Global cryptojacking group uses NSA exploits to earn Monero

Security Digest: A roundup of security technology content from TechTarget

Security Digest Information security news and advice from TechTarget's network | September 25, 2019 FEATURED STORY Broken WannaCry variants continuing to spread by Michael Heller, Senior Reporter Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems still aren't being patched against threats. (SearchSecurity.com) Advertisement NEWS   Global cryptomining attacks use NSA exploits to earn Monero Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more. (SearchSecurity.com)   Cloudflare battles malicious bots with 'fight mode' Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. (SearchSecurity.com)   Sinkholed Magecart domains resurrected for advertising schemes Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. (SearchSecurity.com)   Google pushes back on scale of YouTube phishing threat Millions of YouTubers may be at risk after some high-profile influencers reported their accounts were compromised in an apparent phishing attack, but the platform’s owner, Google, is not so sure. (ComputerWeekly.com) EXPERT ADVICE   New evasive spear phishing attacks bypass email security measures Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate. (SearchSecurity.com)   How to use Metasploit commands and exploits for penetration tests These step-by-step instructions demonstrate how to use Metasploit for enterprise vulnerability and penetration testing. (SearchSecurity.com)   Using DNS RPZ to pump up cybersecurity awareness Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. (SearchSecurity.com)   What's the role of people in IT/OT security? To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures. (SearchSecurity.com)   Approach customer engagement by first asking good questions Organizations need to align their customer strategy with their technology and know how to gather and use the right customer data when integrating all the components. (SearchCompliance.com)   How to encrypt and secure a website using HTTPS The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. (SearchSecurity.com)   Cybersecurity frameworks hold key to solid security strategy Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options. (SearchSecurity.com)   How software-defined perimeter authentication ups security Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security. (SearchSecurity.com)   How to shore up your third-party risk management program A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks. (SearchSecurity.com)   Create a manageable, secure IT/OT convergence strategy in 3 steps An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT. (SearchSecurity.com)   Protect customer data with these 5 essential steps Engagement with customers inevitably yields a trove of sensitive data. Learn the key steps you should take to stay compliant and secure in an era of virtual business. (SearchCompliance.com)   Tips and tricks to integrate IT and OT teams securely IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined. (SearchSecurity.com) About This E-Newsletter The Security Digest is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2019 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List