Help Net Security - Information Security News

Don't miss:

Office 365 users targeted by phishers employing simple HTML tricks

New infosec products of the week: June 22, 2018

Why cybercriminals are turning to cryptojacking for easy money

Hot stuff

architecture

Threat modeling: What’s all the buzz about?

Keen observers will have noted an uptick in activity around threat modeling within the information security community recently with new tools being released and strategies and methodologies being discussed on social media; culminating in a week-long threat modeling track at the Open Security Summit (formally OWASP Summit). What is threat …

world

Inferring Internet security posture by country through port scanning

In this podcast, Tod Beardsley, Director of Research at Rapid7, talks about the recently released National Exposure Index, which aims to better understand the nature of Internet exposure – services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet – …

study

Working through the cybersecurity skills gap

It’s no secret that there’s a shortage of qualified personnel in the field of cybersecurity. It’s a problem that has long been noticed and one that is projected to get even worse—to the tune of 1.8 million by 2022, according to (ISC)². Despite this massive skills gap on the horizon, the number of breaches appears to be declining. Appearances, …

blockchain

Don’t start the blockchain revolution without making security a top priority

McAfee released a report detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies. Proof-of-work blockchain Demand for blockchain technology …

(IN)SECURE Magazine 58

Spotlight

(IN)SECURE Magazine issue 58 released

biohazard

Why cybercriminals are turning to cryptojacking for easy money

The cryptocurrency market has seen an incredible amount of attention and hype over the last …

world

Inferring Internet security posture by country through port scanning

In this podcast, Tod Beardsley, Director of Research at Rapid7, talks about the recently …

Google Play

Google lays groundwork for secure offline app distribution

Idea

Execs don’t believe their companies learn the right lessons in cybersecurity

Expert corner

Threat modeling: What’s all the buzz about?

Stuart Winter-Tear Secure Design Analyst, Continuum Security

Threat modeling: What’s all the buzz about?

Will blockchain power the next generation of data security?

Dave Sikora CEO, ALTR

Will blockchain power the next generation of data security?

What CISOs can learn from Tyrion on Game of Thrones

Eitan Bremler VP of Product, Safe-T

What CISOs can learn from Tyrion on Game of Thrones

Combating fraud and money laundering with graph analytics

Yu Xu CEO, TigerGraph

Combating fraud and money laundering with graph analytics

Social media: The zero-trust game

Raj Samani Chief Scientist, McAfee

Social media: The zero-trust game

Are SMBs driving the adoption of security automation by enterprises?

Corey Nachreiner CTO, WatchGuard Technologies

Are SMBs driving the adoption of security automation by enterprises?

Why good security foundations are better than the best security mitigation

Netanel Davidi co-CEO, VDOO

Why good security foundations are better than the best security mitigation

Wi-Fi honeypots: Alive and well at RSAC 2018

Ryan Orsi Director of Strategic Alliances at WatchGuard Technologies

Wi-Fi honeypots: Alive and well at RSAC 2018

How many threats hit the mainframe? No one really knows

Ray Overby President at Key Resources

How many threats hit the mainframe? No one really knows

GDPR: It’s an issue of transparency

Robert Rutherford CEO at QuoStar

GDPR: It’s an issue of transparency

What’s your security story? How to use security as a sales tool

Sabino Marquez CSO at Allocadia

What’s your security story? How to use security as a sales tool

Information security can enable business as soon as we change the conversation

Raj Samani Chief Scientist at McAfee

Information security can enable business as soon as we change the conversation

What's New

ExtraHop Reveal(x)

New infosec products of the week: June 22, 2018

ExtraHop Reveal(x) sheds light on the darkspace ExtraHop announced Reveal(x) Summer 2018. The latest release includes new capabilities designed to modernize enterprise security operations with critical asset behavior analysis that instantly …

Office 365

Office 365 users targeted by phishers employing simple HTML tricks

Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages. The phishing emails landing in targets’ …

bomb

Banking Trojans and cryptojacking on the rise

A new report analyzes threat data collected from approximately 750,000 Morphisec protected endpoints globally, between January 1 and March 31, 2018, as well as from in-depth investigations conducted by the Morphisec Labs threat research team. …

Red door

Unrestricted access to systems and files exposes organizations to cybercrime

UK organisations are leaving themselves vulnerable to cybercrime with over a third of 18-24-year-olds able to access any files on their company network, and only one in five having to request permission to access specific files. Less than half …

biohazard

Why cybercriminals are turning to cryptojacking for easy money

The cryptocurrency market has seen an incredible amount of attention and hype over the last year, culminating with Bitcoin values soaring by more than 1,300 percent in 2017. Although the price has since tumbled and attitudes to crypto in general …

Cisco

Cisco plugs critical flaws in many switches, security appliances

Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its switches, next generation firewalls and security appliances. Those …

Reviews

Review: EU GDPR Documentation Toolkit

Review: EU GDPR Documentation Toolkit

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Don't miss

Office 365

Office 365 users targeted by phishers employing simple HTML tricks

ExtraHop Reveal(x)

New infosec products of the week: June 22, 2018

biohazard

Why cybercriminals are turning to cryptojacking for easy money

bomb

Banking Trojans and cryptojacking on the rise

Cisco

Cisco plugs critical flaws in many switches, security appliances

architecture

Threat modeling: What’s all the buzz about?

gap

Could an Equifax-sized data breach happen again?

laptop

Endpoint security automation a top priority for IT pros

Google Play

Google lays groundwork for secure offline app distribution

Idea

Execs don’t believe their companies learn the right lessons in cybersecurity

world

Inferring Internet security posture by country through port scanning

insider threat

Employee negligence still poses major security concerns

Malware news

Google removes inline installation option for Chrome extensions

Google is shutting down an often used vector for delivering malicious Chrome extensions to users by removing the inline installation option. What will happen? The announcement was made by Extensions Platform Product Manager James Wagner, who …

Fooling security tools into believing malicious code was signed by Apple

Cryptomining malware digs into nearly 40% of organizations worldwide

Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines

VPNFilter malware targets new devices, can deliver exploits to endpoints

Whitepapers and insight

Analyst research: ROI of Pen Testing as a Service

Dr. Chenxi Wang, industry thought leader and analyst, examined the Return on Investment that organizations may realize by using Cobalt’s Pen Testing as a Service (PTaaS) platform. This study took a detailed look at the benefits and costs of …

Whitepaper: Future-proofing your password policy

Whitepaper: DNS Threat Intelligence vs. AI Network Security

Report: What two years of real pen testing findings will tell you

Download: CISSP Exam Study Guide