Bug in Cobalt Strike pentesting tool used to identify malicious servers
An extraneous space in the HTTP responses of webservers run by a variety of malicious actors allowed Fox-IT researchers to identify them pretty easily for the past year and a …
New infosec products of the week: March 1, 2019
SecBI launches new solution to help MSSPs maximize their productivity and scalability SecBI announced an automated threat detection and response solution designed to help …
Enterprises are blind to over half of malware sent to their employees
As the use of SSL grows to the point where it’s the standard protocol, cybercriminals are increasingly using encryption to conceal and launch attacks. This has become possible …
Businesses need to rethink security priorities due to shifting trends
One shift in attacks that businesses should be aware of is the rapid growth of cryptocurrency mining, which increased 237 percent, according to the 2018 Security Roundup …
Half of business leaders say a breach could end their business, others remain unaware
A majority (58 percent) of executives at SMBs are more concerned about suffering a major data breach than a flood, a fire, a transit strike or even a physical break-in of …
40% of malicious URLs were found on good domains
While tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals, according to the 2019 Webroot Threat …
By 2025 workforce most likely to consist of humans and bots
The workforce, workplace, and the technologies that support them will be so different by 2025 that enterprises need to provide global access and ensure continuous uptime now. …
ENISA provides recommendations to improve the cybersecurity of EU electoral processes
In the context of the upcoming elections for the European Parliament, the EU Agency for Cybersecurity ENISA published an opinion paper on the cybersecurity of elections and …
Phishing, software supply chain attacks greatest threats for businesses
Attackers continue to use phishing as a preferred attack method, but have been forced to adapt their approach as anti-phishing tools and techniques are becoming more …
Cisco SOHO wireless VPN firewalls and routers open to attack
Cisco has released security fixes for several models of wireless VPN firewalls and routers, plugging a remote code execution flaw (CVE-2019-1663) that can be triggered via a …
Fighting credential stuffing attacks is an uphill battle
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, …
Cloud business initiatives accelerating faster than security teams’ ability to secure them
The speed of cloud business initiatives is hampering organizations’ ability to secure and manage hybrid environments, with security personnel often not included. The 2019 …
Featured news
Resources
Don't miss
- 40 open-source tools redefining how security teams secure the stack
- Password habits are changing, and the data shows how far we’ve come
- Product showcase: Tuta – secure, encrypted, private email
- Henkel CISO on the messy truth of monitoring factories built across decades
- The hidden dynamics shaping who produces influential cybersecurity research