Category Archives: News

Security is slowly becoming essential to doing business

A veteran of the information security industry, Greg Jensen has spent the last six years at Oracle as the Senior Director of Oracle’s Cloud Security solutions. He’s also the Senior Editor of the Oracle and KPMG Cloud Threat Report, as well as Oracle’s annual CISO Report. “The focus of these efforts is to understand the key challenges that hundreds of global organizations are struggling with as they lift and shift workloads to the cloud, and … More

The post Security is slowly becoming essential to doing business appeared first on Help Net Security.

DNSSEC fueling new wave of DNS amplification attacks

DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard. Researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of the attacks last quarter according to the team’s evaluation of thousands of worldwide DDoS attacks. DNSSEC was designed to protect applications from using forged or … More

The post DNSSEC fueling new wave of DNS amplification attacks appeared first on Help Net Security.

Confidential data of 24.3 million patients discovered online

Greenbone Networks has released details of new research in to the security of the servers used by health providers across the world to store images of X-rays as well as CT, MRI and other medical scans. Of the 2,300 medical image archive systems worldwide that Greenbone analyzed between mid-July and early September 2019, 590 of them were freely accessible on the internet, together containing 24.3 million data records from patients located in 52 different countries. … More

The post Confidential data of 24.3 million patients discovered online appeared first on Help Net Security.

Businesses facing post breach financial fallout by losing customer trust

44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal. The findings suggest that a combination of recent high-profile data breaches in each region, the development of assorted laws and regulations to protect consumer data privacy (e.g. the California Consumer Privacy Act, Europe’s General Data Protection Regulations, Canada’s Personal Information Protection and Electronic Documents Act, … More

The post Businesses facing post breach financial fallout by losing customer trust appeared first on Help Net Security.

What are the most connected countries around the world?

How connected a country is does not only mean how freely information can be reached or how many people have access to the internet or social media – it goes much further than that, influencing our lifestyle, how we do business and even the power and reputation of our respective countries. Carphone Warehouse has created The Connectivity Index listing the top 34 most connected countries in the world. The index takes into consideration data such … More

The post What are the most connected countries around the world? appeared first on Help Net Security.

Download: RFP templates for EDR/EPP and APT protection

Security decision makers need to address APT risks, but struggle with mapping APT attack vectors to a clear-cut set of security product capabilities, which impairs their ability to choose the products that would best protect them. Cynet is addressing this need with the definitive RFP templates for EDR/EPP and APT protection, an expert-made security requirement list, that enables stakeholders to accelerate and optimize the evaluation process of the products they evaluate. The RFP contains five … More

The post Download: RFP templates for EDR/EPP and APT protection appeared first on Help Net Security.

Five ways to manage authorization in the cloud

The public cloud is being rapidly incorporated by organizations, allowing them to store larger amounts of data and applications with higher uptime and reduced costs, while at the same time, introducing new security challenges. One of the more prominent challenges is identity management and authorization. Since the beginning of cloud computing, authorization techniques in the cloud have evolved into newer models, which acknowledge the many different services that now come together to form a company’s … More

The post Five ways to manage authorization in the cloud appeared first on Help Net Security.

Targeted threat intelligence and what your organization might be missing

In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilate, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Where many other solutions rely on machine learning (ML) to access … More

The post Targeted threat intelligence and what your organization might be missing appeared first on Help Net Security.

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices. “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” says lead ISE researcher Rick Ramgattie. “These issues … More

The post Researchers uncover 125 vulnerabilities across 13 routers and NAS devices appeared first on Help Net Security.

BotSlayer tool can detect coordinated disinformation campaigns in real time

A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about … More

The post BotSlayer tool can detect coordinated disinformation campaigns in real time appeared first on Help Net Security.

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites … More

The post Phishing attacks up, especially against SaaS and webmail services appeared first on Help Net Security.

Only 15% of organizations can recover from a severe data loss within an hour

There’s a global concern about the business impact and risk from rampant and unrestricted data growth, StorageCraft research reveals. It also shows that the IT infrastructures of many organizations are struggling, often failing, to deliver business continuity in the event of severe data outages. A total of 709 qualified individuals completed the research study. All participants had budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 100-2,500 … More

The post Only 15% of organizations can recover from a severe data loss within an hour appeared first on Help Net Security.

Mini eBook: CCSP Practice Tests

The Certified Cloud Security Professional (CCSP) shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures. Download the Mini eBook for a sneak peek into the Official (ISC)² CCSP Practice Tests book. Inside you’ll find: 50 CCSP practice test items and answers to gauge your knowledge. Discount code to save on the full version which includes 1,000 items.

The post Mini eBook: CCSP Practice Tests appeared first on Help Net Security.

CISO do’s and don’ts: Lessons learned

Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Consequently, the importance of a good CISO should not be underestimated. Mistakes to avoid, practices to implement Francesco Cipollone, CISO and director at UK-based cybersecurity consultancy NSC42, says that he has seen … More

The post CISO do’s and don’ts: Lessons learned appeared first on Help Net Security.

Threat visibility is imperative, but it’s even more essential to act

Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More

The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.

Four in five businesses need ways to better secure data without slowing innovation

While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42. ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to … More

The post Four in five businesses need ways to better secure data without slowing innovation appeared first on Help Net Security.

Exploitation of IoT devices and Windows SMB attacks continue to escalate

Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More

The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.

Only one quarter of retail banks have adopted an integrated approach to financial crime systems

Most banks plan to integrate their fraud and financial crime compliance systems and activities in response to new criminal threats and punishing fines, with the U.K. leading the pack, according to a survey by Ovum, on behalf of FICO. Responses show that U.S. systems are less integrated than Canada’s – only 25 percent of U.S. banks have a common reporting line for both fraud and compliance, versus 60 percent for Canada. The survey also found … More

The post Only one quarter of retail banks have adopted an integrated approach to financial crime systems appeared first on Help Net Security.

Cyber Battle of the Emirates: Training the next generation of cyber security pros

Held annually in Asia, Europe and the Middle East, Hack In The Box conferences bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students. The next HITB event is HITB+ CyberWeek, which takes place October 12th – 17th at Emirates Palace, Abu Dhabi. As usual, it will offer security trainings, talks, and live challenges. Cyber Battle of the Emirates Among the live … More

The post Cyber Battle of the Emirates: Training the next generation of cyber security pros appeared first on Help Net Security.

Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware

Here’s an overview of some of last week’s most interesting news, interviews and articles: More than a year after GDPR implementation, half of UK businesses are not fully compliant 52% of UK businesses are not fully compliant with the regulation, more than a year after its implementation, according to a survey of UK GDPR decision-makers conducted on behalf of Egress. Simjacker vulnerability actively exploited to track, spy on mobile phone owners Following extensive research, AdaptiveMobile … More

The post Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware appeared first on Help Net Security.

Sandboxie becomes freeware, soon-to-be open source

Sophos plans to open source Sandboxie, a relatively popular Windows utility that allows users to run applications in a sandbox. Until that happens, they’ve made the utility free. About Sandboxie Sandboxie creates a virtual container in which untrusted programs can be run or installed so that they can’t maliciously modify the underlying OS or data on the host machine. If can make the use of apps such as browsers, email programs, IM clients, Office suites, … More

The post Sandboxie becomes freeware, soon-to-be open source appeared first on Help Net Security.

New infosec products of the week: September 13, 2019

Awake Security enhances its platform with the ability to identify attackers based on their intent Awake Security introduced Adversarial Modeling, an industry-first capability that gives security teams an unparalleled ability to identify attackers based on their intent. By understanding mal-intent, versus looking for only specific indicators of an attack, Awake greatly improves the ability for organizations to see and stop attackers, especially those that are living-off-the-land. RocketBroadband’s SD-WAN solution allows businesses to keep critical apps … More

The post New infosec products of the week: September 13, 2019 appeared first on Help Net Security.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.

Security leaders lack confidence in the supply chain, fear third-party attacks

An overwhelming number of cybersecurity professionals (89%) have expressed concerns about the third-party managed service providers (MSPs) they partner with being hacked, according to new research from the Neustar International Security Council. Survey participants in July 2019 comprise 314 professionals from across six EMEA and US markets. While most organizations reported working with an average of two to three MSPs, less than a quarter (24%) admitted to feeling very confident in the safety barriers they … More

The post Security leaders lack confidence in the supply chain, fear third-party attacks appeared first on Help Net Security.

Interacting with governments in the digital age: What do citizens think?

Most U.S. citizens acknowledge and accept that state and local government agencies share their personal data, even when it comes to personal information such as criminal records and income data, according to a new survey conducted by YouGov and sponsored by Unisys. However, the survey found they remain concerned about the security of the data. The survey of nearly 2,000 (1,986) U.S. citizens living in eight states found that more than three-quarters (77%) accept that … More

The post Interacting with governments in the digital age: What do citizens think? appeared first on Help Net Security.

Cyber risk assessment of U.S. election commissions finds critical areas for improvement

Many election commissions are focused on quickly adapting and updating their cybersecurity; however, commissions still need to dedicate resources to updating outdated operating systems and protecting their email domains from being spoofed, according to NormShield. The report, which examined more than 100 items, focused on the broader picture — the internet facing infrastructure that supports state election processes. NormShield conducted two risk assessments (July and August) of 56 election commissions and Secretaries of State (SoS) … More

The post Cyber risk assessment of U.S. election commissions finds critical areas for improvement appeared first on Help Net Security.