attack than Bitcoin. It was developed at the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust, and has the potential to be applied in a number of global sectors … More

The post New blockchain system uses reputation to fend off 51 percent attacks appeared first on Help Net Security.

61% of CIOs believe employees leak data maliciously

There is a perception gap between IT leaders and employees over the likelihood of insider breaches. It is a major challenge for businesses: insider data breaches are viewed as frequent and damaging occurrences, of concern to 95% of IT leaders, yet the vectors for those breaches – employees – are either unaware of, or unwilling to admit, their responsibility. The Insider Data Breach survey, announced by Egress, highlights a fundamental gulf between IT leaders and … More

The post 61% of CIOs believe employees leak data maliciously appeared first on Help Net Security.

Does siloed data negatively impact your organization?

Many companies are struggling to make data accessible and get value from it, with 68 percent of respondents reporting siloed data negatively impacts their organization, according to the new Syncsort survey. The top IT initiatives respondents identified for 2019 were Cloud/Hybrid Computing (46%), Modernizing Infrastructure (38%) and Data Governance (32%), followed by Advanced/Predictive Analytics (25%). IT professions were split on top challenges, with the largest group selecting the Skills/Staff Shortage (38%), but Data Governance (33%), … More

The post Does siloed data negatively impact your organization? appeared first on Help Net Security.

What you can expect at the 10th annual HITB Security Conference in The Netherlands

The tenth edition of Hack In The Box Amsterdam will soon be upon us, with interesting talks, trainings, and hacking contests. Some of the trainings have already been sold out, but there’s still seats available if you want to master Burp Suite Pro, web attacks with full-stack exploitation, iOS 11/12 userspace exploitation, learn network data exfiltration techniques and red-teaming tactics (for pentesters and hackers who want to up their VAPT game). Also, you have just … More

The post What you can expect at the 10th annual HITB Security Conference in The Netherlands appeared first on Help Net Security.

Apple fixed some interesting bugs in iOS and macOS

In addition to announcing a number of new products and subscription services, Apple has released security updates for iOS, macOS, Safari, tvOS, iTunes, iCloud, and Xcode. The security updates The update for Xcode – Apple’s integrated environment for developing software for macOS, iOS, watchOS, and tvOS – carries a fix for a single flaw: CVE-2018-4461, a kernel memory corruption issue that has been patched last December in iOS, tvOS, watchOS and macOS Mojave. This fix … More

The post Apple fixed some interesting bugs in iOS and macOS appeared first on Help Net Security.

Cybercriminals are increasingly using encryption to conceal and launch attacks

In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses on SSL/TLS based threats. Here’s a transcript of the podcast for your convenience. Hello everyone. My name is Deepen Desai. I’m the Head of Security Research at Zscaler. In this Help Net Security podcast I will be talking about the latest Zscaler Cloud Security Insight Report that focuses on … More

The post Cybercriminals are increasingly using encryption to conceal and launch attacks appeared first on Help Net Security.

Guilty by association: The reality of online retail third-party data leaks

Online retail activity continues to accelerate at a rampant pace and shows no signs of slowing down. According to the National Retail Federation (NRF), U.S. retail sales are expected to rise between 3.8 and 4.4 percent to more than $3.8 trillion in 2019. That being said, the risks involved with online retail, for both brands and consumers, have never been greater. According to Trustwave’s 2018 Global Security Report, the retail industry suffered more data breach … More

The post Guilty by association: The reality of online retail third-party data leaks appeared first on Help Net Security.

Less than 20% of IT pros have complete access to critical data in public clouds

Companies have low visibility into their public cloud environments, and the tools and data supplied by cloud providers are insufficient. Lack of visibility can result in a variety of problems including the inability to track or diagnose application performance issues, inability to monitor and deliver against service-level agreements, and delays in detecting and resolving security vulnerabilities and exploits. A survey sponsored by Ixia, on ‘The State of Cloud Monitoring’, was conducted by Dimensional Research and … More

The post Less than 20% of IT pros have complete access to critical data in public clouds appeared first on Help Net Security.

Most companies help employees cover costs to obtain professional certifications

Workers today can expand their professional skills with less financial stress thanks to a majority of employers offering to cover or offset educational costs, new research suggests. In a survey from global financial recruitment firm Robert Half Finance & Accounting, most CFOs (94 percent) said their companies foot the bill for some or all costs for staff to obtain professional certifications. Ninety-five percent provide full or partial support to maintain credentials. Executives reported bottom-line benefits … More

The post Most companies help employees cover costs to obtain professional certifications appeared first on Help Net Security.

CFOs and CIOs must collaborate on digital transformation to remain competitive

CFOs are shifting their priorities from cutting costs to rapidly investing in technology and data. Significant percentages of senior financial executives currently implement technologies such as advanced analytics (38 percent) and machine learning (30 percent), while many plan to dedicate additional resources to frontier technologies within two years, including: Artificial intelligence, or AI (41 percent) Drones and robots (30 percent) Blockchain (40 percent) Robotic process automation, or RPA (41 percent). In addition, financial leaders plan … More

The post CFOs and CIOs must collaborate on digital transformation to remain competitive appeared first on Help Net Security.

Attackers compromised ASUS to deliver backdoored software updates

Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers, Kaspersky Lab researchers discovered. Judging by information hard-coded in the malware, the attackers’ aim was to compromise about 600 specific computers, but the malware it thought to have been ultimately delivered to over a million of users. Asus Live Updater was used in a big supply … More

The post Attackers compromised ASUS to deliver backdoored software updates appeared first on Help Net Security.

Secure workloads without slowing down your DevOps flows

In this Help Net Security podcast recorded at RSA Conference 2019, David Meltzer, CTO at Tripwire, and Lamar Bailey, Senior Director of Security Research at Tripwire, discuss the challenges of securing DevOps. Here’s a transcript of the podcast for your convenience. David: Welcome to the Help Net Security podcast. This is David Meltzer, the CTO at Tripwire. Today I’m joined by Lamar Bailey, Senior Director of Security Research at Tripwire. Today we’re going to be … More

The post Secure workloads without slowing down your DevOps flows appeared first on Help Net Security.

Employee cybersecurity essentials part 1: Passwords and phishing

Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn’t mean you’re not at risk for a breach, or that – as an employee, that you’re not putting your company at risk. Humans have always been the weakest link in the security chain. Phishing and social engineering schemes account for 93 percent of breaches, according to Verizon’s 2018 Data Breach Investigations Report. And passwords are easier for hackers to … More

The post Employee cybersecurity essentials part 1: Passwords and phishing appeared first on Help Net Security.

What worries you the most when responding to a cybersecurity incident?

The clock starts ticking immediately following a cybersecurity incident with the first 24 hours vital in terms of incident response. The majority (59 percent) of companies are not confident they could resume ‘business as usual’ after the first 24 hours, although 41 percent say they are, according to a new social media poll by NTT Security. Asked about their number one focus in the first 24 hours after a security incident, nearly two-thirds (64 percent) … More

The post What worries you the most when responding to a cybersecurity incident? appeared first on Help Net Security.

Consumers willing to dump apps that collect private data, but can’t tell which are doing so

Consumers are increasingly leery of third parties using and capitalizing on their private data. Two in three consumers are willing to dump data-collecting apps if the information collected is unrelated to the app’s function, or unless they receive real value – such as that derived through email or browsers, according to a consumer data privacy survey conducted in recent weeks for Anagog. The survey, conducted by SurveyMonkey, also revealed optimism in the face of a … More

The post Consumers willing to dump apps that collect private data, but can’t tell which are doing so appeared first on Help Net Security.

2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise

Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack, according to WatchGuard Technologies latest Internet Security Report for the last quarter of 2018. The vulnerability was first disclosed and patched in 2017 and attacks were almost non-existent in early 2018, but WatchGuard detections grew by over 7,000 percent from Q3 to Q4. Phishing campaigns The report also shows that phishing campaigns … More

The post 2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise appeared first on Help Net Security.

The success of the digital workplace depends on the practical implementation of new technology

Medium-sized businesses now account for over 60% of US jobs, and are investing fast in technology. However, with digital now a priority for businesses of all sizes, they must ensure they have the necessary skills and security management in place to handle the change, or risk falling behind competitors according to a new report from Aruba, a Hewlett Packard Enterprise company. Developed to explore how medium-sized businesses across the globe are currently adopting workplace technology, … More

The post The success of the digital workplace depends on the practical implementation of new technology appeared first on Help Net Security.

Norsk Hydro cyber attack: What’s new?

Norwegian aluminum producer Norsk Hydro ASA was hit by ransomware-wielding attackers early this week. The company lost no time in reacting and responding to the attack – they notified the authorities, called in experts to help, and (very laudably) committed to keeping the public informed. In the latest official update on the situation, the company shared that: With the help of experts from Microsoft and other IT security partners, they are working on reverting virus … More

The post Norsk Hydro cyber attack: What’s new? appeared first on Help Net Security.

Worldwide spending on security solutions expected to continue growing

Worldwide spending on security-related hardware, software, and services is forecast to reach $103.1 billion in 2019, an increase of 9.4% over 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. $133.8 billion by 2022 Worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 9.2% over the 2018-2022 forecast period … More

The post Worldwide spending on security solutions expected to continue growing appeared first on Help Net Security.

The privacy risks of pre-installed software on Android devices

Many pre-installed apps facilitate access to privileged data and resources, without the average user being aware of their presence or being able to uninstall them. On the one hand, the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information. At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of … More

The post The privacy risks of pre-installed software on Android devices appeared first on Help Net Security.

Cost of telecommunications fraud estimated at €29 billion a year

As our society evolves, so does our reliance on telecommunications technology. Cybercriminals prey on our daily use of electronic devices and continuously seek out new ways to exploit vulnerabilities and access information. Cooperation and information-sharing between law enforcement and the private sector has therefore become essential in the fight against these types of crime. One example of this collaboration is the joint Cyber-Telecom Crime Report 2019, published by Europol and Trend Micro. The report gives … More

The post Cost of telecommunications fraud estimated at €29 billion a year appeared first on Help Net Security.

Businesses have cybersecurity best practice guidelines but fail in practice

Almost 70% of companies have cybersecurity best practice guidelines in place but neglect to take the necessary steps to secure their business. A staggering 44% of businesses admitted to not securing removable devices using anti-virus software, leaving their IT systems exposed to cybersecurity risks and GDPR fines, according to a new research conducted by ESET and Kingston Digital. The ESET and Kingston research looked at over 500 British business leaders to investigate how they are … More

The post Businesses have cybersecurity best practice guidelines but fail in practice appeared first on Help Net Security.

Quality Assurance and Testing is a bottleneck to implementing DevOps for many organizations

The practice of Continuous Testing – the process of fast and efficient validation of software releases in agile developments through highly automated tests – is gaining ground in large enterprises, with almost a third of IT executives (32%) stating that their IT departments had ‘fully embraced Continuous Testing’. However, with 58% of enterprises deploying a new build daily (and 26% at least hourly), companies must work to improve their continuous testing effectiveness by streamlining their … More

The post Quality Assurance and Testing is a bottleneck to implementing DevOps for many organizations appeared first on Help Net Security.

Experts to help boards tackle cybersecurity threats

A consortium of UK cyber security experts including UCL academics is to support global businesses to tackle online threats and protect themselves from cybercrime. The Cyber Readiness for Boards project, which is jointly funded by the National Cyber Security Centre and the Lloyd’s Register Foundation, has launched to explore the factors shaping UK board decisions around cyber risk and develop interventions to provide guidance and support. Project lead and Director of the Research Institute in … More

The post Experts to help boards tackle cybersecurity threats appeared first on Help Net Security.

(IN)SECURE Magazine: RSAC 2019 special issue released

RSA Conference, the world’s leading information security conferences and expositions, concluded its 28th annual event in San Francisco. The week saw more than over 42,500 attendees, 740 speakers and 700 exhibitors at Moscone Center and Marriott Marquis, where they experienced the North and South Expo, keynote presentations, peer-to-peer sessions, track sessions, tutorials, seminars and special events on topics such as privacy, hackers and threats, machine learning, artificial intelligence and the human element, law, IoT security, … More

The post (IN)SECURE Magazine: RSAC 2019 special issue released appeared first on Help Net Security.

You may trust your users, but can you trust their files?

In this Help Net Security podcast recorded at RSA Conference 2019, Aviv Grafi, CEO at Votiro, talks about their Content Disarm and Reconstruction (CDR) technology for protection against cyber threats. Here’s a transcript of the podcast for your convenience. We’re here with Aviv Grafi, CEO of Votiro. Hello, how are you? I’m great. How are you? Great. Can you tell us a little bit about Votiro? Sure. Votiro is a cybersecurity company, we ’re headquartered … More

The post You may trust your users, but can you trust their files? appeared first on Help Net Security.

Breaking the cybersecurity stalemate by investing in people

No surprise, it happened again. In 2018, the financial toll cyber breaches took on organizations hit $3.86 million, a 6.4 percent rise from 2017. Before last year’s close, analysts at Gartner claimed worldwide spending on infosec products and services would increase 12.4 percent, reaching over $114 billion in 2019. In fact, when the U.S. government announced a 2019 budget of $15 billion for cybersecurity-related activities, it came with a 4.1 percent jump and a caveat: … More

The post Breaking the cybersecurity stalemate by investing in people appeared first on Help Net Security.

Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites

The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year. Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks. However, booter websites are poised to make … More

The post Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites appeared first on Help Net Security.

CEOs more likely to receive pay rise after a cyber attack. Wait, what?

Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, a study has found. Researchers at Warwick Business School found that media reports of a cyber attack led to a stock market shock as investors sold their shares, but this only lasted a few days. Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research … More

The post CEOs more likely to receive pay rise after a cyber attack. Wait, what? appeared first on Help Net Security.

Most IT and security professionals feel vulnerable to insider threats

91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions such as Google Drive, Gmail, Dropbox and more. “The rise of SaaS in the digital workplace has made companies more vulnerable than ever to insider threats,” said David Politis, founder and CEO, BetterCloud. “A major reason is SaaS has given users all the control over … More

The post Most IT and security professionals feel vulnerable to insider threats appeared first on Help Net Security.

Latest tactics used by cybercriminals to bypass traditional email security

Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts. Sextortion scams, a form of blackmail that makes up 10 percent of all spear-phishing attacks, continue to increase. Employees are also twice as likely to be the target of blackmail than business email compromise. These are the key findings … More

The post Latest tactics used by cybercriminals to bypass traditional email security appeared first on Help Net Security.

Norsk Hydro cyber attack: What happened?

“Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. “Hydro has isolated all plants and operations and is switching to manual operations and procedures as far as possible. Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents,” the company added. In the most recent update on the situation, published an … More

The post Norsk Hydro cyber attack: What happened? appeared first on Help Net Security.

How the Google and Facebook outages could impact application security

With major outages impacting Gmail, YouTube, Facebook and Instagram recently, consumers are right to be concerned over the security of their private data. While details of these outages haven’t yet been published – a situation I sincerely hope Alphabet and Facebook correct – the implications of these outages are something we should be looking closely at. The first, and most obvious, implication is the impact of data management during outages. Software developers tend to design … More

The post How the Google and Facebook outages could impact application security appeared first on Help Net Security.

A network is only as strong as its weakest shard

Blockchain, a nascent technology, has enterprises globally enamored with the promise it holds to fundamentally turn everything from how we interact, transact, store, and manage data on its head. While the technology’s immutable nature and democratized architecture do have the potential to truly disrupt the world as we know it, there is currently no blockchain capable of truly unlocking the technology’s true potential let alone monetizing it. The reason for this is blockchain continues to … More

The post A network is only as strong as its weakest shard appeared first on Help Net Security.

Unsurprisingly, only 14% of companies are compliant with CCPA

With less than 10 months before the California Consumer Privacy Act (CCPA) goes into effect, only 14% of companies are compliant with CCPA and 44% have not yet started the implementation process. Of companies that have worked on GDPR compliance, 21% are compliant with CCPA, compared to only 6% for companies that did not work on GDPR, according to the TrustArc survey conducted by Dimensional Research. “At TrustArc, we’ve seen a significant increase in the … More

The post Unsurprisingly, only 14% of companies are compliant with CCPA appeared first on Help Net Security.

Nearly half of organizations lack the necessary talent to maintain security measures

Regardless of their size, organizations share a common challenge: IT security teams are understaffed and overextended. The number of security alerts, the challenge of what to prioritize, and the shortage of expertise can be overwhelming and introduce risk. The Trend Micro research – which surveyed 1,125 IT decision makers across the globe – shows that 69 percent of organizations agree that automating cybersecurity tasks using Artificial Intelligence (AI) would reduce the impact from the lack … More

The post Nearly half of organizations lack the necessary talent to maintain security measures appeared first on Help Net Security.

Fewer than 28% of gov.uk using DMARC effectively in line with guidelines

Only 28% of gov.uk domains have been proactive in setting up DMARC appropriately, in line with UK Government Digital Service (GDS) advice in preparation for the retirement of the Government Secure Intranet (GSI) platform in March 2019. Since 1996, the GSI framework has enabled connected organizations to communicate electronically and securely at low protective marking levels, according to Egress. The findings reveal a lack of preparation from several government email administrators in readying themselves for … More

The post Fewer than 28% of gov.uk using DMARC effectively in line with guidelines appeared first on Help Net Security.

Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator

Applied Risk ICS Security Consultant Tom Westenberg discovered a DoS vulnerability in an emulated version of the Triconex TriStation Software Suite. Triconex is a Schneider Electric brand which supplies systems and products in regards to critical control and industrial safety-shutdown technology. The Triconex Emulator is software that allows users to emulate and execute TriStation 1131 applications without connecting to a Tricon, Trident, or Tri-GP controller. Using the Emulator, users can test applications in an offline … More

The post Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator appeared first on Help Net Security.

(ISC)² brings its Secure Summit to The Hague

Supporting its membership and the wider sector with continuous education opportunities is a major part of what (ISC)2 does as a membership organisation for certified professionals. Its popular Secure Summit event has moved to The Hague, Netherlands for 2019, with an expanded programme designed to address the wider region. Taking place at The World Forum on 15-16 April, it is the biggest industry practitioner event yet in EMEA for (ISC)2 members and cybersecurity delegates. It … More

The post (ISC)² brings its Secure Summit to The Hague appeared first on Help Net Security.

Mirai variant picks up new tricks, expands list of targeted devices

Mirai, the infamous malware that turns Linux-based IoT devices into remotely controlled bots, has been updated to target new devices and device types. Among these are LG SuperSign TVs (TV solutions meant to be installed in public areas and display information, images, video aimed at customers and employees) and WePresent WiPG-1000 Wireless Presentation systems, both of which are intended for use in business settings. About this newest Mirai variant Since it’s initial and spectacular entry … More

The post Mirai variant picks up new tricks, expands list of targeted devices appeared first on Help Net Security.

The art of securing ERP applications: Protecting your critical business processes

In this Help Net Security podcast recorded at RSA Conference 2019, Juan Pablo Perez-Etchegoyen, CTO at Onapsis talks about the challenges of securing and monitoring ERP applications for vulnerabilities and compliance gaps across cloud and on-premise deployments. Juan Pablo leads the research & development team that keeps Onapsis on the cutting-edge of the business-critical application security market. Here’s a transcript of the podcast for your convenience. Hello everyone. Welcome to this Help Net Security podcast. … More

The post The art of securing ERP applications: Protecting your critical business processes appeared first on Help Net Security.

Four key security tips when using any collaboration technology

With database breaches and ransomware attacks making daily news, security is now a top priority for companies, and collaboration solutions are no exception. In the current age of global connectivity, video conferencing and collaboration technologies have become an inescapable part of doing business. Business partners and remote employees around the world rely on these solutions to stay connected and communicate effectively, especially when in-person meetings aren’t possible. While it’s easy enough to say, “my company … More

The post Four key security tips when using any collaboration technology appeared first on Help Net Security.

The modern threat landscape and expanding CISO challenges

Prior to starting Signal Sciences, its founders were running security at Etsy, and growing frustrated with existing legacy technology. So they built their own. For this interview with Andrew Peterson, CEO at Signal Sciences, we dig deep into hot topics such as modern CISO challenges and application security visibility. Prior to co-founding Signal Sciences, Andrew has been building leading edge, highly performing product and sales teams across five continents for +15 years with such companies … More

The post The modern threat landscape and expanding CISO challenges appeared first on Help Net Security.

Tax season scaries: How to keep your data safe from insider threats

With April 15 quickly approaching, companies across the country are rushing to get their taxes filed. This often requires third party specialists who are well-versed in corporate taxes and prepared to navigate new regulations. While the right contractors are extremely valuable during tax season specifically, they shouldn’t be overlooked when it comes to managing insider threats. According to a survey by NPR, one in five employees is a contractor – that’s 20 percent of American … More

The post Tax season scaries: How to keep your data safe from insider threats appeared first on Help Net Security.

G Suite admins can now disable SMS and voice 2FA

G Suite administrators can now prevent enterprise users from using SMS and voice codes as their second authentication/verification factor for accessing their accounts. The ability to disable those two options will be made available in the next two weeks to admins using any of the G Suite editions. Why and how? It has been known for quite a while that additional authentication via SMS and voice codes is the least secure option for 2-factor authentication, … More

The post G Suite admins can now disable SMS and voice 2FA appeared first on Help Net Security.

Cyber preparedness essential to protect EU from large scale cyber attacks

The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing for major cross-border cyber-attacks To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to … More

The post Cyber preparedness essential to protect EU from large scale cyber attacks appeared first on Help Net Security.

Cryptojacking of businesses’ cloud resources still going strong

In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for “earning” money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else’s resources for free. Cybercrooks going after … More

The post Cryptojacking of businesses’ cloud resources still going strong appeared first on Help Net Security.

Android Q will come with improved privacy protections

Android Q, the newest iteration of Google’s popular mobile OS, is scheduled to be made available to end users at the end of August. While we still don’t know what its official release name will be, the first preview build and accompanying information released by Google give us a peek into some of the privacy improvements that we can look forward to. Stronger protections for user privacy 1. The platform will stop keeping track of … More

The post Android Q will come with improved privacy protections appeared first on Help Net Security.

Latest trends in automated threat intelligence-driven network security

Since the earliest days of the Internet both network threats and network defenses have been evolving. In this Help Net Security podcast recorded at RSA Conference 2019, Todd Weller, Chief Strategy Officer at Bandura Cyber, talks about the latest trends in automated threat intelligence-driven network security. Here’s a transcript of the podcast for your convenience. We’re here with Todd Weller, CSO of Bandura Cyber. How are you Todd? I’m great. Fired up for another RSA … More

The post Latest trends in automated threat intelligence-driven network security appeared first on Help Net Security.

Meet the new generation of white hats

The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019. While factors like the adoption of automated Application Security Testing (AST) tools by more vendors and the absolute growth of code are definitely playing a bigger role … More

The post Meet the new generation of white hats appeared first on Help Net Security.

Current phishing defense strategies and execution are not hitting the mark

Few professionals are completely confident in their ability to assess the effectiveness of their phishing awareness efforts. In a new paper, Phishing Defense and Governance, released in partnership with Terranova Security, ISACA outlines key takeaways from this phishing research that reached security, assurance, risk and governance professionals, including: Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities. 38 percent of respondents reported that their organizations develop security awareness … More

The post Current phishing defense strategies and execution are not hitting the mark appeared first on Help Net Security.

2019 may be a record year for enterprise breaches, but secure collaboration tools could help

Despite business executives agreeing that cybersecurity is a major challenge, businesses globally are severely unprepared for cyberattacks. 44% of business executives from Europe and the United States said they shared sensitive information over email, yet 35% admitted they are unaware of the ways in which their organization is protecting its sensitive information, communications and data, according to the results of the annual Communication and Security survey released by Wire. Despite 2018 being a record year … More

The post 2019 may be a record year for enterprise breaches, but secure collaboration tools could help appeared first on Help Net Security.

Security fatigue leads many to distrust personal data protection, can you blame them?

20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data. As a result, some people feel they need to take matters into their own hands or at least work with organizations that give them a greater sense of control. Findings from the nCipher Security survey of more than 1,000 American adults reveal many people want more control over their personal data privacy. Most want tighter controls of how … More

The post Security fatigue leads many to distrust personal data protection, can you blame them? appeared first on Help Net Security.

Unsecured Gearbest server exposes millions of shoppers and their orders

Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. What kind of data was exposed? According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from the company that sensitive data is encrypted, most of the contents of the database were decidedly not. … More

The post Unsecured Gearbest server exposes millions of shoppers and their orders appeared first on Help Net Security.

Thinking of threat intelligence as a contributing member of your security team

Threat intelligence is widely considered as a significant asset for organizations, but implementation of this intelligence within security operations can often be cumbersome. In this Help Net Security podcast recorded at RSA Conference 2019, Nicholas Hayden, Senior Director of Threat Intelligence at Anomali, talks about the intelligence-driven security operations center. Here’s a transcript of the podcast for your convenience. My name is Nicholas Hayden. I’m the Senior Director of Threat Intelligence for Anomali. Today, on … More

The post Thinking of threat intelligence as a contributing member of your security team appeared first on Help Net Security.

The quantum sea change: Navigating the impacts for cryptography

Professionals in cybersecurity and cryptography (and even non-IT executives) are hearing about the coming threat from quantum computing. It’s reaching the mainstream business consciousness. A December 2018 report from Deloitte notes “It is expected that 2019 or 2020 will see the first-ever proven example of quantum supremacy, sometimes known as quantum superiority: a case where a quantum computer will be able to perform a certain task that no classical (traditional transistor-based digital) computer can solve … More

The post The quantum sea change: Navigating the impacts for cryptography appeared first on Help Net Security.

Do people with malicious intent present the biggest threat to personal data?

Against the backdrop of a complex and growing cyber threat landscape, organizations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans. According to Apricorn’s latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data. A staggering fifty two percent of respondents believe that people with malicious intent present the biggest danger, whilst … More

The post Do people with malicious intent present the biggest threat to personal data? appeared first on Help Net Security.

Is AI really intelligent or are its procedures just averagely successful?

Artificial intelligence (AI) and machine learning algorithms such as Deep Learning have become integral parts of our daily lives: they enable digital speech assistants or translation services, improve medical diagnostics and are an indispensable part of future technologies such as autonomous driving. Based on an ever increasing amount of data and powerful novel computer architectures, learning algorithms appear to reach human capabilities, sometimes even excelling beyond. The issue: so far it often remains unknown to … More

The post Is AI really intelligent or are its procedures just averagely successful? appeared first on Help Net Security.

90% of consumers value additional security measures to verify mobile-based transactions

A strong majority of US adults value additional security measures for mobile transactions, with 90% reporting they would want the ability to approve some or all mobile device transactions before the transaction is completed, and 71% interested in approving all such transactions. One in five (19%) would prefer only to approve some transactions, such as those totaling $100 or more, according to the results of a recent survey conducted online by The Harris Poll and … More

The post 90% of consumers value additional security measures to verify mobile-based transactions appeared first on Help Net Security.

Data breach reports delayed as organizations struggle to achieve GDPR compliance

Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment. On average, businesses waited three weeks after discovery to report a breach to the ICO, while the worst offending organization waited 142 days. The vast majority (91%) of reports to the ICO failed to include important information such as the impact of the breach, recovery process and dates, according to the Redscan’s … More

The post Data breach reports delayed as organizations struggle to achieve GDPR compliance appeared first on Help Net Security.