Dark Reading

1. While CISOs Fret, Business Leaders Tout Security Robustness

   A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.

2. Companies Increasingly Fail Interim Security Test, But Gap Narrows

   Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.

3. Microsoft Patches IE Zero-Day Among 74 Vulnerabilities

   The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.

4. New DDoS Attacks Leverage TCP Amplification

   Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.

5. The Myths of Multifactor Authentication

   Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?

6. Researchers Disclose New Vulnerabilities in Windows Drivers

   Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems.

7. SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?

   The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.

8. DDoS Attack Targets UK Labour Party Weeks Ahead of Election

   Cybercriminals tried to take the Labour Party's digital platforms offline weeks before the election on December 12.

9. Why Cyber-Risk Is a C-Suite Issue

   Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.

10. Researchers Find New Approach to Attacking Cloud Infrastructure

    Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.