Latest

►

Cybercrime

Scans Reveal 13 Million Internet-Exposed Databases

Mathew J. Schwartz  •  July 2, 2018

Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's Tod Beardsley. Rapid7's scans of the internet have also revealed a worrying number of internet-exposed databases, memcached servers and poorly secured VoIP devices.

Application Security

Mobile/Web App Security: How Do You Know it's Working?

August 14, 2018

Nick Holland and Chris Mizell of Arxan Technologies reflect on key findings from their recent Executive Roundtable on mobile security

Cybercrime

Boston Children's Hospital DDoS Attacker Convicted

Marianne Kolbasuk McGee  •  August 3, 2018

A federal jury has convicted a hacktivist who launched DDoS attacks in 2014 on Boston Children's Hospital and another local facility to protest a controversial child custody case.

Cybersecurity

Threat Hunting: How to Evolve Your Incident Response

Information Security Media Group  •  July 25, 2018

Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on threat hunting,

Anti-Malware

Cryptojacking Displaces Ransomware as Top Malware Threat

Mathew J. Schwartz  •  July 5, 2018

If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking. But while ransomware campaigns may be down, they're far from out.

►

Cybercrime as-a-service

Life After Webstresser Disruption: No DDoS Holiday

Mathew J. Schwartz  •  July 5, 2018

Police recently arrested the suspected administrators and top users of the stresser/booter service Webstresser.org. Unfortunately, the plethora of such services means the world is unlikely to see a reduction in DDoS attack volumes, says Darren Anstee of Arbor Networks.

►

Breach Preparedness

Austerity Bites Critical National Infrastructure Security

Mathew J. Schwartz  •  July 3, 2018

Much more must be done to shore up the U.K.'s national infrastructure. "It's partly austerity, and it's partly what's happening in the global economy, but we've really seen an underinvestment, specifically in the critical national infrastructure," says LogRhythm's Ross Brewer.

Breach Preparedness

8 Highlights: Scottish 'Big Data' Cybersecurity Conference

Mathew J. Schwartz  •  June 29, 2018

What are hot cybersecurity topics in Scotland? The "International Conference on Big Data in Cyber Security" in Edinburgh focused on everything from securing the internet of things the rise of CEO fraud to the origins of "cyber" and how to conduct digital forensic investigations on cloud servers.

Fraud

OnDemand Webinar | Ponemon Report: The Cost of Credential Stuffing

 •  June 26, 2018

Credential stuffing attacks are on the rise and pose a serious threat to your business.

Cybersecurity

Threat Hunting: How to Evolve Your Incident Response

Tom Field  •  June 25, 2018

Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on threat hunting,

Cybercrime as-a-service

'Rex Mundi' Hacker Extortion Group: Busted

Mathew J. Schwartz  •  June 18, 2018

Cyber extortion group Rex Mundi has been shut down following the arrest of seven suspects in France and a French national in Thailand, police say. Investigators began pursuing the group last year after it stole customer data from a British firm and demanded $770,000 to not publicly release it.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz  •  June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.