Week in review: Social media-enabled cybercrime, fighting credential stuffing, digital signature spoofing
Here’s an overview of some of last week’s most interesting news and articles: How WebAuthn aims to solve the password problem Rather than tasking users with …
Bug in Cobalt Strike pentesting tool used to identify malicious servers
An extraneous space in the HTTP responses of webservers run by a variety of malicious actors allowed Fox-IT researchers to identify them pretty easily for the past year and a …
New infosec products of the week: March 1, 2019
SecBI launches new solution to help MSSPs maximize their productivity and scalability SecBI announced an automated threat detection and response solution designed to help …
Enterprises are blind to over half of malware sent to their employees
As the use of SSL grows to the point where it’s the standard protocol, cybercriminals are increasingly using encryption to conceal and launch attacks. This has become possible …
Businesses need to rethink security priorities due to shifting trends
One shift in attacks that businesses should be aware of is the rapid growth of cryptocurrency mining, which increased 237 percent, according to the 2018 Security Roundup …
Half of business leaders say a breach could end their business, others remain unaware
A majority (58 percent) of executives at SMBs are more concerned about suffering a major data breach than a flood, a fire, a transit strike or even a physical break-in of …
40% of malicious URLs were found on good domains
While tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals, according to the 2019 Webroot Threat …
By 2025 workforce most likely to consist of humans and bots
The workforce, workplace, and the technologies that support them will be so different by 2025 that enterprises need to provide global access and ensure continuous uptime now. …
ENISA provides recommendations to improve the cybersecurity of EU electoral processes
In the context of the upcoming elections for the European Parliament, the EU Agency for Cybersecurity ENISA published an opinion paper on the cybersecurity of elections and …
Phishing, software supply chain attacks greatest threats for businesses
Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more …
Cisco SOHO wireless VPN firewalls and routers open to attack
Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a …
Fighting credential stuffing attacks is an uphill battle
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, …
Featured news
Resources
Don't miss
- Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
- Self-sovereign identity could transform fraud prevention, but…
- Ghidra 11.3 released: New features, performance improvements, bug fixes
- Ransomware payments plummet as more victims refuse to pay
- The overlooked risks of poor data hygiene in AI-driven organizations