Help Net Security

Don't miss:

Compromised analytics provider made Equifax’s site point to malware

Why wait to be breached? Three reasons to secure your data now

New infosec products of the week: October 13, 2017

Hot stuff

now

Why wait to be breached? Three reasons to secure your data now

“I’m working on it.” “We don’t have room in this year’s budget.” “Something else more important came up.” “Well, we’ve not been breached before…” “The risk of it happening is so small and it’s hard to quantify…” These are some of the most common excuses companies give for …

cybercrime

Inventive cyber gang steals millions from East European banks

Trustwave researchers have uncovered a series of ingenious bank heists that cost several Eastern European and Russian banks up to $10 millions each, and they believe financial institutions in European, North American, Asian and Australian regions could be targeted with the same within the next year. The attackers’ modus operandi The …

Windows

Bugs in Windows DNS client open millions of users to attack

In this month’s Patch Tuesday, Microsoft has included fixes for multiple critical memory corruption vulnerabilities in the Windows DNS client, which could be exploited by attackers to gain access to the target’s system. About the vulnerabilities The vulnerabilities, collectively identified as CVE-2017-11779, were discovered by …

Laptop

The privacy implications of email tracking

Emails are a widely used means for third parties to tie your email address to your activities across the web, Princeton University researchers have discovered. The extent of email tracking Email tracking was originally aimed at allowing senders to know whether the recipient has read the sent email. Unfortunately, many third parties also …

Windows

Spotlight

Bugs in Windows DNS client open millions of users to attack

cybercrime

Inventive cyber gang steals millions from East European banks

Trustwave researchers have uncovered a series of ingenious bank heists that cost several …

path

Compromised analytics provider made Equifax’s site point to malware

Yesterday’s revelation that Equifax’s credit report assistance Web page was spotted …

iOS 11

Apple’s intermittent password prompts prime iOS users for phishing

Accenture

Accenture inadvertently exposes highly sensitive corporate, client data online

Expert corner

Protecting networks from DNS exfiltration

David Williamson CEO at EfficientIP

Protecting networks from DNS exfiltration

iPhone X gets facial authentication, is the enterprise next?

Ryan Zlockie Global VP of Authentication at Entrust Datacard

iPhone X gets facial authentication, is the enterprise next?

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Corey Nachreiner CTO at WatchGuard Technologies

Hacking virtual and augmented reality: Short-term FUD, long-term danger

Navigating GDPR in the mobile enterprise

John Aisien CEO at Blue Cedar

Navigating GDPR in the mobile enterprise

The real cost of alarm fatigue

Tony Rowan Chief Security Consultant at SentinelOne

The real cost of alarm fatigue

What’s the use of a privacy policy?

Raj Samani Chief Scientist at McAfee

What’s the use of a privacy policy?

The security status quo falls short with born-in-the-cloud software

Manish Gupta CEO at ShiftLeft

The security status quo falls short with born-in-the-cloud software

SIEM challenges: Why your security team isn’t receiving valuable insights

Brad Taylor CEO at Proficio

SIEM challenges: Why your security team isn’t receiving valuable insights

We can’t rely on black swans: Three areas to improve cyber policy now

Dr. Andrea Little Limbago Chief Social Scientist at Endgame

We can’t rely on black swans: Three areas to improve cyber policy now

Where does corporate cloud security responsibility begin and service provider responsibility end?

William Hurley AVP Software Lifecycle Services at Astadia

Where does corporate cloud security responsibility begin and service provider responsibility end?

Has healthcare misdiagnosed the cybersecurity problem?

Kevin Magee Global Security Strategist at Gigamon

Has healthcare misdiagnosed the cybersecurity problem?

Shark or not? 3 real-life security scenarios and how to tell which will really bite

Nir Polak CEO at Exabeam

Shark or not? 3 real-life security scenarios and how to tell which will really bite

What's New

CloudAI

New infosec products of the week: October 13, 2017

CloudAI delivers advanced analytics that leverage artificial intelligence LogRhythm introduced CloudAI, an advanced cloud-based security analytics offering. Initially focused on extending and enhancing LogRhythm’s existing user and entity …

mobile worker

Enterprises increasingly leveraging endpoint data for security investigations

Code42 confirmed how critical it is for organizations to access and leverage endpoint data for additional uses above and beyond backup and recovery. Among 155 IT professionals and business decision-makers surveyed on the show floor at VMworld …

Degree

Four ways colleges can strengthen their cybersecurity programs

If breaches can’t be entirely blocked, what can IT professionals in higher education do to prevent these kinds of disaster scenarios? The GovEd team at Logicalis US says there are four important steps that will bolster college and …

path

Compromised analytics provider made Equifax’s site point to malware

Yesterday’s revelation that Equifax’s credit report assistance Web page was spotted redirecting visitors to malware resulted in the company temporarily disabling the page and starting an investigation. Once the investigation was …

DDoS

DDoS attacks: Brands have plenty to lose, even if attacked only once

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage on brands. Neustar discovered that brands experienced a 27 percent increase in the number of breaches per DDoS attack, despite …

skull

Dark web ransomware economy: Sellers pulling in six-figure salaries

There are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current product listings, according to new research by Carbon Black. The prices for do-it-yourself (DIY) ransomware ranges from $0.50 …

Reviews

Review: Cato Cloud

Review: Cato Cloud

Review: Securing the Internet of Things

Review: Securing the Internet of Things

Review: Pwnie Express Pulse

Review: Pwnie Express Pulse

Review: Acunetix 11

Review: Acunetix 11

Review: Advanced Persistent Security

Review: Advanced Persistent Security

Review: Data Breach Preparation and Response

Review: Data Breach Preparation and Response

Review: The Internet of Risky Things

Review: The Internet of Risky Things

Review: DNS Security

Review: DNS Security

Review: iStorage diskAshur Pro SSD

Review: iStorage diskAshur Pro SSD

Review: The Basics of Cyber Safety

Review: The Basics of Cyber Safety

Review: IS Decisions UserLock

Review: IS Decisions UserLock

Review: Threat Forecasting

Review: Threat Forecasting

Don't miss

path

Compromised analytics provider made Equifax’s site point to malware

now

Why wait to be breached? Three reasons to secure your data now

CloudAI

New infosec products of the week: October 13, 2017

facepalm

Equifax’s site hacked to redirect info-seeking visitors to adware

open

Unpatched SQLi vulnerability in SmartVista e-commerce suite

DDoS

DDoS attacks: Brands have plenty to lose, even if attacked only once

cybercrime

Inventive cyber gang steals millions from East European banks

patch

October Patch Tuesday: 61 bugs and one zero-day fixed

iOS 11

Apple’s intermittent password prompts prime iOS users for phishing

Australia

Hackers go after Australian ICT, managed services providers

Windows

Bugs in Windows DNS client open millions of users to attack

Accenture

Accenture inadvertently exposes highly sensitive corporate, client data online

Malware news

Compromised analytics provider made Equifax’s site point to malware

Yesterday’s revelation that Equifax’s credit report assistance Web page was spotted redirecting visitors to malware resulted in the company temporarily disabling the page and starting an investigation. Once the investigation was …

Equifax’s site hacked to redirect info-seeking visitors to adware

Dark web ransomware economy: Sellers pulling in six-figure salaries

Defense contractors, manufacturers targeted with malware-as-a-service infostealer

Hackers use organizations’ resources for stealthy cryptocurrency mining

Privacy news

Accenture inadvertently exposes highly sensitive corporate, client data online

Corporate consulting giant Accenture left bucketloads of sensitive corporate and client data exposed online for anyone to access. Luckily for them, it seems that UpGuard director of cyber risk research Chris Vickery was the only one who stumbled …

Beyond GDPR: Data protection as a competitive advantage

The privacy implications of email tracking

DJI launches privacy mode for drone operators

How US and UK companies address GDPR data protection requirements