Help Net Security

Don't miss:

Google offers Advanced Protection for high-risk users of its services

Europol wants ISPs to aid law enforcement by dropping CGN technologies

Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update

Hot stuff

binary

The pervasive risk of vulnerable open source components

Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers. Among other industry trends such as vulnerability fix rates and percent of applications with vulnerabilities, the report exposes the pervasive risk …

chess

Using a robust platform for cyber threat analysis training

We have recognised threats coming more regularly from varied origins such as nation-states, hacktivist and cybercriminal actors. Coupled with many new public policies aimed at mitigating the negative effects of data breaches, cyber espionage and intellectual property theft, it’s clear a new ecosystem of cyber threat intelligence sharing is …

now

Why wait to be breached? Three reasons to secure your data now

“I’m working on it.” “We don’t have room in this year’s budget.” “Something else more important came up.” “Well, we’ve not been breached before…” “The risk of it happening is so small and it’s hard to quantify…” These are some of the most common excuses companies give for …

cybercrime

Inventive cyber gang steals millions from East European banks

Trustwave researchers have uncovered a series of ingenious bank heists that cost several Eastern European and Russian banks up to $10 millions each, and they believe financial institutions in European, North American, Asian and Australian regions could be targeted with the same within the next year. The attackers’ modus operandi The …

now

Spotlight

Why wait to be breached? Three reasons to secure your data now

keys

Vulnerability in code library allows attackers to work out private RSA keys

Researchers have discovered a security vulnerability in the Infineon-developed RSA library, …

Adobe Flash

Adobe releases emergency fix for Flash Player zero-day exploited in the wild

Adobe has released an out-of-band security update for Adobe Flash Player that patches a …

chess

Using a robust platform for cyber threat analysis training

wireless

WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic

Expert corner

Using a robust platform for cyber threat analysis training

Joep Gommers CEO at EclecticIQ

Using a robust platform for cyber threat analysis training

Protecting networks from DNS exfiltration

David Williamson CEO at EfficientIP

Protecting networks from DNS exfiltration

iPhone X gets facial authentication, is the enterprise next?

Ryan Zlockie Global VP of Authentication at Entrust Datacard

iPhone X gets facial authentication, is the enterprise next?

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Corey Nachreiner CTO at WatchGuard Technologies

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Navigating GDPR in the mobile enterprise

John Aisien CEO at Blue Cedar

Navigating GDPR in the mobile enterprise

The real cost of alarm fatigue

Tony Rowan Chief Security Consultant at SentinelOne

The real cost of alarm fatigue

What’s the use of a privacy policy?

Raj Samani Chief Scientist at McAfee

What’s the use of a privacy policy?

The security status quo falls short with born-in-the-cloud software

Manish Gupta CEO at ShiftLeft

The security status quo falls short with born-in-the-cloud software

SIEM challenges: Why your security team isn’t receiving valuable insights

Brad Taylor CEO at Proficio

SIEM challenges: Why your security team isn’t receiving valuable insights

We can’t rely on black swans: Three areas to improve cyber policy now

Dr. Andrea Little Limbago Chief Social Scientist at Endgame

We can’t rely on black swans: Three areas to improve cyber policy now

Where does corporate cloud security responsibility begin and service provider responsibility end?

William Hurley AVP Software Lifecycle Services at Astadia

Where does corporate cloud security responsibility begin and service provider responsibility end?

Has healthcare misdiagnosed the cybersecurity problem?

Kevin Magee Global Security Strategist at Gigamon

Has healthcare misdiagnosed the cybersecurity problem?

What's New

Google security

Google offers Advanced Protection for high-risk users of its services

High-risk Google users – journalists, human rights and civil society activists, but also campaign staffers and people in abusive relationships – can now take advantage of Google’s Advanced Protection Program to keep their …

people

Europol wants ISPs to aid law enforcement by dropping CGN technologies

Europol is urging ISPs to stop using Carrier Grade Network Address Translation technologies, because they make identifying and tracking criminals a lot harder. What is Carrier Grade Network Address Translation? CGN (or CGNAT) allows up to …

transformation

Digital skills gap: The biggest hindrance to addressing cybersecurity?

Although businesses recognize the importance of digital transformation, organizations worldwide are struggling to balance the elements needed to deliver on digital. Of 1,625 business leaders surveyed a new Fujitsu report, one in three has …

Oracle

Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update

Oracle has released its Critical Patch Update (CPU) for October 2017, addressing 252 vulnerabilities across the wide multitude of its products. Compared to the July 2017 CPU, this one addresses fewer security issues, but the number of yearly …

binary

The pervasive risk of vulnerable open source components

Veracode announced findings from the 2017 State of Software Security Report, a comprehensive review of application security testing data from scans conducted by a base of more than 1,400 customers. Among other industry trends such as …

tunnel

Are you employees snooping on the corporate network?

The overwhelming majority of employees are deliberately seeking out information they are not permitted to access, exposing a major snooping problem among today’s workforce. Have you ever looked for or accessed sensitive information about your …

Reviews

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Don't miss

Google security

Google offers Advanced Protection for high-risk users of its services

people

Europol wants ISPs to aid law enforcement by dropping CGN technologies

Oracle

Oracle fixes 252 vulnerabilities in October 2017 Critical Patch Update

binary

The pervasive risk of vulnerable open source components

Businessman juggling

Should non-security functions get more involved in cybersecurity?

keys

Vulnerability in code library allows attackers to work out private RSA keys

tunnel

Are you employees snooping on the corporate network?

Google Chrome

ESET helps Google protect Chrome users from unwanted software

Adobe Flash

Adobe releases emergency fix for Flash Player zero-day exploited in the wild

open source

Companies turn a blind eye to open source risk

wireless

WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic

Android

Android DoubleLocker ransomware encrypts data, changes device PIN

Malware news

ESET helps Google protect Chrome users from unwanted software

Google has redesigned Chrome Cleanup on Chrome for Windows, and has upgraded the technology it uses to detect and remove unwanted software. A basic antivirus for Chrome “We worked with IT security company ESET to combine their detection …

Android DoubleLocker ransomware encrypts data, changes device PIN

Compromised analytics provider made Equifax’s site point to malware

Equifax’s site hacked to redirect info-seeking visitors to adware

Dark web ransomware economy: Sellers pulling in six-figure salaries

Privacy news

As GDPR implementation date approaches, cyber risk gets more attention

The upcoming implementation of the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, has elevated cyber risk to the top of the corporate agenda for organizations doing business in Europe. In a new global …

Accenture inadvertently exposes highly sensitive corporate, client data online

Beyond GDPR: Data protection as a competitive advantage

The privacy implications of email tracking

DJI launches privacy mode for drone operators