Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched.
Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from cloud platforms, and mitigating the risks is proving challenging, according to the security firm Proofpoint.
The websites of about 200 public and private entities in Belgium were knocked fully or partially offline Tuesday by a distributed denial-of-service attack against the publicly funded internet service provider Belnet.
With consumers relying more heavily on e-commerce during the pandemic and beyond, leveraging behavioral biometrics for authentication is an effective strategy, says Coby Montoya, a fraud-fighting and authentication strategist at a financial company.
No one needs more stats about the skills gap in cybersecurity; many organizations are obviously facing challenges in recruiting, skilling, and retaining security professionals. We haven’t written this cheat sheet to tell you what you already know. Instead, we will outline a realistic strategy for workforce-wide...
In order to keep pace with hackers, you need to learn like hackers. That’s why when it comes to guidance on building detection and response programs, MITRE ATT&CK® – which has a strong adversarial focus – trumps traditional frameworks such as the Diamond Model (which lacks technical depth), and Lockheed...
Cyber crisis response and preparedness is on everyone’s lips, yet organizations’ efforts are failing to adapt to modern threats. While table top exercises have long been considered an essential tool in preparing organizations to face cyber crises, they’re now rapidly falling into obsolescence.
So what’s the...
'Mega breaches' might sound dystopian, but they're becoming an all too familiar feature of the modern cyber crisis. Yet organizations are still relying on traditional techniques to prepare and exercise their workforces' cyber crisis response. Enter micro-drilling: the modern alternative to tabletop exercising.
In...
Cybersecurity training: from dry-as-dust videos to cutesy animations of hapless office workers to streams of green code on a black screen. The variety out there is staggering, and it’s hard to know where to start – or what's really going to work.
Luckily, the most effective forms of training – for all teams,...
Organisations in Australia have expanded their use of encryption to protect cloud and on-premises data and applications, but what challenges are they facing? And what tools do they find most effective?
The 2021 Australia Encryption Trends Study, conducted by the Ponemon Institute and sponsored by Entrust, will be...
Can courts trust evidence collected by Cellebrite's mobile device forensic tools? Matt Bergin of KoreLogic has found new vulnerabilities in Cellebrite's software that he will present on Friday at Black Hat Asia. He says that forensics software should be put through rigorous penetration tests.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
