(IN)SECURE Magazine Notifications RSS

Since last December, over 136,000 new COVID-19-themed domains have popped up and, while many host legitimate websites, others have been set up to serve malware, phishing pages, or to scam visitors. SpyCloud researchers have also discovered that existing community threat intelligence feeds such as Google Safe Browsing, OpenPhish or ThreatsHub flag only a small percent of the domains as malicious. “One potential reason is that the feeds we used have a focus on threat intelligence … More →

The post Spotting and blacklisting malicious COVID-19-themed sites appeared first on Help Net Security.

Being a bug hunter who discloses their discoveries to vendors (as opposed to selling the information to the highest bidder) has been and is an ambition of many ethical hackers. Before vendors started paying for the info, the best they could hope for was a lucrative job offer, though an entry in the company’s Hall of Fame was a good enough incentive for most. These days many vendors and service providers have an official vulnerability … More →

The post Full-time bug hunting: Pros and cons of an emerging career appeared first on Help Net Security.

Threats to web security are explained in this first of a three-part article series, and client-side security is shown to address a commonly missed class of cyber attack exemplified by Magecart. Traditional solutions to web security are outlined, including a new approach to web security based on client-side standards such as content security policy and subresource integrity. These emerging approaches are explained in the context of a representative client-side security platform. Introduction Perhaps the most … More →

The post A client-side perspective on web security appeared first on Help Net Security.

Your website is the primary way your customers interact with your enterprise. You envision and create a website to: Enhance customer engagement and conversion of visitors to customers. Optimize revenue per customer. Create repeat customers. Retain customers, i.e., avoid customer attrition and abandonment. Adding security to the overall business strategy should initiate the following questions to ensure you are making informed decisions for the safety of your brand and your customers. 1. What scripts are … More →

The post 5 questions about website and brand security every business owner should ask appeared first on Help Net Security.

In this podcast, Prateek Bhajanka, VP of Product Management, Vulnerability Management, Detection and Response at Qualys, discusses how you can significantly accelerate an organization’s ability to respond to threats. Qualys VMDR enables organizations to automatically discover every asset in their environment, including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets. VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis … More →

The post Qualys VMDR: Discover, prioritize, and patch critical vulnerabilities in real time appeared first on Help Net Security.

The recent mass transition to working remotely coupled with cyberattacks introduces a heavy burden on the CISO. The CISO Checklist for Secure Remote Working provides a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times. The checklist is built of five pillars: Security Technology: A recommended list of product categories that should be installed and configured. Security Team: Every team, regardless of size and dedication … More →

The post Download: CISO Checklist for Secure Remote Working appeared first on Help Net Security.

Mozilla has released critical security updates for Firefox and Firefox ESR on Friday, patching two vulnerabilities that are being actively exploited by attackers.

The post Two critical Firefox vulnerabilities exploited by attackers, patch now! appeared first on Help Net Security.

Ashvin Kamaraju is a true industry leader. As CTO and VP of Engineering, he drives the technology strategy for Thales Cloud Protection & Licensing, leading a researchers and technologists that develop the strategic vision for data protection products and services. In this interview, he discusses automation, artificial intelligence, machine learning and the challenges related to detecting evolving threats. Given the complexities of modern security architectures, what are the most significant challenges related to tracking risk … More →

The post Threat detection and the evolution of AI-powered security solutions appeared first on Help Net Security.

For twelve years, the standard internet encryption has been Transport Layer Security (TLS) 1.2. Following its roots takes you back to the first version of the Secure Sockets Layer (SSL) protocol, which was developed in 1995 by Netscape but never released due to it being riddled with security vulnerabilities. SSL 2.0 and 3.0 quickly followed and were released but also had their issues. The first iteration of TLS – 1.0 – was based upon SSL … More →

The post TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys appeared first on Help Net Security.

Cybercrime is evolving since criminals have been quick to seize opportunities to exploit the pandemic by adapting their tactics and engaging in new criminal activities. Cybercriminals seeking to exploit emerging opportunities Cybercriminals have been among the most adept at exploiting the pandemic. The threat from cybercrime activities during the crisis is dynamic and has the potential to increase further. With a record number of potential victims staying at home and using online services across the … More →

The post Cybercrime and disinformation during the pandemic appeared first on Help Net Security.

Total end-user spending on IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, recovered in the fourth quarter of 2019 (4Q19) after two consecutive quarters of decline, according to IDC. The 12.4% year-over-year growth in 4Q19 yielded $19.4 billion in spending. The fourth quarter results also brought the full year into positive territory with annual growth of 2.1% and total spending of $66.8 billion for 2019. Meanwhile, … More →

The post Total end-user spending on IT infrastructure products recovers appeared first on Help Net Security.

Ivanti, the company that unifies IT to better manage and secure the digital workplace, announced the expansion of its growing portfolio of enterprise service management (ESM) solutions with the launch of Ivanti Assistants which enable endpoint self-healing capabilities. Designed to automate detection and remediation of a range of IT issues impacting users, the new suite of automation bots helps ease the burden on service management and helpdesk teams while also enabling those teams to proactively … More →

The post Ivanti Assistants: Enabling endpoint self-healing capabilities appeared first on Help Net Security.

Lightstep, the leading provider of observability software for organizations adopting microservices and serverless, announced the release of its best-in-class observability solution to help developers better understand the health of systems and services. This includes integrating new metrics capabilities into their platform, enabling developers to have a one-stop shop for all their observability needs. New analysis features provide developers with the fastest and most effective way to investigate errors, understand service health issues, and predict the … More →

The post Lightstep’s observability solution helps developers better understand the health of systems and services appeared first on Help Net Security.

SiFive, the leading provider of commercial RISC-V processor IP and silicon solutions, announced that Shubham “Sam” Maheshwari has joined the company as Chief Financial Officer (CFO). Maheshwari will lead SiFive financial operations to enable sustainable company growth in support of industry needs and new market opportunities. “SiFive’s idea to silicon methodology and silicon prowess is aligned with the needs of domain-specific accelerators in key growth markets, which is why I’m very excited to join the … More →

The post Shubham “Sam” Maheshwari joins SiFive as Chief Financial Officer appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Marriott International 2020 data breach: 5.2 million customers affected Marriott International has suffered a new data breach in mid-January 2020, which affected approximately 5.2 million guests. Should you hire a specialized cybersecurity recruiter? Finding skilled cybersecurity professionals to fill organizations’ increasing needs is becoming more difficult by the day due to the wide (and widening) cybersecurity workforce skills gap. So, how … More →

The post Week in review: Zoom security, Marriott breach, MS SQL servers under attack appeared first on Help Net Security.

Since the advent of Covid-19, remote conferencing tools have been a lifesaver for all those stuck at home, forced to work and socialize online. Zoom, in particular, has witnessed a massive influx of new users, which lead to increased scrutiny from information security researchers. In the last few weeks, many of Zoom’s privacy and security issues have been pinpointed and publicized, including: A non-transparent and sketchy privacy policy The attendee attention tracker feature The incorrect … More →

The post Zoom pledges to find, fix security and privacy issues appeared first on Help Net Security.

There has been global uproar regarding facial recognition technology and whether and when it’s ethically sound to use it. Its use without citizens’ consent could have potential safety benefits but is undoubtedly a violation of privacy. Unfortunately, the recent news about facial recognition comes at a confusing time. Facial recognition is also being used in airports, banks and healthcare establishments to accurately determine whether a person is who they say they are. Because of this, … More →

The post How to balance privacy concerns around facial recognition technology appeared first on Help Net Security.

As COVID-19 continues to spread, remote work is no longer an experiment, but a requirement in many nations. While it represents a huge change, the results of a research conducted by OnePoll and Citrix, reveal that a majority of employees around the world are adapting to working from home and believe it will become the new normal for the way work gets done. “Remote work is not business as usual. It represents a totally new … More →

The post Is remote work the new normal? appeared first on Help Net Security.

42% of companies experienced a data loss event that resulted in downtime last year, according to Acronis. That high number is likely caused by the fact that while nearly 90% are backing up the IT components they’re responsible for protecting, only 41% back up daily – leaving many businesses with gaps in the valuable data available for recovery. The figures revealed illustrate the new reality that traditional strategies and solutions to data protection are no … More →

The post While nearly 90% of companies are backing up data, only 41% do it daily appeared first on Help Net Security.

Security and network services are the top challenges for enterprises deploying or considering UCaaS and CCaaS technologies, and decision makers prefer bundled solutions that add security features, a software-defined network, and 24/7 performance monitoring, according to Masergy. The study analyzed responses from IT decision makers at global enterprises that are evaluating, planning to implement or have implemented UCaaS or CCaaS. Findings revealed that data security and network performance are the top two areas that IT … More →

The post Most find data security challenging with respect to UCaaS/CCaaS deployments appeared first on Help Net Security.