Help Net Security

Don't miss:

Surprisingly stealthy botnet has been targeting users for years

New infosec products of the week: July 21, 2017

Destruction of Service attacks could shut down organizations for good

Hot stuff

Siemplify

Creating the security operations center of the future with Siemplify

Security operations teams are engaged in a constant struggle to keep up with the volume of security alerts, maintain the right skills, and manage incident response processes. They want quality information, presented in a way that makes it easy to grasp and react to quickly. They want not to be bogged down in security alerts, and not to spend …

macOS High Sierra

The future of macOS security: Baked-in protection and third-party tools

Anyone in the information security industry who’s interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he’s also the creator of a number of security tools for macOS, which he makes available for free on his Objective-See project site. He has recently scaled back at …

fight

BEC scams: How to avoid them and how to fight back

Phishing and spear-phishing emails are a constant threat to all users, but enterprises are positively inundated with them. “Most businesses will use a spam filter and anti-virus solutions, but unfortunately these cannot prevent all forms of email identity deception or stop social engineering attacks. The spam filter will stop malicious …

Thyssen-Bornemisza Museum

How a museum protects some of the world’s finest pieces of art

After an internal audit revealed the limitations of Thyssen-Bornemisza Museum’s existing (analog) camera surveillance system, as well as a server that has been installed all of twenty years ago and a lack of a redundant data storage system, Miguel Angel Molina, the museum’s Security Manager, decided that the time has come for an …

macOS High Sierra

Spotlight

The future of macOS security: Baked-in protection and third-party tools

Google Chrome biohazard

Surprisingly stealthy botnet has been targeting users for years

ESET researchers have unearthed a botnet of some 500,000 infected machines engaged mostly in …

hansa market shutdown dark web

Dark web Hansa Market shut down after being run for a month by law enforcement

Just a few short weeks after dark web market Alpha Bay was shut down, Hansa Market is now also …

Hand

Hacker grabs $30 million in ether through Parity multisig wallet flaw

DEF CON 25

Decrypting DEF CON badge challenges

Expert corner

Decrypting DEF CON badge challenges

Marc Laliberte Information Security Threat Analyst at WatchGuard Technologies

Decrypting DEF CON badge challenges

Could e-discovery pros fill the insatiable demand for cybersecurity talent?

Jared Coseglia CEO at TRU Staffing Partners

Could e-discovery pros fill the insatiable demand for cybersecurity talent?

Don’t let cybercrime hold your innovation to ransom

Geoff Webb VP of Strategy at Micro Focus

Don’t let cybercrime hold your innovation to ransom

What will it take to improve the ICS patch process?

Nir Giller CTO/CISO at CyberX

What will it take to improve the ICS patch process?

Getting the most out of your SIEM investment

Kumar Saurabh CEO at LogicHub

Getting the most out of your SIEM investment

Five crucial ways to help keep a system safe from harm

Rush Taggart CSO at CardConnect

Five crucial ways to help keep a system safe from harm

What makes a good security analyst: The character traits you need

Anton Goncharov CTO at Gemini Data

What makes a good security analyst: The character traits you need

With ransomware, pay up if you want to keep paying

Carl Herberger VP of Security at Radware

With ransomware, pay up if you want to keep paying

Security startup confessions: Attending industry events

Kai Roer CEO of CLTRe

Security startup confessions: Attending industry events

DLP APIs: The next frontier for Data Loss Prevention

Roman Foeckl CEO at CoSoSys

DLP APIs: The next frontier for Data Loss Prevention

Where does the cyber security buck stop?

Corey Nachreiner CTO at WatchGuard Technologies

Where does the cyber security buck stop?

How to build a better SOC team

Reggie Best Chief Product Officer at Lumeta

How to build a better SOC team

What's New

firefighters

Companies unprepared to measure incident response

Companies struggle to keep up with and respond to cyberattacks due to lack of resources, according to Demisto. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 …

bridge

New infosec products of the week: July 21, 2017

Awake Security unveils advanced security analytics solution Awake’s advanced security analytics provide security teams the insights needed to understand the scope and impact of observed behavior and investigate only credible alerts and threats. …

User

Every organization is only one click away from a potential compromise

Information security staffs are so single-minded about defending their organizations from external attack that they all but ignore a threat with vastly greater potential for damage, according to the SANS Institute. Looking for an easier target …

Apple

Apple patches critical Broadpwn vulnerability in its various OSes

Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS. As per usual, the same fixed Webkit flaws abound in all of the updates, as it is the web browser engine used by …

eye

Assessing the habits and tactics of organized credit card fraud gangs

By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools’. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course …

Reviews

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Review: FourV Systems GreySpark

Review: FourV Systems GreySpark

Review: Boxcryptor

Review: Boxcryptor

Review: Protecting Patient Information

Review: Protecting Patient Information

Don't miss

Google Chrome biohazard

Surprisingly stealthy botnet has been targeting users for years

bridge

New infosec products of the week: July 21, 2017

earth

Destruction of Service attacks could shut down organizations for good

Siemplify

Creating the security operations center of the future with Siemplify

Hand

Hacker grabs $30 million in ether through Parity multisig wallet flaw

eye

Assessing the habits and tactics of organized credit card fraud gangs

security camera

Exploitable gSOAP flaw exposes thousands of IoT devices to attack

Segway miniPRO

Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter

Google security

Google introduces new protections to prevent app-based account compromise

toy

Think twice before buying a smart toy for your child

DEF CON 25

Decrypting DEF CON badge challenges

airport security

US Border Patrol isn’t allowed to search travelers’ data stored in the cloud

Malware news

Surprisingly stealthy botnet has been targeting users for years

ESET researchers have unearthed a botnet of some 500,000 infected machines engaged mostly in ad-related fraud by using malicious Chrome extensions, but also Facebook fraud and brute-forcing Joomla and WordPress websites. In addition to this, the …

Attackers are taking over NAS devices via SambaCry flaw

Android backdoor GhostCtrl can do many unusual things

751 domains hijacked to redirect visitors to exploit kit

Telegram-based Katyusha SQL injection scanner sold on hacker forums

Black Hat USA 2017

Qualys at Black Hat USA 2017: Best practices and case study presentations

There will be no lack of interesting content from Qualys at Black Hat next week. Depending on you interests, you might want to make time for some of these talks and presentations at booth #899. Wednesday, July 26 10:20 AM – Achieving …

Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter

NTT Security to give away Gap Assessment at Black Hat USA 2017

EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON

Kali Linux certification, first official Kali book on the horizon