Dark Reading Daily -- November 13, 2019

While CISOs Fret, Business Leaders Tout Security Robustness

A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.

Companies Increasingly Fail Interim Security Test, But Gap Narrows

Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.

New DDoS Attacks Leverage TCP Amplification

Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.

Researchers Disclose New Vulnerabilities in Windows Drivers

Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems.

Microsoft Patches IE Zero-Day Among 74 Vulnerabilities

The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.

The Myths of Multifactor Authentication

Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?

Why Cyber-Risk Is a C-Suite Issue

Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.

DDoS Attack Targets UK Labour Party Weeks Ahead of Election

Cybercriminals tried to take the Labour Party's digital platforms offline weeks before the election on December 12.

Find New Talent, Don't Fight Over CISSPs: Insights from (ISC)2 COO

The skills gap will only be closed by attracting and retaining new talent. So don't limit your talent search to CISSPs, says the COO of the organization that issues the CISSP certification.

32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant

Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.

Ring Flaw Underscores Impact of IoT Vulnerabilities

A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.

EDITORS' CHOICE

6 Small-Business Password Managers

The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.

SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?

The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.

Learn the Latest Exploit Techniques at Black Hat Europe

Master new exploit techniques for Microsoft RDP, Java remote protocols at Black Hat Europe in London next month.

NEW FROM THE EDGE

Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'

Cheap labor, frequent data breaches, and better fraud detection technology are fueling frustrating changes in attackers' methods.

How Can I Help My Team Manage Security Alerts?

Smart prioritization, great staff, and supportive tools are a good start.

7 Threats & Disruptive Forces Changing the Face of Cybersecurity