Help Net Security

Don't miss:

Destruction of Service attacks could shut down organizations for good

Creating the security operations center of the future with Siemplify

Hacker grabs $30 million in ether through Parity multisig wallet flaw

Hot stuff

Siemplify

Creating the security operations center of the future with Siemplify

Security operations teams are engaged in a constant struggle to keep up with the volume of security alerts, maintain the right skills, and manage incident response processes. They want quality information, presented in a way that makes it easy to grasp and react to quickly. They want not to be bogged down in security alerts, and not to spend …

macOS High Sierra

The future of macOS security: Baked-in protection and third-party tools

Anyone in the information security industry who’s interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he’s also the creator of a number of security tools for macOS, which he makes available for free on his Objective-See project site. He has recently scaled back at …

fight

BEC scams: How to avoid them and how to fight back

Phishing and spear-phishing emails are a constant threat to all users, but enterprises are positively inundated with them. “Most businesses will use a spam filter and anti-virus solutions, but unfortunately these cannot prevent all forms of email identity deception or stop social engineering attacks. The spam filter will stop malicious …

Thyssen-Bornemisza Museum

How a museum protects some of the world’s finest pieces of art

After an internal audit revealed the limitations of Thyssen-Bornemisza Museum’s existing (analog) camera surveillance system, as well as a server that has been installed all of twenty years ago and a lack of a redundant data storage system, Miguel Angel Molina, the museum’s Security Manager, decided that the time has come for an …

macOS High Sierra

Spotlight

The future of macOS security: Baked-in protection and third-party tools

hansa market shutdown dark web

Dark web Hansa Market shut down after being run for a month by law enforcement

Just a few short weeks after dark web market Alpha Bay was shut down, Hansa Market is now also …

security camera

Exploitable gSOAP flaw exposes thousands of IoT devices to attack

Researchers have unearthed a serious vulnerability in gSOAP, an open source, third-party code …

DEF CON 25

Decrypting DEF CON badge challenges

run

Launch your own cybersecurity sprint: 30 days to improved security

Expert corner

Decrypting DEF CON badge challenges

Marc Laliberte Information Security Threat Analyst at WatchGuard Technologies

Decrypting DEF CON badge challenges

Could e-discovery pros fill the insatiable demand for cybersecurity talent?

Jared Coseglia CEO at TRU Staffing Partners

Could e-discovery pros fill the insatiable demand for cybersecurity talent?

Don’t let cybercrime hold your innovation to ransom

Geoff Webb VP of Strategy at Micro Focus

Don’t let cybercrime hold your innovation to ransom

What will it take to improve the ICS patch process?

Nir Giller CTO/CISO at CyberX

What will it take to improve the ICS patch process?

Getting the most out of your SIEM investment

Kumar Saurabh CEO at LogicHub

Getting the most out of your SIEM investment

Five crucial ways to help keep a system safe from harm

Rush Taggart CSO at CardConnect

Five crucial ways to help keep a system safe from harm

What makes a good security analyst: The character traits you need

Anton Goncharov CTO at Gemini Data

What makes a good security analyst: The character traits you need

With ransomware, pay up if you want to keep paying

Carl Herberger VP of Security at Radware

With ransomware, pay up if you want to keep paying

Security startup confessions: Attending industry events

Kai Roer CEO of CLTRe

Security startup confessions: Attending industry events

DLP APIs: The next frontier for Data Loss Prevention

Roman Foeckl CEO at CoSoSys

DLP APIs: The next frontier for Data Loss Prevention

Where does the cyber security buck stop?

Corey Nachreiner CTO at WatchGuard Technologies

Where does the cyber security buck stop?

How to build a better SOC team

Reggie Best Chief Product Officer at Lumeta

How to build a better SOC team

What's New

User

Every organization is only one click away from a potential compromise

Information security staffs are so single-minded about defending their organizations from external attack that they all but ignore a threat with vastly greater potential for damage, according to the SANS Institute. Looking for an easier target …

Apple

Apple patches critical Broadpwn vulnerability in its various OSes

Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS. As per usual, the same fixed Webkit flaws abound in all of the updates, as it is the web browser engine used by …

Hand

Hacker grabs $30 million in ether through Parity multisig wallet flaw

Another day, another cryptocurrency heist: this time, the attacker has stolen some $30 million in ether (ETH – value token of the Ethereum blockchain) from a number of vulnerable multisig Parity Wallets. The attack and the current …

eye

Assessing the habits and tactics of organized credit card fraud gangs

By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools’. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course …

hansa market shutdown dark web

Dark web Hansa Market shut down after being run for a month by law enforcement

Just a few short weeks after dark web market Alpha Bay was shut down, Hansa Market is now also shuttered. After Alpha Bay’s shutdown, many users flocked to Hansa Market, which was touted as the most secure on the dark web. As users are …

Reviews

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Review: FourV Systems GreySpark

Review: FourV Systems GreySpark

Review: Boxcryptor

Review: Boxcryptor

Review: Protecting Patient Information

Review: Protecting Patient Information

Don't miss

earth

Destruction of Service attacks could shut down organizations for good

Siemplify

Creating the security operations center of the future with Siemplify

Hand

Hacker grabs $30 million in ether through Parity multisig wallet flaw

eye

Assessing the habits and tactics of organized credit card fraud gangs

security camera

Exploitable gSOAP flaw exposes thousands of IoT devices to attack

Segway miniPRO

Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter

Google security

Google introduces new protections to prevent app-based account compromise

toy

Think twice before buying a smart toy for your child

DEF CON 25

Decrypting DEF CON badge challenges

airport security

US Border Patrol isn’t allowed to search travelers’ data stored in the cloud

macOS High Sierra

The future of macOS security: Baked-in protection and third-party tools

run

Launch your own cybersecurity sprint: 30 days to improved security

Malware news

Attackers are taking over NAS devices via SambaCry flaw

A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro researchers warn. Samba is an open source implementation of the SMB/CIFS …

Android backdoor GhostCtrl can do many unusual things

751 domains hijacked to redirect visitors to exploit kit

Telegram-based Katyusha SQL injection scanner sold on hacker forums

Swiss users targeted with Windows, macOS banking Trojan

Infosecurity Europe 2017

How High-Tech Bridge uses machine learning

In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about the difference between artificial intelligence and machine learning, and illustrates how his company uses machine learning to reduce human time without impacting testing …

Crowdsourced security testing and bug bounties

InfoArmor: Operatively-sourced threat intelligence

Regional regulatory compliance trends: Strategies and implications

High-Tech Bridge ImmuniWeb named Best Emerging Technology