With the Magecart attackers compromising web shops left and right, online shopping is becoming a risky proposition. After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg. Compromised shops Security researcher Willem de Groot flagged the ABS-CBN compromise a few days ago and he believes the attackers added the payment card skimming script on or before August 16th. RiskIQ and Volexity researchers shared details … More →
The post New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg appeared first on Help Net Security.
A well-thought out and managed social media presence is a must for most companies and their workforce, but too few of them think about the potential repercussions of an attack targeting it. Social media is increasingly seen as a battleground, providing the platform for complex influence campaigns mounted by nation-states (Iran, Russia), various hacker groups to get their message out and to advertise their services, and attackers looking to trick other users into parting with … More →
The post How do you protect digital channels from cyber threats? appeared first on Help Net Security.
It’s 6 p.m. on a Friday. Just as you finish packing up for the day, an email from your boss pops up on your phone asking why an urgent payment didn’t go out earlier in the week. He’s tied up in a business dinner, so he needs you to wire payment to a specific vendor immediately and send him a confirmation email here once you’ve done so. Eager to help (and get out of the … More →
The post Manipulation tactics that you fall for in phishing attacks appeared first on Help Net Security.
Despite heightened interest in enterprise deployment of artificial intelligence, only 40 percent of respondents to ISACA’s second annual Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning. This becomes especially striking given the potential for serious consequences from maliciously trained AI; survey respondents identify social engineering, manipulated media content and data poisoning as the types of malicious AI attacks that pose the greatest … More →
The post Better security needed to harness the positive potential of AI, mitigate risks of attacks appeared first on Help Net Security.
In this podcast, Hari Srinivasan, Director of Product Management for Qualys, talks about building security into DevOps versus bolting it on, specifically for containers. Here’s a transcript of the podcast for your convenience. Hello! My name is Hari Srinivasan, Director of Product Management for Qualys, cloud and virtualization security. Welcome to this Help Net Security podcast. Today we’re going to talk about building security into DevOps versus bolting it on, specifically for containers. Containers are … More →
The post Building security into DevOps versus bolting it on appeared first on Help Net Security.
Demand for IT security skills has never been higher. As cybercrime rises, the world faces a shortfall of 1.8 million cybersecurity professionals by 2022. Now’s the time to own your future. (ISC)² research shows 70% of employers plan to hire cybersecurity staff. But many organizations don’t really know what they need to secure the enterprise. To get ahead, you need to plan your strategy now. This Career eBook explains employer challenges and how you can … More →
The post eBook: 9 Tips to Supercharge Your IT Security Career appeared first on Help Net Security.
Secure Bank is a product catered to financial institutions that aims to prevent client-side fraud and attacks across sessions, platforms, devices, channels, and entities. It leverages Group-IB’s experience in threat intelligence, signature, behavioral, and cross-channel analytics to detect threats invisible to transactional anti-fraud-systems. Financial services had the highest annualized cost of cybercrime in 2017 at $18.28M. The average cost of cybersecurity incidents involving online banking services accounts is $1.75M. Banks will likely continue as a … More →
The post Group-IB introduces Secure Bank, a solution for anti-fraud protection appeared first on Help Net Security.
Jungle Disk announced version 3.30 of its encrypted cloud backup and storage software, which now includes Google Cloud Platform as the default storage choice. With the new version of the software, small businesses will be able to take advantage of multiple cloud platform choices, increased performance, and cross-platform HIPAA and PCI compliant collaboration with encryption to store and secure business data. The addition of Google Cloud Platform in the new software version improves data recovery … More →
The post Jungle Disk announces new software version including Google Cloud Platform support appeared first on Help Net Security.
Jetico has announced a new version of its disk encryption. BestCrypt Volume Encryption 4 now delivers a smoother interface and faster performance to encrypt hard drives. For over 20 years, Jetico serves customers with BestCrypt data encryption software, an alternative to native OS encryption. BestCrypt delivers compliance with regulations, such as HIPAA and GDPR, as well as privacy for personal data at home. Data on lost computers or stolen laptops is safe with BestCrypt. “Securing … More →
US Signal announced that it has partnered with Cloudflare to bring a distributed denial-of-service (DDoS) protection service to market. The new service delivers DDoS mitigation for network, transport and application layers and is backed by a SLA. It is powered by Cloudflare’s global Anycast network and is implemented by US Signal’s information security and provisioning team, with support and customization from its technical operations engineers. US Signal partnered with Cloudflare because of the scale, performance … More →
The post US Signal partners with Cloudflare to deliver DDoS protection service appeared first on Help Net Security.
ESET researchers have discovered malicious apps impersonating various financial services and the Austrian cryptocurrency exchange Bitpanda on Google Play. The fake apps Uploaded to Google’s official app store in June 2018 and collectively downloaded and installed over a thousand times, upon launch the apps would immediately request the user to enter credit card details and/or login credentials to the targeted bank or service. The entered information would then be sent to the attacker’s server, and … More →
The post Bogus finance apps on Google Play target users worldwide appeared first on Help Net Security.
In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about how the traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking … More →
The post Maliciuos hacking activity increasingly targeting critical infrastructure appeared first on Help Net Security.
For thousands of years, humans have worked to collect intelligence on their enemies. Intelligence gathering is not a new practice; in fact, it is one of the oldest war tactics dating back to biblical times, when warlords and army commanders used it to gain advantages over their rivals. However, the methods have changed as new technologies and new forms of “warfare” have been developed. In recent years, cyber-attacks have led to an entirely new host … More →
The post Why humans are necessary to the threat hunting process appeared first on Help Net Security.
As businesses struggle to combat increasingly sophisticated cybersecurity attacks, the severity of which is exacerbated by both the vanishing IT perimeters in today’s mobile and IoT era, and an acute shortage of skilled security professionals, IT security teams need a both a new approach and powerful new tools. Increasingly, they are looking to artificial intelligence (AI) as a key weapon to win the battle against stealthy threats inside their IT infrastructures. The Ponemon Institute study, … More →
The post Key weapon for closing IoT-era cybersecurity gaps? Artificial intelligence appeared first on Help Net Security.
Small businesses are leaving themselves exposed to significant financial risk from cybercrime by not having adequate measures in place to recover in the event of a cyber attack. That’s according to the findings of InsuranceBee’s Cyber Survey, which asked more than 1,000 SMBs how prepared they are to deal with cybercrime. Although the average cost for small and medium-sized businesses to recover from a cyber attack is estimated to be $120,000, 83% of SMBs do … More →
The post 83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack appeared first on Help Net Security.
A new study from Juniper Research has found that spending on Regtech platforms will exceed $115 billion by 2023, up from an estimated $18 billion in 2018. The research found increased regulatory pressures, as demonstrated by the recent GDPR implementation, are driving businesses towards Regtech to meet greater compliance challenges. According to the research, any heavily regulated business sector not prioritising Regtech adoption would risk damaging fines from failing to keep pace with regulatory changes. … More →
The post Regtech to account for 40% of global compliance spend by 2023 appeared first on Help Net Security.
ManageEngine announced its launch of Browser Security Plus, a browser management solution that helps organizations secure their corporate data in the cloud and protect their networks from web-based cyberattacks. Available immediately, Browser Security Plus provides organizations with a layer of management capabilities for browsers and their add-ons to maintain enterprise security. This allows enterprises to improve network health by preventing, detecting and fixing any browser vulnerabilities. As modern web, portable computing devices, and other technologies … More →
The post ManageEngine strengthens endpoint security with the launch of Browser Security Plus appeared first on Help Net Security.
Symantec announced the availability of a free service, powered by Symantec’s artificial intelligence technology, that political candidates and campaigns can use to test the security and authenticity of their websites. Attracting users to fake websites that contain differences from legitimate websites, is a technique that cyber criminals use to gather personal information, such as birth dates, email addresses, and voting preferences. That data can then be weaponized to influence behavior and attitudes, spread false information, … More →
The post Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites appeared first on Help Net Security.
NSFOCUS announced the launch of NSFOCUS Exposed Internet Surface Analysis (EISA), a new capability to address the cyber security risk faced by organizations today. EISA identifies malicious activity of rogue IPs, ports and services that might be compromised and hidden within the organization’s network providing insights to prioritize remediation and block further malicious activity from within the network. Organizations have embraced digital transformation to create new business models and ecosystems, deliver new products and services, … More →
The post NSFOCUS introduces new capability to identify cyber risk exposure appeared first on Help Net Security.
Accenture has expanded the capabilities of its automation platform, Accenture myWizard, to help companies to disrupt every aspect of the application lifecycle and drive business value. Accenture has bolstered the platform’s capabilities by integrating artificial intelligence (AI), automation, analytics and DevOps, through investments, technology enhancements and expanded ecosystem collaboration. With over 50 patents and patent applications, Accenture myWizard enables organizations to move beyond driving productivity and cost reduction in their technology applications and focus on … More →
The post Accenture expands data and AI capabilities of Accenture myWizard platform appeared first on Help Net Security.