Category Archives: Hot stuff

Most dangerous attack techniques, and what’s coming next

Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More

The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security.

Researchers propose scheme to secure brain implants

A group of researchers from KU Leuven, Belgium, have proposed a practical security scheme that would allow secure communications between a widely used implantable neurostimulator – an electrical brain implant used to treat a number of medical issues – and its external device programmer. Other researchers have already noted that motivated attackers could find ways to hack brain implants due to their poor or inexistent security, and have pointed out that, while the current risk … More

The post Researchers propose scheme to secure brain implants appeared first on Help Net Security.

Researchers develop algorithm to detect fake users on social networks

Ben-Gurion University of the Negev and University of Washington researchers have developed a new generic method to detect fake accounts on most types of social networks, including Facebook and Twitter. According to their new study in Social Network Analysis and Mining, the new method is based on the assumption that fake accounts tend to establish improbable links to other users in the networks. “With recent disturbing news about failures to safeguard user privacy, and targeted … More

The post Researchers develop algorithm to detect fake users on social networks appeared first on Help Net Security.

US, UK warn Russians hackers are compromising networking devices worldwide

Russian state-sponsored hackers are targeting network infrastructure devices worldwide, the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) have warned on Monday. A joint technical alert published by the organizations says that the targets are “primarily government and private-sector organisations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.” The attackers are compromising routers, switches, firewalls, Network-based Intrusion Detection System … More

The post US, UK warn Russians hackers are compromising networking devices worldwide appeared first on Help Net Security.

Your Android phone says it’s fully patched, but is it?

How do fully-maintained (i.e., patched) Android phones end up getting exploited? Searching for an answer to that question spurred security researchers to analyze thousands of Android firmwares for the presence of hundreds of patches. Their research led to an unwelcome discovery: most Android vendors regularly forget to include some patches in the security updates provided to users. The research Security Research Labs researchers Jakob Lell and Karsten Nohl explained how they went about making the … More

The post Your Android phone says it’s fully patched, but is it? appeared first on Help Net Security.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

What’s your security story? How to use security as a sales tool

Positioning security as a value-add to the business rather than a necessary evil is a challenge for many organizations. Since the dawn of enterprise computing, information security has generally been seen as a purely technical function. Did the new two-factor authentication setting lock the sales team out of the system in the middle of a demo? Too bad. The “S” in “IS” is for security, not sales. Security teams often believe that their job is … More

The post What’s your security story? How to use security as a sales tool appeared first on Help Net Security.

What patches to prioritize following the April 2018 Patch Tuesday?

Patch Tuesday came and went and, as usual, Microsoft and Adobe have released patches/security updates for vulnerabilities affecting a wide variety of their products. Adobe’s patches This April 2018 Patch Tuesday Adobe addressed vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. Of these updates, the most important one is that for Adobe Flash Player. Not only is the product the most widely used of those … More

The post What patches to prioritize following the April 2018 Patch Tuesday? appeared first on Help Net Security.

The eternal struggle: Security versus users

There’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be protected from themselves. (As a side note, my mom always hated when we computer folk referred to their customers as … More

The post The eternal struggle: Security versus users appeared first on Help Net Security.

ShifLeft: Fully automated runtime security solution for cloud applications

When talking about data loss prevention, the first thing that comes to mind are solutions aimed at stopping users from moving sensitive documents/data out of a network. But there is a different type of data loss that app developers should be conscious and worry about: cloud applications inadvertently sending critical data to unencrypted/public databases/services. Fuelled by the adoption of microservices and short software development cycles, this is the fastest growing problem in application security today. … More

The post ShifLeft: Fully automated runtime security solution for cloud applications appeared first on Help Net Security.

Are there too many cybersecurity companies?

The most potent global threat in 2018 may not be armed conflict or civil unrest, but cybersecurity. While cybersecurity awareness has increased with high profile breaches in recent years, the core problem remains of how industries can protect themselves and their customers when so much of our interaction has gone digital. Here are some predictions for the challenges companies may face in 2018: There are too many security vendors, and many of them will go … More

The post Are there too many cybersecurity companies? appeared first on Help Net Security.

Using deception to gain enterprise IoT attack visibility

The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus implement strong encryption for communications. Also, having IoT devices connected to standard PC platforms is not advised given endpoints are often the foothold in most attacks. Case in point with … More

The post Using deception to gain enterprise IoT attack visibility appeared first on Help Net Security.

Do you have what it takes to withstand modern DDoS attacks?

As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service. In the end, GitHub ended up completely unavailable for five minutes and intermittently unavailable for four. But while the effect of the attack could have been worse, GitHub’s engineering team aims to do better next time they are hit. Robert Hamilton, Director of … More

The post Do you have what it takes to withstand modern DDoS attacks? appeared first on Help Net Security.

How Facebook’s data issue is a lesson for everyone

The headlines have been dominated by the recent news around Facebook, Cambridge Analytica and the misuse of customer data. The impact of these revelations has led to millions being wiped off Facebook’s share price and an ongoing investigation into the incident. With just two months left until the General Data Protection Regulation (GDPR) comes into effect, this scandal could not be timelier. The ongoing discussions around Facebook’s use of customer data are a clear reminder … More

The post How Facebook’s data issue is a lesson for everyone appeared first on Help Net Security.

Excessive alerts, outdated metrics, lead to over-taxed security operations centers

A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). SOCs are overwhelmed The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. As the threat landscape changes and enterprises move to adopt additional layers of defensive … More

The post Excessive alerts, outdated metrics, lead to over-taxed security operations centers appeared first on Help Net Security.