Category Archives: Featured news

Attackers increasingly exploiting vulnerabilities to enlarge their IoT botnets

Attackers looking to add IoT devices to their botnets are increasingly adding vulnerability exploitation to their attack arsenal, Netscout researchers warn. Instead on just relying on a list of common or default passwords or brute-forcing attacks, they are taking advantage of the fact that IoT devices are rarely updated and manufacturers take a lot of time to push out fixes for known flaws. Currently under exploitation In November 2018, the company detected many exploitation attempts … More

The post Attackers increasingly exploiting vulnerabilities to enlarge their IoT botnets appeared first on Help Net Security.

Most concerning security controls for cyberattackers? Deception and IDS

Attivo Networks surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns, attack surface concerns, and what’s on their 2019 security wish list. Overall, the survey highlighted that the battle to keep cyber attackers from successfully compromising networks is not working. Over 50% of respondents reported that 100 days of dwell time or more was representative of their organization, while nearly half of respondents indicated that their … More

The post Most concerning security controls for cyberattackers? Deception and IDS appeared first on Help Net Security.

Most organizations suffered a business-disrupting cyber event

A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered two or more business-disrupting cyber events — defined as cyber attacks causing data breaches or significant disruption and downtime to business operations, plant and operational equipment — in the last 24 months. Further, 91 percent of respondents had suffered at least one such cyber event in the same time period. Despite this documented history of damaging attacks, the study found … More

The post Most organizations suffered a business-disrupting cyber event appeared first on Help Net Security.

How students learn to code, evaluate job opportunities

New data from HackerRank reveals the technical skills, learning preferences and career motivators of collegiate software engineers. The findings provide a playbook for corporate recruiters and hiring managers looking to improve how they identify, attract and retain the upcoming generation of skilled developers. In the U.S. alone, there are nearly 580,000 open computing jobs with less than 50,000 computer science graduates entering the workforce — that’s over 11 job postings for every Computer Science (CS) … More

The post How students learn to code, evaluate job opportunities appeared first on Help Net Security.

Worldwide enterprise storage systems market revenue reached $14 billion during 3Q18

According to the IDC Worldwide Quarterly Enterprise Storage Systems Tracker, vendor revenue in the worldwide enterprise storage systems market increased 19.4% year over year to $14.0 billion during the third quarter of 2018 (3Q18). Total capacity shipments were up 57.3% year over year to 113.9 exabytes during the quarter. Revenue generated by the group of original design manufacturers (ODMs) selling directly to hyperscale datacenters increased 45.8% year over year in 3Q18 to $3.9 billion. This … More

The post Worldwide enterprise storage systems market revenue reached $14 billion during 3Q18 appeared first on Help Net Security.

Worst password offenders of 2018 exposed

Kanye West is the worst password offender of 2018, according to Dashlane. When visiting the White House, the famous rapper was sprotted unlocking his iPhone with the passcode “000000”. The Pentagon made second place: an audit by the Government Accountability Office revealed easy-to-guess admin passwords and default passwords for multiple weapons systems. Other offenders on the list include: Italian company Ferrero, who offered spectacularly bad password advice to users (they suggested the use of “Nutella” … More

The post Worst password offenders of 2018 exposed appeared first on Help Net Security.

Deception technology: Authenticity and why it matters

This article is the second in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the central role that authenticity plays in the establishment of deception as a practical defense and cyber risk reduction measure. Requirements for authenticity in deception The over-arching goal for any cyber deception system is to create target computing and networking systems and infrastructure that … More

The post Deception technology: Authenticity and why it matters appeared first on Help Net Security.

Can advancing cybersecurity techniques keep pace with new attack vectors in 2019?

A look back through a volatile 2018 has seen the cyber security landscape move towards an even more complex picture. This has been driven by the increased volume and diversity of threats and breaches, tools and network evolution. Security professionals have faced significant challenges in attack detection and mitigation, operating to the necessary policy and legal guidelines and growing teams with suitably-skilled personnel. None of these advances show any signs of slowing in 2019. However, … More

The post Can advancing cybersecurity techniques keep pace with new attack vectors in 2019? appeared first on Help Net Security.

Leveraging AI and automation for successful DevSecOps

As engineering teams try to innovate at a faster pace, being able to maintain the quality, performance and security of the applications become much more important. Organizations have found huge success in improving their overall product quality while ensuring security controls and compliance requirements are met. AI-driven automation solutions have aided engineering teams in automating key processes and leverage predictive analytics, to identify issues before they occur and taking corrective actions, improving the overall product … More

The post Leveraging AI and automation for successful DevSecOps appeared first on Help Net Security.

Guidelines for assessing ISPs’ security measures in the context of net neutrality

According to the EU’s net neutrality regulation, called the Open Internet Regulation, which came into force in 2016, internet providers should treat all internet traffic to and from their customers equally. Security measures, like blocking traffic on certain ports, are only allowed under specific circumstances. One of these circumstances refers to the application of security measures that are necessary to protect the integrity or security of networks, services using the networks, or end-user equipment. The … More

The post Guidelines for assessing ISPs’ security measures in the context of net neutrality appeared first on Help Net Security.

Hacking democracy efforts continue with upticks in malware deployments

Comodo Cybersecurity released its Global Threat Report 2018 Q3, offering insights from Comodo Threat Research Lab experts into key cyberthreat trends and the impact of malware on elections and other geopolitical events. Hacking democracy and malware in conflict zones The Comodo Q3 report also reveals disturbing upticks in malware deployment leading up to major national elections. Comodo Cybersecurity researchers document the impact of malware on elections in Russia, Turkey, Mali, Sierra Leone, Azerbaijan and Columbia. … More

The post Hacking democracy efforts continue with upticks in malware deployments appeared first on Help Net Security.

December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild

It’s Patch Tuesday again and, as per usual, both Microsoft and Adobe have pushed out patches for widely-used software packages. The Microsoft patches Microsoft’s December 2018 Patch Tuesday release is pretty lightweight: the company has plugged 38 CVE-numbered security holes, nine of which are considered to be Critical. Among the most notable bugs in this batch are CVE-2018-8611, an elevation of privilege vulnerability that arises when the Windows kernel fails to properly handle objects in … More

The post December 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild appeared first on Help Net Security.

Securing and managing the enterprise Internet of Things

A future where the Internet of Things spreads exponentially is almost certain. Seemingly everybody wants these devices: consumers for the helpful features and manufacturers for the ability to collect data about the product and consumers’ use of it. Paul Calatayud, Palo Alto Networks’ CSO for the Americas, sees the IoT evolving into a new form of distributed computing powered by 5G and ever-increasing bandwidth speeds. The result will be intelligent, programmable devices that operate without … More

The post Securing and managing the enterprise Internet of Things appeared first on Help Net Security.

6.8% of the top 100,000 websites still accept old, insecure SSL versions

Mac-based malware has appeared on the list of the top ten most common types of malware for the first time in WatchGuard’s quarterly Internet security report. The Mac scareware appeared in sixth place in WatchGuard’s latest Q3 2018 report and is primarily delivered by email to trick victims into installing fake cleaning software. Researchers also found that 6.8 percent of the world’s top 100,000 websites still accept old, insecure versions of the SSL encryption protocol, … More

The post 6.8% of the top 100,000 websites still accept old, insecure SSL versions appeared first on Help Net Security.

Android Trojan steals money from victims’ PayPal account

ESET researchers have unearthed a new Android Trojan that tricks users into logging into PayPal, then takes over and mimics the user’s clicks to send money to the attacker’s PayPal address. The heist won’t go unnoticed by the victim if they are looking at the phone screen, but they will also be unable to do anything to stop the transaction from being executed as it all happens in a matter of seconds. The only thing … More

The post Android Trojan steals money from victims’ PayPal account appeared first on Help Net Security.

Will sophisticated attacks dominate in 2019?

Trend Micro released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. “As we head into 2019, organizations must understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working,” said Greg Young, vice president of cybersecurity for Trend Micro. “Cybercriminals will continue to follow a winning formula – exploiting existing … More

The post Will sophisticated attacks dominate in 2019? appeared first on Help Net Security.

November 2018: Most wanted malware exposed

Check Point has published its latest Global Threat Index for November 2018. The index reveals that the Emotet botnet has entered the Index’s top 10 ranking after researchers saw it spread through several campaigns, including a Thanksgiving-themed campaign. This involved sending malspam emails in the guise of Thanksgiving cards, containing email subjects such as happy “Thanksgiving day wishes”, “Thanksgiving wishes” and “the Thanksgiving day congratulation!” These emails contained malicious attachments, often with file names related … More

The post November 2018: Most wanted malware exposed appeared first on Help Net Security.

30% of healthcare databases are exposed online

Despite the fact that electronic health records (EHR) contain extremely sensitive information about individuals, it is shockingly easy for malicious actors to get their hands on them, Intsights security researchers have discovered. It took them some 90 hours to try to gain access to 50 databases used by healthcare organizations and they found that 15 of them (i.e., 30 percent) easily discoverable and accessible to anyone who knows where to look and has a basic … More

The post 30% of healthcare databases are exposed online appeared first on Help Net Security.

Another API bug spurs Google to ditch consumer Google+ sooner than planned

Google has unearthed another Google+ API bug, which prompted it to accelerate the sunsetting of all Google+APIs and that of the consumer version of Google+. The API bug The bug was introduced in November through a software update and was discovered as part of the company’s ongoing testing procedures. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of … More

The post Another API bug spurs Google to ditch consumer Google+ sooner than planned appeared first on Help Net Security.

CISO challenges and the path to cutting edge security

Zane Lackey is the co-founder and CSO at Signal Sciences, and the author of Building a Modern Security Program (O’Reilly Media). He serves on multiple Advisory Boards including the National Technology Security Coalition, the Internet Bug Bounty Program, and the US State Department-backed Open Technology Fund. Prior to co-founding Signal Sciences, Zane lead a security team at the forefront of the DevOps/Cloud shift as CISO of Etsy. In this interview with Help Net Security he … More

The post CISO challenges and the path to cutting edge security appeared first on Help Net Security.

High profile incidents and new technologies drive cybersecurity M&A to record highs

The Cybersecurity M&A Market Report from international technology mergers and acquisitions advisors, Hampleton Partners, outlines how high profile hacks, the global digitisation of business and new regulations are driving record transaction volumes and valuations, with 141 completed transactions by October this year, surpassing 2016 and 2017 levels. 2018 has seen nine big ticket deals in excess of $500m from buyers such as Thoma Bravo, Cisco, RELX, AT&T and Francisco Partners, which have generated attention to … More

The post High profile incidents and new technologies drive cybersecurity M&A to record highs appeared first on Help Net Security.

An integrated approach helps companies improve operational resilience

By taking a unified approach to managing critical events (i.e. extreme weather, violence, supply chain disruption), businesses can significantly reduce the impact on employee safety, organizational reputation, and revenue, according to a study conducted by Forrester Consulting for Everbridge. According to the study, companies are investing significant resources in sophisticated controls to protect their employees, brand and assets from critical events. These disruptive incidents (ranging from cyberattacks to terrorist activity) increasingly lead to business impacts … More

The post An integrated approach helps companies improve operational resilience appeared first on Help Net Security.

Guide: 5 Steps to Modernize Security in the DevSecOps Era

The practices of DevOps, Continuous Delivery and Agile have become common place for some time now among the development and operations teams in most organizations, and now they are surfacing in security teams. This change is rippling across the organization and breaking down silos for software delivery. Teams are delivering APIs, microservices and web applications at faster than ever speeds. But what about security? Even though application security is well into its teenage years, vulnerabilities … More

The post Guide: 5 Steps to Modernize Security in the DevSecOps Era appeared first on Help Net Security.

Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits

Is it possible for attackers to equip integrated circuits with hardware Trojans that will not change the area or power consumption of the IC, making them thus indiscernible through power-based post fabrication analysis? A group of researchers from the National University of Sciences and Technology (Islamabad, Pakistan), the Vienna University of Technology and New York University have proven it is. They have also demonstrated that hardware Trojans (HTs) can be implanted not only by adding … More

The post Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits appeared first on Help Net Security.

Consumers still put trust in big brands despite breaches

Janrain conducted a survey to better understand how consumers really feel about brands in the wake of so many breaches. The company polled 1,000 UK adults and found that most consumers are still willing to part with their personal information if it can somehow benefit them. While big internet companies like Google and Facebook remain among the least trusted businesses, a large number of respondents put the most faith in pharmaceutical and travel companies including … More

The post Consumers still put trust in big brands despite breaches appeared first on Help Net Security.

Not all data collection is evil: Don’t let privacy scandals stall cybersecurity

Facebook continues to be criticized for its data collection practices. The media is hammering Google over how it handles data. JPMorgan Chase & Company was vilified for using Palantir software to allegedly invade the privacy of employees. This past June marked the five-year anniversary of The Guardian’s first story about NSA mass surveillance operations. These incidents and many others have led to an era where the world is more heavily focused on privacy and trust. … More

The post Not all data collection is evil: Don’t let privacy scandals stall cybersecurity appeared first on Help Net Security.

Australia: Parliament passes anti-encryption bill

The Parliament of Australia has passed the Assistance and Access Bill 2018, which allows Australian authorities to pressure communication providers and tech companies into giving them access to encrypted electronic communications, all in the name of fighting crime and terrorism. Interception capabilities The companies will be forced to use interception capabilities they already have or to build new ones – although the government claims that the authorities can’t use these powers “to introduce so-called ‘backdoors’ … More

The post Australia: Parliament passes anti-encryption bill appeared first on Help Net Security.

Report: Pioneering Privileged Access Management

Gartner released the first-ever Magic Quadrant for Privileged Access Management*, – it is, in our view, a significant milestone for the industry. We believe it spotlights the critical importance of protecting privileged credentials amidst digital transformation initiatives and the ever-changing threat landscape. So why the heightened interest in privileged access? The simple answer: disruption starts with privileged access. The birth of an industry The concept of ‘privilege’ started simply enough. Privileged access originally referred to … More

The post Report: Pioneering Privileged Access Management appeared first on Help Net Security.

Old and new OpenSSH backdoors threaten Linux servers

OpenSSH, a suite of networking software that allows secure communications over an unsecured network, is the most common tool for system administrators to manage rented Linux servers. And given that over one-third of public-facing internet servers run Linux, it shouldn’t come as a surprise that threat actors would exploit OpenSSH’s popularity to gain control of them. How big and widespread is the threat? Nearly five years ago, ESET researchers helped to disrupt a 25 thousand-strong … More

The post Old and new OpenSSH backdoors threaten Linux servers appeared first on Help Net Security.

New infosec products of the week: December 7, 2018

Juniper Networks updates JATP Appliances to prioritize cyber threats from any security source Juniper Networks released new offerings as part of its Juniper Networks Advanced Threat Prevention (JATP) Appliances, enabling enterprises to detect malware, understand behavior and mitigate threats with just one touch. This solution leverages data from any third-party firewall or security data source, avoiding unnecessary vendor lock-in. Eliminating complex, time-consuming data collection configurations, Juniper is helping security teams improve their organization’s security posture … More

The post New infosec products of the week: December 7, 2018 appeared first on Help Net Security.

December Patch Tuesday forecast: Let it snow, let it snow, let it snow

Grab your shovels, dust off the snow blower, and bundle up. The way patches are accumulating this month is making me think of winter in Minnesota. I’m talking about the kind where the snow flurries start and stop so many times over the course of a few weeks, you suddenly realize there is a lot of snow out there! So the question is, do you shovel in small amounts when there are breaks in the … More

The post December Patch Tuesday forecast: Let it snow, let it snow, let it snow appeared first on Help Net Security.

Half of management teams lack awareness about BPC despite increased attacks

Trend Micro revealed that 43 percent of surveyed organizations have been impacted by a Business Process Compromise (BPC). Despite a high incidence of these types of attacks, 50 percent of management teams still don’t know what these attacks are or how their business would be impacted if they were victimized. Most popular filename categories used in malicious attachments (based on VirusTotal samples) In a BPC attack, criminals look for loopholes in business processes, vulnerable systems … More

The post Half of management teams lack awareness about BPC despite increased attacks appeared first on Help Net Security.

10 trends impacting infrastructure and operations for 2019

Gartner highlighted the key technologies and trends that infrastructure and operations (I&O) leaders must start preparing for to support digital infrastructure in 2019. “More than ever, I&O is becoming increasingly involved in unprecedented areas of the modern day enterprise. The focus of I&O leaders is no longer to solely deliver engineering and operations, but instead deliver products and services that support and enable an organization’s business strategy,” said Ross Winser, Senior Director, Analyst at Gartner. … More

The post 10 trends impacting infrastructure and operations for 2019 appeared first on Help Net Security.

Apple releases security updates for Macs, iDevices, AppleTV

Another month, another set of Apple security updates: if you’re using macOS, iOS, Shortcuts for iOS, tvOS, Safari, and iCloud and iTunes for Windows, it’s time to get patching. The updates The Safari, iCloud and iTunes updates have a lot of overlap – two Safari bugs that can lead to address bar or user interface spoofing, six WebKit issues that can be triggered by the processing of maliciously crafted web content to achieve remote code … More

The post Apple releases security updates for Macs, iDevices, AppleTV appeared first on Help Net Security.

An introduction to deception technology

This article is first in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of the evolution of deception, including its use in the enterprise, with emphasis on the practical requirements that have emerged in recent years to counter the growing number and nature of malicious threats. Purpose of deception for cyber The idea of modern deception in cyber security … More

The post An introduction to deception technology appeared first on Help Net Security.

(IN)SECURE Magazine issue 60 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 60 has been released today. Table of contents How to make the CFO your best cybersecurity friend Review: Specops Password Policy Break out of malware myopia by focusing on the fundamentals Securing our future in the age of IoT Blind spots and how to see them: Observability in a serverless environment There are no real shortcuts to most … More

The post (IN)SECURE Magazine issue 60 released appeared first on Help Net Security.

Adobe patches newly exploited Flash zero-day

Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being exploited in the wild. About the vulnerability (CVE-2018-15982) CVE-2018-15982 is a use-after-free in the Flash’s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim’s computer. It was flagged on November 29 by researchers with Gigamon Applied Threat Research (ATR) and Qihoo 360 … More

The post Adobe patches newly exploited Flash zero-day appeared first on Help Net Security.

Researchers create AI that could spell the end for website security captchas

Researchers have created new artificial intelligence that could spell the end for one of the most widely used website security systems. The new algorithm, based on deep learning methods, is the most effective solver of captcha security and authentication systems to date and is able to defeat versions of text captcha schemes used to defend the majority of the world’s most popular websites. Text-based captchas use a jumble of letters and numbers, along with other … More

The post Researchers create AI that could spell the end for website security captchas appeared first on Help Net Security.

Measuring privacy operations: Use of technology on the rise

Critical privacy program activities such as creating data inventories, conducting data protection impact assessments (DPIA), and managing data subject access rights requests (DSAR) are now well established in large and small organizations in both Europe and the United States, according to TrustArc and the International Association of Privacy Professionals (IAPP). “Among our thousands of members, we know that privacy teams are now reporting on a regular basis to company leadership, and consequently they need to … More

The post Measuring privacy operations: Use of technology on the rise appeared first on Help Net Security.

Consumers believe social media sites pose greatest risk to data

A majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, with retailers most at risk, according to Gemalto. Two-thirds (66%) are unlikely to shop or do business with an organisation that experiences a breach where their financial and sensitive information is stolen. Retailers (62%), banks (59%), and social media sites (58%) are the most at risk of suffering consequences with consumers prepared to use their feet. Surveying … More

The post Consumers believe social media sites pose greatest risk to data appeared first on Help Net Security.

Post-exploitation scanning tool scavenges for useful information

Philip Pieterse, Principal Consultant for Trustwave’s SpiderLabs, has demonstrated at Black Hat Arsenal Europe 2018 a new tool for penetration testers called Scavenger. About Scavenger Scavenger is a multi-threaded post-exploitation scanning tool that helps penetration testers pinpoint files and folders that may provide the most “interesting” or useful information. “Scavenger confronts a challenging issue typically faced by penetration testing consultants during internal penetration tests: the issue of having too much access to too many systems … More

The post Post-exploitation scanning tool scavenges for useful information appeared first on Help Net Security.

Chrome 71 is out, with several security changes

Google has released Chrome 71 for Windows, Mac, Linux and Android. The newest version of the popular browser comes with 43 security fixes and many new features, including several ones that aim to help users avoid security pitfalls. Changes improving user security As announced in November, when attempting to visit pages that try to trick them into signing up for mobile-based subscription services users will be explicitly warned about the danger through a pop-up alert: … More

The post Chrome 71 is out, with several security changes appeared first on Help Net Security.

Critical Kubernetes privilege escalation flaw patched, update ASAP!

A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software Kubernetes has been patched on Monday. The project maintainers are urging users to update their installations as soon as possible, since the flaw can be easily exploited remotely by unauthenticated attackers to gain access to vulnerable Kubernetes clusters and the applications and data within them. About the vulnerability (CVE-2018-1002105) CVE-2018-1002105 affects the Kubernetes API server – more specifically, its … More

The post Critical Kubernetes privilege escalation flaw patched, update ASAP! appeared first on Help Net Security.

Situational awareness: Real-time decision making to improve business operations

Although the term situational awareness usually pertains to the military and first responder space, it also plays a crucial role in the efficiency of public and private organizations such as large-scale businesses, government agencies, transportation and logistics, and many other industries. For business leaders, situational awareness has come to mean having real-time visibility into operations in order to understand and control the business on a day-to-day basis. This allows entire teams to understand how their … More

The post Situational awareness: Real-time decision making to improve business operations appeared first on Help Net Security.

Major flaws uncovered in leading IoT protocols

Trend Micro warned organizations to revisit their operational technology (OT) security after finding major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). A high-level view of the interaction models of MQTT (left) and CoAP (right) The insecurity of IIoT’s data backbone Trend Micro’s new report, co-branded with Politecnico di Milano, The Fragility of Industrial IoT’s Data Backbone, highlights the growing threat … More

The post Major flaws uncovered in leading IoT protocols appeared first on Help Net Security.

Microservices becoming architectural style of choice for application development

Microservices – a software development technique where an application is created by combining numerous smaller services – have evolved from fad to trend, becoming an architectural style of choice for new application development and the migration target for many existing systems, according to O’Reilly. Microservices on the rise The report surveyed 866 software architecture practitioners across North America, Europe and Asia and found that microservices are used in over 50 percent of software projects, with … More

The post Microservices becoming architectural style of choice for application development appeared first on Help Net Security.

80% of enterprises struggle to protect machine identities

A study conducted by Forrester Consulting examined the views of 116 IT security professionals from financial services and insurance organizations in the U.S., U.K., Germany, France and Australia. A key finding from the study reveals that eighty percent of financial services respondents who are responsible for identity and access management (IAM) believe automated communications between machines on their organizations’ networks are mostly or completely secure. Seventy-one percent of respondents believe effective protection of machine identities … More

The post 80% of enterprises struggle to protect machine identities appeared first on Help Net Security.

Find out what your peers are saying about Office 365 MFA

Specops Software ran a global survey that gauged satisfaction with Office 365 MFA among other O365 adoption initiatives. Not surprisingly, most respondents are not satisfied with Microsoft’s O365 MFA options. Additionally the majority have taken a hybrid approach to O365 by connecting their Active Directory environments to benefit from existing user management and authentication processes. This approach can open up new challenges. For full survey details, download the free report.

The post Find out what your peers are saying about Office 365 MFA appeared first on Help Net Security.

Quora data breach: 100 million users affected

Question-and-answer website Quora has suffered a data breach that may have affected approximately 100 million of its users. About Quora Quora was founded in June 2009 by former Facebook employees Adam D’Angelo and Charlie Cheever and has hit 300 million monthly users in September 2018. The site requires/encourages users to register with their real names, ostensibly to add credibility to the answers they provide. Users can also log in with their Google or Facebook accounts. … More

The post Quora data breach: 100 million users affected appeared first on Help Net Security.

Why hospitals are the next frontier of cybersecurity

Hospital cybersecurity is a pressing problem with unique challenges and incalculable stakes. The healthcare industry’s accelerating adoption of sophisticated networks, connected devices and digital records has revolutionized clinical operations and patient care but has also left modern hospitals acutely vulnerable to cyber attack. Recent high-profile hacks have brought these mounting threats sharply into focus. However, despite increasing efforts and awareness, a number of technological, cultural and regulatory issues complicate healthcare cybersecurity. Security solutions built for … More

The post Why hospitals are the next frontier of cybersecurity appeared first on Help Net Security.

Hardware is on its way out as the demand for SD-WAN climbs

In today’s world applications are moving to the cloud and employee mobility is on the rise, which adds unprecedented flexibility and agility. However, this drive towards digital transformation means that businesses are faced with navigating the myriad network infrastructure and security challenges on their way to making the internet the new corporate network. Gartner projected the worldwide public cloud services market to grow 21.4 percent in 2018. This rapid proliferation of cloud services and software-as-a-service … More

The post Hardware is on its way out as the demand for SD-WAN climbs appeared first on Help Net Security.

Enabling the digital future: speed, agility and resilience

As more organizations embrace digital business, infrastructure and operations (I&O) leaders will need to evolve their strategies and skills to provide an agile infrastructure for their business. In fact, Gartner said that 75 percent of I&O leaders are not prepared with the skills, behaviors or cultural presence needed over the next two to three years. These leaders will need to embrace emerging trends in edge computing, artificial intelligence (AI) and the ever-changing cloud marketplace, which … More

The post Enabling the digital future: speed, agility and resilience appeared first on Help Net Security.

Vulnerability discovered in safety controller configuration software

Gjoko Krstic, an Applied Risk researcher, has discovered a vulnerability in Pilz PNOZmulti Configurator software that allows a local attacker to read sensitive data in clear-text. The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions. The tool can be found on engineering workstations which are used to configure safety controllers. The software is … More

The post Vulnerability discovered in safety controller configuration software appeared first on Help Net Security.

Sharp rise in email and social media hacking in the UK

Police forces across the UK are coming under increasing pressure to launch criminal investigations into incidents of social media and computer hacking, according to a new report from the Parliament Street think tank. The news comes as senior Police Chiefs have warned that budget cuts and limited resources are leading to an increase in violent crime across the country. The new research paper, reveals that 14 police forces have launched a total of 2,547 investigations … More

The post Sharp rise in email and social media hacking in the UK appeared first on Help Net Security.

Detecting malicious behavior blended with business-justified activity

With organizations moving to the cloud and remote workers becoming the rule rather than the exception, the definition of the network is changing. Add to this the increasing use of IoT devices, encryption and engagement in shadow IT practices, and it’s easy to see why organizations have trouble keeping their network and systems secure. What’s more, attackers are changing tactics: they are relying less and less on malware and shifting their focus to stealing legitimate … More

The post Detecting malicious behavior blended with business-justified activity appeared first on Help Net Security.

Making it harder for attackers to know when a system begins to deceive a bad actor

Can you deceive a deceiver? That’s the question that computer scientists at Binghamton University, State University of New York have recently been exploring. Assistant Professor of Computer Science Guanhua Yan and PhD student Zhan Shu are looking at how to make cyber deception a more effective tool against malicious hackers. Their study was inspired by the 2013 Target data breach that affected 41 million consumers and cost Target $18.5 million, and the 2017 Equifax hack … More

The post Making it harder for attackers to know when a system begins to deceive a bad actor appeared first on Help Net Security.

Best practice methodology for industrial network security: SEC-OT

Secure Operations Technology (SEC-OT) is a methodology and collection of best practices inspired by a decade of experience working with secure industrial sites. The SEC-OT approach is counter-intuitive to many IT and even industrial control system (ICS) security practitioners. It turns out that secure industrial sites ask different questions and get different answers. For example, industrial sites generally do not ask “how can we protect our information?” Instead, they ask, “how to we keep the … More

The post Best practice methodology for industrial network security: SEC-OT appeared first on Help Net Security.

IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry

High penetration of Industrial Internet of Things (IIoT) technology in critical infrastructure and the manufacturing sector has resulted in a growing number of potential cyber-attack surfaces. According to a recent analysis from Frost & Sullivan, cyber-attacks within the energy and utilities industries alone cost an average of $13.2 million per year. These rising incidences of cyber-attacks, coupled with evolving compliance regulations by governments, and increased awareness among mature and less mature markets have accelerated the … More

The post IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry appeared first on Help Net Security.

The fundamentals of network security and cybersecurity hygiene

Infrastructure and network security The two fundamental building blocks to ensuring that your data is secure are physical infrastructure and network security. Understanding and protecting your information from threats and human error require meticulously layered security protocols. Physical infrastructure Last year, British Airways canceled over 400 flights and stranded 75,000 passengers because of an IT outage caused by an engineer who disconnected a power supply at a data center near London’s Heathrow airport. When it … More

The post The fundamentals of network security and cybersecurity hygiene appeared first on Help Net Security.

Blind spots and how to see them: Observability in a serverless environment

Companies embracing DevOps and cloud to fuel digital transformation are increasingly turning to serverless computing, also known as ‘functions-as-a-service’ (FaaS), to shift resource-intensive operational duties away from developers to cloud providers. According to the Cloud Native Computing Foundation, the use of serverless technology is surging, up 22 percent since December 2017, with 26 percent of organizations planning to deploy within the next 12 to 18 months to maximize operational efficiencies and enable application developers to … More

The post Blind spots and how to see them: Observability in a serverless environment appeared first on Help Net Security.

Is security the real stuff of nightmares?

The Chief Information Security Officer role (CISO), is the most senior cyber security role in any organisation, and the role has developed rapidly in recent years under the wave of increased digital needs. With more customer data gathered and stored than ever before, the risk of implementing a sub-par security strategy effects every level of the organisation. CISOs are the custodians, responsible for protecting the face of their business and trust of its customers as … More

The post Is security the real stuff of nightmares? appeared first on Help Net Security.

Keeping data swamps clean for ongoing GDPR compliance

The increased affordability and accessibility of data storage over recent years can be both a benefit and a challenge for businesses. While the ability to stockpile huge volumes and varieties of data can deliver previously unattainable intelligence and insight, it can also result in ‘data sprawl’, with businesses unclear of exactly what information is being stored, where it’s being held, and how it’s being accessed. The introduction of the General Data Protection Regulation (GDPR) in … More

The post Keeping data swamps clean for ongoing GDPR compliance appeared first on Help Net Security.

7 trends driving enterprise IT transformation in 2019

Enabling the business outcome in a ‘Real-Time’ enterprise environment is the next challenge for global brands and government agencies in 2019. Tech companies will need to drive hard to continually exceed to their customers’ expectations during a time of accelerating change. They will need to show how technology can help deliver on their customers’ objectives, improve agility, security and impact, or they risk being disrupted. Here is Verizon Enterprise Solutions’ view of those enterprise technology … More

The post 7 trends driving enterprise IT transformation in 2019 appeared first on Help Net Security.

Photos: HITBSecConf2018 Dubai, part two

After an 8-year gap, the Hack In The Box conference once again opened its doors in Dubai. The conference features a Capture the Flag competition, a technology exhibition with a focus area on IoT and blockchain related tech, a car hacking village, hardware related village and a space for makers and hackerspaces. There’s also CommSec – a free-to-attend track of 30 and 60-minute talks that are live streamed on YouTube.

The post Photos: HITBSecConf2018 Dubai, part two appeared first on Help Net Security.

Why compliance is never enough

Organizations are well aware of the security risks inherent in our hyper-connected world. However, many are making the mistake of focusing their attention on being compliant rather than on ensuring that their security strategy is effective and efficient. As the threat landscape continues to evolve this type of compliance-driven, checkbox mentality is setting many organizations up for a potentially disastrous fall (or breach). Being in compliance does not guarantee that a company has a comprehensive … More

The post Why compliance is never enough appeared first on Help Net Security.

Take cybersecurity into your own hands: Don’t rely on tech giants

Google doesn’t want you to have to think about cybersecurity at all, similar to how we think about breathing, which sounds like a great idea. However, in all of my years in cyber security, from the Israeli Defence Forces’ Intelligence Corps Unit to my years at the government’s National Cyber Bureau – where I worked with one of the most attacked organizations in the world, the Israel Electric Corporation – I’ve learned that trusting solely … More

The post Take cybersecurity into your own hands: Don’t rely on tech giants appeared first on Help Net Security.

Cybersecurity 2019: Predictions you can’t ignore

As we move forward to 2019, expect credit card and payment information theft to continue to rise. Yes, this isn’t a major surprise; however, if organizations can better address the reasons for the rise in cybercrime, they will be better prepared. Bolder cyberattacks against digital businesses The good news: advanced security technologies are constantly being brought to market. The not-so-good news: threat actors are not letting that get in the way; witness more intensified and … More

The post Cybersecurity 2019: Predictions you can’t ignore appeared first on Help Net Security.

Key reasons holding back MFA adoption by mainframe customers

While 64 per cent of mainframers are aware that multi-factor authentication (MFA) is now available to control access to mainframe applications, only 20 per cent acknowledge their organization is already using it or plans to do so, according to Macro 4. Concerns about disrupting applications, lack of mainframe and security skills and resistance from end users are some of the issues holding back adoption. “With data protection and security a major priority among most enterprises, … More

The post Key reasons holding back MFA adoption by mainframe customers appeared first on Help Net Security.

Photos: HITBSecConf2018 Dubai

After an 8-year gap, the Hack In The Box conference once again opened its doors in Dubai. The conference features a Capture the Flag competition, a technology exhibition with a focus area on IoT and blockchain related tech, a car hacking village, hardware related village and a space for makers and hackerspaces. There’s also CommSec – a free-to-attend track of 30 and 60-minute talks that are live streamed on YouTube. Registration area Capture The Flag … More

The post Photos: HITBSecConf2018 Dubai appeared first on Help Net Security.

Product showcase: Cynet 360 Security Platform

Resource-constrained companies that want to protect their internal environments from cyberattack face an impossible challenge: they need to spend a lot of money to buy multiple point solutions to complement their firewall and antivirus. Of course, this means breaking budgets as well as hiring staff that doesn’t exist. In reality, most of them eventually stay without an effective cyber defense. Cynet addresses this challenge that most organizations face, by consolidates network and endpoint protection in … More

The post Product showcase: Cynet 360 Security Platform appeared first on Help Net Security.

Why you shouldn’t be worried about UPnP port masking

Last May, security firm Imperva wrote a blog post discussing a new proof of concept for bypassing DDoS mitigation after discovering reflected network protocols appearing on non-standard network ports. Imperva was able to replicate the same behavior using a technique called UPnP Port Masking, which uses the Universal Plug and Play (UPnP) Protocol to alter the source port of commonly abused network protocols in DDoS attacks. Multiple news outlets picked up on Imperva’s research and … More

The post Why you shouldn’t be worried about UPnP port masking appeared first on Help Net Security.

ATM attackers strike again: Are you at risk?

The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards. For many readers, the attacks’ success may be surprising. However, IBM X-Force Red … More

The post ATM attackers strike again: Are you at risk? appeared first on Help Net Security.

The current state of cybersecurity in the connected hospital

Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment. Results found that while physicians and hospital administrators view cybersecurity as a priority, the majority of them feel underprepared to combat cyber risks in the connected hospital. “Cybersecurity is a shared responsibility across all of us working in today’s healthcare system,” said Chris Tyberg, … More

The post The current state of cybersecurity in the connected hospital appeared first on Help Net Security.

GDPR’s impact: The first six months

GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth. The day GDPR came into law complaints were filed by data subjects against … More

The post GDPR’s impact: The first six months appeared first on Help Net Security.

Are we chasing the wrong zero days?

Zero days became part of mainstream security after the world found out that Stuxnet malware was used to inflict physical damage on an Iranian nuclear facility. After the revelation, organization focused efforts on closing unknown pathways into networks and to detecting unidentified cyber weapons and malware. A number of cybersecurity startups have even ridden the “zero day” wave into unicornville. Stuxnet’s ability to halt operations forced critical infrastructure operators to think about they could fall … More

The post Are we chasing the wrong zero days? appeared first on Help Net Security.

For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both Hadoop and Spark, allowing unauthenticated remote code execution via their REST APIs. Many enterprises have adopted big data processing components … More

The post For recent big data software vulnerabilities, botnets and coin mining are just the beginning appeared first on Help Net Security.

Internal negligence to blame for most data breaches involving personal health information

Your personal identity may fall at the mercy of attackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits. Internal dangers New research from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues with medical providers – not because of hackers or external parties. … More

The post Internal negligence to blame for most data breaches involving personal health information appeared first on Help Net Security.

Case study: Why Duo chose Signal Sciences to provide security visibility and blocking

Duo customers trust its platform to support the scale and frequency of billions of authentication requests across the globe every week. Duo’s security team needed to see and secure this traffic without negatively impacting user experience or introducing additional security risks. Duo was seeking application security visibility for its leading authentication platform and websites that didn’t introduce additional security or operational risk. Duo chose Signal Sciences for their ability to provide immediate security visibility and … More

The post Case study: Why Duo chose Signal Sciences to provide security visibility and blocking appeared first on Help Net Security.

Don’t accept risk with a pocket veto

We who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. We can transfer the risk with insurance or outsourcing, though the transfer is rarely complete. Lastly, we can accept risk and hope for the best. Let’s get this out of the way first: no security professional wants to … More

The post Don’t accept risk with a pocket veto appeared first on Help Net Security.

Losses from online payment fraud to reach $48 billion annually

A new study from Juniper Research has found that annual online payment fraud losses from eCommerce, airline ticketing, money transfer and banking services, will reach $48 billion by 2023; up from the $22 billion in losses projected for 2018. Juniper’s new research, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2018-2023, claimed that a critical driver behind these losses will be the continued high level of data breaches resulting in the theft of … More

The post Losses from online payment fraud to reach $48 billion annually appeared first on Help Net Security.

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as soon as possible. The flaw affects Flash Player 31.0.0.148 and earlier versions on Windows, macOS, Linux and Chrome OS, and details about it are already publicly available, the company warned. About CVE-2018-15981 CVE-2018-15981 was discovered and publicly disclosed by researcher Gil Dabah last week. “The interpreter code … More

The post Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent appeared first on Help Net Security.

Conficker: A 10-year retrospective on a legendary worm

This November marked the 10-year anniversary of Conficker, a fast-spreading worm targeting Microsoft systems that went on to claim one of the highest levels of infection in history. Millions of computers were eventually infected by the worm, including hospitals across Europe as well as ordinary consumers. Looking back to my time helping to defeat the worm however, it is apparent that the outbreak also helped to elevate the security industry and shape many of the … More

The post Conficker: A 10-year retrospective on a legendary worm appeared first on Help Net Security.

The holiday season and cybercrime: 8 ways to protect yourself

The holiday season has become an unbridled online spending extravaganza, and threat actors have taken notice. For shoppers, what starts out as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust between them and their customers and prospects. Cyber Monday 2017 was the largest … More

The post The holiday season and cybercrime: 8 ways to protect yourself appeared first on Help Net Security.

Should government officials complete basic cyber security training?

Venafi announced the results of a survey of 515 IT security professionals’ views on the cyber security literacy of government officials. The survey was conducted August 4-9, 2018, at the Black Hat conference in Las Vegas. According to the survey, eighty-eight percent of respondents believe all government officials should be required to complete a basic cyber security training course. In addition, sixty-six percent believe governments should not be able to force technology companies to grant … More

The post Should government officials complete basic cyber security training? appeared first on Help Net Security.

The state of BYOD and mobile device security

Bitglass has released its 2018 BYOD Security Report. The analysis is based on a survey of nearly 400 enterprise IT experts who revealed the state of BYOD and mobile device security in their organizations. According to the study, 85 percent of organizations are embracing BYOD. Interestingly, many organizations are even allowing contractors, partners, customers, and suppliers to access corporate data on their personal devices. Amidst this BYOD frenzy, over half of the survey’s respondents believe … More

The post The state of BYOD and mobile device security appeared first on Help Net Security.

Make-A-Wish website compromised to serve cryptojacking script

Visitors of the international website of the US-based non-profit Make-A-Wish Foundation have had their computing power misused to covertly mine cryptocurrency, Trustwave researchers have found. The compromise In-browser cryptomining is not illegal and many website owners prefer using as a money-making substitute for ads, but they usually inform the visitors about it. In the majority of cases, though, covert cryptomining is a sign that cybercrooks have compromised the website, injected their own cryptomining script in … More

The post Make-A-Wish website compromised to serve cryptojacking script appeared first on Help Net Security.

“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More

The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security.

Privacy laws do not understand human error

In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces. Understanding the differences between unstructured and structured data – and the different approaches needed to secure it – is critical to achieve compliance with the many data privacy regulations that businesses in the U.S. now face. Structured data is comprised of individual elements of information organized to be accessible, … More

The post Privacy laws do not understand human error appeared first on Help Net Security.

66.1% of vulnerabilities published through Q3 2018 have a documented solution

There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities cataloged through Q3 2018 by Risk Based Security’s research team eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,800. It’s also worth noting that NVD is still significantly behind in vulnerability scoring and creating the automation component. Vulnerabilities with a CVSSv2 score … More

The post 66.1% of vulnerabilities published through Q3 2018 have a documented solution appeared first on Help Net Security.

Third parties: Fast-growing risk to an organization’s sensitive data

The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and partners. According to the findings, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 … More

The post Third parties: Fast-growing risk to an organization’s sensitive data appeared first on Help Net Security.

Only 14% have complete organizational awareness of IoT threats

86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk. The poll of 1,150 IT and security leaders1 reveals a worrying lack of cybersecurity maturity in many organizations around the world as they deploy IoT projects to … More

The post Only 14% have complete organizational awareness of IoT threats appeared first on Help Net Security.

New security feature to prevent Amazon S3 bucket misconfiguration and data leaks

Hardly a week goes by that we don’t hear about an organization leaving sensitive data exposed on the Internet because they failed to properly configure their Amazon S3 buckets. Amazon Web Services, to their credit, are trying to prevent this from happening. For one, all newly created S3 buckets and objects (files and directories in the bucket) are by default private, i.e. not publicly accesible by random people via the Internet. Secondly, changes implemented earlier … More

The post New security feature to prevent Amazon S3 bucket misconfiguration and data leaks appeared first on Help Net Security.

Helping researchers with IoT firmware vulnerability discovery

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency. “Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency they exclude so … More

The post Helping researchers with IoT firmware vulnerability discovery appeared first on Help Net Security.

Review: Specops Password Policy

All who work in the information security industry agree that passwords are one of the worst security nightmares of the modern information security age. Having weak passwords – even as part of a multi-factor authentication scheme – degrades the security posture of an organization. Unfortunately, as passwords scale well, they are still present in practically every organization and even central authentication places like Active Directory. There are multiple security controls, even in core operating systems, … More

The post Review: Specops Password Policy appeared first on Help Net Security.

Remote working may boost productivity, but also leave you vulnerable to attack

New flexible working practices could pose a security risk to small businesses, with one in five of employees (21%) stating they are most productive when working in public spaces like a cafe or library, but only 18% concerned with the security implications this could have. SMBs therefore face the challenge of keeping their business secure, all the while adhering to the needs and expectations of the modern workforce, according to Avast. Concerns small business staff … More

The post Remote working may boost productivity, but also leave you vulnerable to attack appeared first on Help Net Security.

In a post-EMV world, fraud is shifting from in-person to ecommerce channels

Three years after the switch to new chip-based credit and debit cards, a study by the National Retail Federation and Forrester says payment card fraud is still a top concern for large U.S. retailers as criminals move their activities online. “The implementation of EMV chip cards and chip card readers was supposed to dramatically reduce credit and debit card fraud,” the State of Retail Payments report said. “So why is fraud still the top concern … More

The post In a post-EMV world, fraud is shifting from in-person to ecommerce channels appeared first on Help Net Security.

Worldwide digital transformation spending to reach $1.97 trillion in 2022

Worldwide spending on the technologies and services that enable the digital transformation (DX) of business practices, products, and organizations is forecast to reach $1.97 trillion in 2022, according to the IDC Worldwide Semiannual Digital Transformation Spending Guide. “IDC predicts that, by 2020, 30% of G2000 companies will have allocated capital budget equal to at least 10% of revenue to fuel their digital strategies,” said Shawn Fitzgerald, research director, Worldwide Digital Transformation Strategies. “This shift toward … More

The post Worldwide digital transformation spending to reach $1.97 trillion in 2022 appeared first on Help Net Security.

New infosec products of the week: November 16, 2018

Cequence Security announces application security platform to stop bot attacks Cequence ASP is an application security platform that provides a scalable defense against the growing number of bot attacks affecting today’s hyper-connected organizations. Cequence ASP was built not only as a distributed, extensible, open software platform, but also as automated solution leveraging a patent-pending analytics engine (CQAI), which combines applied artificial intelligence, machine learning, and behavioral analysis. Cryptowerk introduces blockchain-based technology to certify data integrity … More

The post New infosec products of the week: November 16, 2018 appeared first on Help Net Security.

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019

WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems. “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO … More

The post Vaporworms: New breed of self-propagating fileless malware to emerge in 2019 appeared first on Help Net Security.

Online shoppers continue to engage in risky behavior

Findings from a new McAfee survey reveal the risky habits of online shoppers, including using unsecured Wi-Fi for online shopping and purchasing items from online retailers they are not fully confident are genuine (51 percent). This highlights the need for consumers to slow down and consider the risks of unsafe purchasing behavior that could lead to identity theft or financial loss. Last year consumers spent $453.46 billion on the web for retail purchases, which was … More

The post Online shoppers continue to engage in risky behavior appeared first on Help Net Security.

What senior finance executives think about payments security

A WEX survey of more than 1,000 CFOs and senior financial executives from the U.S., Europe and Asia/Oceana revealed that for this group, security is paramount in payments solutions or platforms. Security – both of information and settlements – is raised by executives as a concern in multiple aspects of payments processing. In fact, according to those surveyed, security of transactions is the single most important attribute of payments. More than half of American executives—53 … More

The post What senior finance executives think about payments security appeared first on Help Net Security.

Cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits

Enterprises plan to increase hybrid cloud usage, with 91% stating hybrid cloud as the ideal IT model, but only 18% stating they have that model today, according to Nutanix. Application mobility across any cloud is a top priority for 97% of respondents – with 88% of respondents saying it would “solve a lot of my problems.” IT decision makers ranked matching applications to the right cloud environment as a critical capability, and 35% of organizations … More

The post Cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits appeared first on Help Net Security.

Organizations unable to achieve business resilience against cyber threats

The Resilience Gap study, which surveyed over 4,000 business decision makers across the United States, United Kingdom, France, Germany and Japan found that while 96% of the global business decision makers believe that making technology resilient to business disruptions should be core to their firm’s wider business strategy, the reality is very different. In fact, only 54% of respondents claim that it definitely is. Barriers to achieving business resilience Despite 96% of respondents claiming that … More

The post Organizations unable to achieve business resilience against cyber threats appeared first on Help Net Security.

Law firms are increasingly investing in cybersecurity programs

Logicforce released the results of its most recent Law Firm Cybersecurity Scorecard, a periodic study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices. Results of the study indicate that law firms are increasingly investing in cybersecurity programs, but most law firms are not implementing many of the protocols that will comprehensively protect them and their clients over time. Many firms’ clients and potential clients are … More

The post Law firms are increasingly investing in cybersecurity programs appeared first on Help Net Security.

Online shopping fraud to surge during Black Friday and Cyber Monday

New benchmark data from ACI Worldwide revealed a projected 14 percent increase in fraud attempts during the upcoming 2018 peak holiday season. Based on hundreds of millions of merchant transactions, the data shows that fraud attempts are going to be at their highest across the Black Friday and Cyber Monday weekend. Principal findings from the data include: Fraud attempts expected to increase 14% during 2018 peak holiday season Cross Channel fraud continues to grow: In … More

The post Online shopping fraud to surge during Black Friday and Cyber Monday appeared first on Help Net Security.

IoT related security missteps cost enterprises millions

Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the IoT into their business models, according to a new study from DigiCert. Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. These findings come amid a ramping up of IoT focus within the typical organization. Eighty-three … More

The post IoT related security missteps cost enterprises millions appeared first on Help Net Security.

Container strategies don’t take security seriously enough

Most organizations do not feel prepared to adequately secure cloud-native applications, despite the surging adoption of containers and Kubernetes, according to StackRox. Notable findings: More than a third of organizations with concerns about their container strategy worry that their strategies don’t adequately address container security An additional 15 percent believe their strategies don’t take seriously enough the threat to containers and Kubernetes deployments More than one-third of respondents haven’t started or are just creating their … More

The post Container strategies don’t take security seriously enough appeared first on Help Net Security.

What’s keeping Europe’s top infosec pros awake at night?

As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts about the industry’s ability to protect critical infrastructure, corporate networks, and personal information. Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night. The report includes new insights directly from more than 130 survey respondents and spans topics … More

The post What’s keeping Europe’s top infosec pros awake at night? appeared first on Help Net Security.

60% of firms believe a major security event will hit in the next few years

Only 30 percent of 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years, according to eSentire. In terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 … More

The post 60% of firms believe a major security event will hit in the next few years appeared first on Help Net Security.

Employees aren’t taking the proper steps to keep information safe while traveling

Employees aren’t taking the proper steps to keep their organizations’ information safe while traveling. ObserveIT surveyed more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year and found that the majority are putting connectivity and efficiency above security; using public Wi-Fi and unauthorized devices to access work email and/or files on the go. While they may not have malicious intent, the negligent actions of employees caused … More

The post Employees aren’t taking the proper steps to keep information safe while traveling appeared first on Help Net Security.