Help Net Security - Information Security News

Attack tools and techniques used by major ransomware families

Ransomware tries to slip unnoticed past security controls by abusing trusted and legitimate processes, and then harnesses internal systems to encrypt the maximum number of files and disable backup and recovery processes before an IT security team catches up, according to a new Sophos report. Main modes of distribution for the major ransomware …

Automated systems: Flag smarter, not everything

Imagine dealing with 1,000s of security alerts a day, whilst simultaneously juggling the tasks that are part of your day-to-day job. Challenging right? This is the current problem cybersecurity professionals are facing. Rather than making their jobs easier, automated systems are adding more work to the workload of the CISO and his or her team. …

Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net

As companies and consumers have become more aware of phishing, hackers have refined their techniques and are now launching a more advanced form of attack known as lateral phishing. This technique is highly convincing and, consequently, highly effective. Hackers are no longer phishing in the dark Millions of individuals have had their personal …

Your supplier’s BEC problem is your BEC problem

Business email compromise (BEC) scams are a burgeoning threat for organizations and, despite rising awareness, new victims are cropping up daily. BEC scammers don’t care what business the potential targets are in: all they care is that they have money that can be stolen – preferably lots of it – and that they have …

Attack tools and techniques used by major ransomware families
Automated systems: Flag smarter, not everything
Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net
Your supplier’s BEC problem is your BEC problem

Spotlight

When is the right time to red team?

GitHub Security Lab aims to make open source software more secure

GitHub, the world’s largest open source code repository and leading software development …

5,183 breaches from the first nine months of 2019 exposed 7.9 billion records

According to Risk Based Security’s Q3 2019 Data Breach QuickView Report, the total number …

Automated systems: Flag smarter, not everything

Product showcase: SpyCloud Active Directory Guardian

Expert Corner

Mehdi Daoudi CEO, Catchpoint

Speeding MTTR when a third-party cloud service is attacked

Vijay Kurkal COO, Resolve Systems

Want to overcome patching challenges once and for all? Automation is the key

Henry Harrison CTO, Garrison

How to remove human error from the cyber risk equation

Chris Hickman CSO, Keyfactor

Build or buy: What to consider when deploying on-premise or cloud-based PKI

Amyn Gilani VP of Product, 4iQ

Unmask cybercriminals through identity attribution

Tony Howlett CISO, SecureLink

Ransomware attacks against small towns require collective defense

What's New

Get our top stories in your inbox

Week in review: How to avoid lateral phishing, what’s the right time to red team?

November 17, 2019

Here’s an overview of some of last week’s most interesting news and articles: Your supplier’s BEC problem is your BEC problem BEC scammers don’t care what business …

To improve incident response, you need to consider 3rd party solutions

November 15, 2019

Organizations reported an average 32% reduction in threat responder workload when they deployed a managed SIEM solution, according to CenturyLink and IDG. Improve incident …

New infosec products of the week: November 15, 2019

November 15, 2019

Sysdig Secure 3.0 provides enterprises with threat prevention at runtime Sysdig Secure 3.0 includes an incident response and audit tool for Kubernetes, giving enterprises the …

IT professionals deem hybrid cloud as most secure

November 15, 2019

Enterprises plan to aggressively shift investment to hybrid cloud architectures, with respondents reporting steady and substantial hybrid deployment plans over the next five …

Evaluating cyber risk during the holiday season

November 15, 2019

Fears of data loss, identity theft and fraud are leaving American consumers on edge this holiday season, and they’re prepared to hold their financial institution responsible …

GitHub Security Lab aims to make open source software more secure

November 15, 2019

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by …

Attack tools and techniques used by major ransomware families

November 15, 2019

Ransomware tries to slip unnoticed past security controls by abusing trusted and legitimate processes, and then harnesses internal systems to encrypt the maximum number of …

Disruptive technology predictions: 2020 will see the creation of completely connected environments

November 15, 2019

Mainstream adoption of disruptive technologies in 2020 will finally see data, automation and IoT technologies come together to create connected cities and societies, NTT …

Network complexity and lack of visibility contribute to misconfigurations and increased risk

November 14, 2019

Enterprises are slow to abandon manual processes, despite being short staffed, as the lack of automation, coupled with increasing network complexity risk and lack of …

Industry news

Whitepapers and insight

Download: Internal compliance assessment templates

The Comprehensive Security Guide provides security executives with a single document that gathers standardized and easy to use templates of all main compliance frameworks: PCI-DSS, HIPAA, NIST Cyber Security Framework and GDPR. Prior …

Attack tools and techniques used by major ransomware families

Automated systems: Flag smarter, not everything

Lateral phishing makes for dangerous waters, here’s how you can avoid getting caught in the net

Your supplier’s BEC problem is your BEC problem

When is the right time to red team?

GitHub Security Lab aims to make open source software more secure

5,183 breaches from the first nine months of 2019 exposed 7.9 billion records

Automated systems: Flag smarter, not everything

Product showcase: SpyCloud Active Directory Guardian

Expert Corner

Speeding MTTR when a third-party cloud service is attacked

Want to overcome patching challenges once and for all? Automation is the key

How to remove human error from the cyber risk equation

Build or buy: What to consider when deploying on-premise or cloud-based PKI

Unmask cybercriminals through identity attribution

Ransomware attacks against small towns require collective defense

What's New

Week in review: How to avoid lateral phishing, what’s the right time to red team?

To improve incident response, you need to consider 3rd party solutions

New infosec products of the week: November 15, 2019

IT professionals deem hybrid cloud as most secure

Evaluating cyber risk during the holiday season

GitHub Security Lab aims to make open source software more secure

Attack tools and techniques used by major ransomware families

Disruptive technology predictions: 2020 will see the creation of completely connected environments

Network complexity and lack of visibility contribute to misconfigurations and increased risk

Industry news

Whitepapers and insight

Download: Internal compliance assessment templates

Reviews

Review: The Great Hack

Review: Cyberdanger

Review: Specops uReset

Review: Specops Password Policy

Review: The Absolute Platform with Persistence Technology