Tag: Dark Reading:

This article has been indexed from Dark Reading: More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai’s new ‘State of the Internet’ report. Read the original article: Credential Stuffing Reaches 193 Billion…

Read more →

This article has been indexed from Dark Reading: And what’s needed to stop it: Better information sharing among private organizations and with law enforcement agencies. Read the original article: How Ransomware Encourages Opportunists to Become Criminals

Read more →

This article has been indexed from Dark Reading: Want to a security awareness program that sticks? Make it fun and personal, and offer free lunch. Read the original article: How to Get Employees to Care About Security

Read more →

This article has been indexed from Dark Reading: Security researchers discuss attackers’ evolving methodologies in business email compromise and phishing campaigns. Read the original article: How Attackers Weigh the Pros and Cons of BEC Techniques

Read more →

This article has been indexed from Dark Reading: The FBI’s IC3 reportsCOVID-related scams and an increase in online retail may be behind the upswing in complaints. Read the original article: FBI’s IC3 Logs 1M Complaints in 14 Months

Read more →

This article has been indexed from Dark Reading: Splunk said it will integrate TruStar’s data-sharing capabilities into its Data-to-Everything platform following the acquisition. Read the original article: Splunk to Acquire TruStar for Data Management

Read more →

This article has been indexed from Dark Reading: Not only is relying on employees’ awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems. Read the original article: Why Anti-Phishing Training Isn’t Enough

Read more →

This article has been indexed from Dark Reading: Cryptographers at RSA Conference panel aren’t worried about adversarial quantum cryptography. Machine learning, though, causes pressing practical issues. Read the original article: Best 11 Quotes From Cryptographers Panel

Read more →

This article has been indexed from Dark Reading: Small amounts of data could be sent from nearly anywhere using Apple’s “Find My” network, hidden in the large volume of traffic as AirTags become widely used, two researchers say. Read the…

Read more →

This article has been indexed from Dark Reading: Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access. Read the original article: How to Mitigate Against Domain Credential Theft

Read more →

This article has been indexed from Dark Reading: Executives from Cisco share insights on the networking giant’s ambitious security strategy. Read the original article: Cisco Plans to Create ‘Premium’ SecureX Offering With Kenna Security Features

Read more →

This article has been indexed from Dark Reading: A newly discovered DarkSide ransomware variant can detect and compromise partitioned hard drives, researchers report. Read the original article: DarkSide Ransomware Variant Targets Disk Partitions

Read more →

This article has been indexed from Dark Reading: If pace continues, DDoS attack activity could surpass last year’s 10-million attack threshold. Read the original article: DDoS Attacks Up 31% in Q1 2021: Report

Read more →

This article has been indexed from Dark Reading: Researchers examine English- and Russian-language underground exploits to track how exploits are advertised and sold. Read the original article: 47% of Criminals Buying Exploits Target Microsoft Products

Read more →

This article has been indexed from Dark Reading: Security vendor says attackers accessed some of its source code using a previously compromised Bash Uploader script from Codecov. Read the original article: Rapid7 Is the Latest Victim of a Software Supply…

Read more →

This article has been indexed from Dark Reading: In a keynote conversation with Forrester analyst Laura Koetzle, Sudhakar Ramakrishna will get candid about the historic breach. Read the original article: RSAC 2021: What Will SolarWinds’ CEO Reveal?

Read more →

This article has been indexed from Dark Reading: Check out Dark Reading’s updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021. Read the original article: Latest Security News From RSAC 2021

Read more →

This article has been indexed from Dark Reading: Check out Dark Reading’s updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021. Read the original article: Latest Security News from RSAC 2021

Read more →

This article has been indexed from Dark Reading: Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. Read the original article: Name That Toon: Road Trip

Read more →

This article has been indexed from Dark Reading: Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured. Read the original article: Agility Broke AppSec. Now…

Read more →

This article has been indexed from Dark Reading: An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data. Read the original article: Rapid7 Source Code Accessed in Supply Chain Attack

Read more →

This article has been indexed from Dark Reading: When Intel and Leidos set up a “trusted execution environment” to enable a widespread group of researchers to securely share and confidentially compute real-world data, it was no small achievement. Read the…

Read more →

This article has been indexed from Dark Reading: Cisco plans to integrate Kenna’s vulnerability management technology into its SecureX platform. Read the original article: Cisco Confirms Plans to Acquire Kenna Security

Read more →

This article has been indexed from Dark Reading: Majority of global IT decision makers say cybersecurity is extremely or more important now than it was pre-pandemic, according to Cisco. Read the original article: Chart: Cybersecurity Now a Top Corporate Priority

Read more →

This article has been indexed from Dark Reading: ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately Read the original article: SOC Teams Burdened by Alert Fatigue Explore XDR

Read more →

This article has been indexed from Dark Reading: Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says. Read the original article: Wi-Fi Design, Implementation Flaws Allow a…

Read more →

This article has been indexed from Dark Reading: Here are three key categories of sessions that provide an inside look at some of today’s most interesting cybersecurity trends. Read the original article: Security Trends to Follow at RSA Conference 2021

Read more →

This article has been indexed from Dark Reading: Overall objectives are good, but EO may be too prescriptive in parts, industry experts say. Read the original article: Software, Incident Response Among Big Focus Areas in Biden’s Cybersecurity Executive Order

Read more →

This article has been indexed from Dark Reading: Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element. Read the original article: 85% of Data Breaches Involve Human Interaction:…

Read more →

This article has been indexed from Dark Reading: The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security Read the original article: Dragos & IronNet Partner on Critical Infrastructure Security

Read more →

This article has been indexed from Dark Reading: Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database. Read the original article: Firms Struggle to…

Read more →

This article has been indexed from Dark Reading: Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society. Read the original article: When AI Becomes the Hacker

Read more →

This article has been indexed from Dark Reading: New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location. Read the original article: Microsoft Adds GPS Location to Identity & Access Control in…

Read more →

This article has been indexed from Dark Reading: Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown. Read the original article: Adapting to the Security Threat of Climate Change

Read more →

This article has been indexed from Dark Reading: Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization’s attack surface that are largely unmonitored and undefended. Read…

Read more →

This article has been indexed from Dark Reading: Verizon’s Data Breach Investigations Report (DBIR) covers 2020 — a year like no other. Phishing, ransomware, and innovation caused big problems. Read the original article: Verizon DBIR 2021: “Winners” No Surprise, But…

Read more →

This article has been indexed from Dark Reading: Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows. Read the original article: Despite Heightened Breach Fears, Incident Response Capabilities Lag

Read more →

This article has been indexed from Dark Reading: The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations. Read the original article: Researchers Unearth 167 Fake iOS & Android Trading Apps

Read more →

This article has been indexed from Dark Reading: Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack. Read the original article: Putting The Spotlight on DarkSide

Read more →

This article has been indexed from Dark Reading: More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report. Read the original article: 66% of CISOs Feel Unprepared for Cyberattacks

Read more →

This article has been indexed from Dark Reading: Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability. Read the original article: Vulnerable Protocols…

Read more →

This article has been indexed from Dark Reading: Understanding a few basics about how password crackers think and behave could help you keep your users safer. Read the original article: Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker

Read more →

This article has been indexed from Dark Reading: In an effort to protect their organizations, security professionals can overdo it. The result often works against them. Read the original article: Cybersecurity: What Is Truly Essential?

Read more →

This article has been indexed from Dark Reading: Eradicating ‘privileged intruders’ from the network in the aftermath of an attack poses major challenges, experts say. Read the original article: The Long Road to Rebuilding Trust after ‘Golden SAML’-Like Attacks

Read more →

This article has been indexed from Dark Reading: Companies that claim they’ll never pay up in a ransomware attack are more likely to get caught flat-footed. Read the original article: Why You Should Be Prepared to Pay a Ransom

Read more →

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely? Read the original article: A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm

Read more →

Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic. Read the original article: Application Attacks Spike as Criminals Target Remote Workers

Read more →

The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows. Read the original article: Adobe Issues Patch for Acrobat Zero-Day

Read more →

Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack. Read the original article: Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable

Read more →

And the winner of Dark Reading’s April cartoon caption contest is … Read the original article: Cartoon Caption Winner: Greetings, Earthlings

Read more →

Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks. Read the original article: 3 Cybersecurity Myths to Bust

Read more →

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg. Read the original article: Critical Infrastructure Under…

Read more →

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it’s a cautionary tale for critical infrastructure providers. Read the original article: Colonial Pipeline Cyberattack: What Security Pros Need to…

Read more →

Weekend attack shuts down several city sites and service. Read the original article: Tulsa Deals With Aftermath of Ransomware Attack

Read more →

The “bulletproof hosting” organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit. Read the original article: Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime

Read more →

Give your cybersecurity culture a boost by adding these to the “don’t” column of your cybersecurity awareness training do’s and don’ts list. Read the original article: 10 Security Awareness Training Mistakes to Avoid

Read more →

The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover. Read the original article: Exchange Exploitation: Not Dead Yet

Read more →

Researchers find differences in Kimsuky’s operations that lead them to divide the APT into two groups: CloudDragon and KimDragon. Read the original article: How North Korean APT Kimsuky Is Evolving Its Tactics

Read more →

More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds. Read the original article: Most Organizations Feel More Vulnerable to Breaches Amid Pandemic

Read more →

The report provides additional details on tactics of Russia’s Foreign Intelligence Service following public attribution of the group to last year’s SolarWinds attack. Read the original article: FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity

Read more →

Web scraping attacks, like Facebook’s recent data leak, can easily lead to more significant breaches. Read the original article: Defending Against Web Scraping Attacks

Read more →

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account. Read the original article: The Edge Pro Quote: Password Empowerment

Read more →

Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week. Read the original article: Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security

Read more →

We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here’s what you had to say. Read the original article: 11 Reasons Why You Sorta Love Passwords

Read more →

The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges. Read the original article: Troy Hunt: Organizations Make Security Choices Tough for Users

Read more →

The company plans to automatically enroll users in two-step verification if their accounts are properly configured. Read the original article: Google Plans to Automatically Enable Two-Factor Authentication

Read more →

Organizations should apply principles of least privilege to mitigate threats, security researcher says. Read the original article: New Techniques Emerge for Abusing Windows Services to Gain System Control

Read more →

Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report. Read the original article: CISA Publishes Analysis on New ‘FiveHands’ Ransomware

Read more →

Internet security, privacy, and authentication aren’t new issues, but IoT presents unique security challenges. Read the original article: Securing the Internet of Things in the Age of Quantum Computing

Read more →

More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them. Read the original article: Cloud-Native Businesses Struggle with Security

Read more →

Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned. Read the original article: Biden’s Supply Chain Initiative Depends on Cybersecurity Insights

Read more →

It’s not a question of whether passwordless is coming — it’s simply a question of when. How should your organization prepare? (Part two of a two-part series.) Read the original article: How to Move Beyond Passwords and Basic MFA

Read more →

The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems. Read the original article: Attackers Seek New Strategies to Improve Macros’ Effectiveness

Read more →

Professionals in each field describe a poor working relationship between the two teams Read the original article: Gap Between Security and Networking Teams May Hinder Tech Projects

Read more →

Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field. Read the original article: Wanted: The (Elusive) Cybersecurity ‘All-Star’

Read more →

The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets. Read the original article: DoD Lets Researchers Target All Publicly Accessible Info Systems

Read more →

The FBI’s action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials’ response to cyberattacks. Read the original article: Debating Law Enforcement’s Role in the Fight Against Cybercrime

Read more →

We might be leaving the world of mandatory asterisks and interrobangs behind for good. Read the original article: Will 2021 Mark the End of World Password Day?

Read more →

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says. Read the original article: Newer Generic Top-Level Domains a Security ‘Nuisance’

Read more →

The vulnerabilities may already be under active attack, Apple says in an advisory. Read the original article: Apple Issues Patches for Webkit Security Flaws

Read more →

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab’s latest survey finds. Read the original article: More Companies Adopting DevOps & Agile for Security

Read more →

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009. Read the original article: Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Read more →

All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.) Read the original article: Planning Our…

Read more →

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity. Read the original article: Can Organizations Secure Remote Workers for the Long Haul?

Read more →

The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities. Read the original article: Scripps Health Responds to Cyberattack

Read more →

Read the original article: It’s Time to Ditch Celebrity Cybersecurity High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection. Read the original article: It’s Time to Ditch Celebrity Cybersecurity

Read more →

Read the original article: Researchers Explore Active Directory Attack Vectors Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems. Read the original article: Researchers Explore Active Directory Attack Vectors

Read more →

Read the original article: Buer Malware Variant Rewritten in Rust Programming Language Researchers suggest a few reasons why operators rewrote Buer in an entirely new language Read the original article: Buer Malware Variant Rewritten in Rust Programming Language

Read more →

Read the original article: Imperva to Buy API Security Firm CloudVector The deal is intended to expand Imperva’s API security portfolio, officials say. Read the original article: Imperva to Buy API Security Firm CloudVector

Read more →

Read the original article: Name That Edge Toon: Magical May Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card. Read the original article: Name That Edge…

Read more →

Read the original article: Researchers Find Bugs Using Single-Codebase Inconsistencies A Northeastern University research team finds code defects — and some vulnerabilities — by detecting when programmers used different code snippets to perform the same functions. Read the original article:…

Read more →

Read the original article: The Edge Pro Tip: Protect IoT Devices As Internet-connected devices become more prevalent in organizations, security issues increase as well. Read the original article: The Edge Pro Tip: Protect IoT Devices

Read more →

Read the original article: Stopping the Next SolarWinds Requires Doing Something Different Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale? Read the original article: Stopping the Next SolarWinds Requires Doing…

Read more →

Read the original article: Dark Reading Celebrates 15th Anniversary Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices. Read the original article: Dark Reading Celebrates 15th Anniversary

Read more →

Read the original article: Ransomware Task Force Publishes Framework to Fight Global Threat An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model. Read the original article: Ransomware Task…

Read more →

Read the original article: New Threat Group Carrying Out Aggressive Ransomware Campaign UNC2447 observed targeting now-patched vulnerability in SonicWall VPN. Read the original article: New Threat Group Carrying Out Aggressive Ransomware Campaign

Read more →

Read the original article: MITRE Adds MacOS, Linux, More Data Types to ATT&CK Framework Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure. Read the original article: MITRE Adds MacOS, Linux,…

Read more →

Read the original article: Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows. Read the original article: Survey Finds Broad Concern Over…

Read more →

Read the original article: Ghost Town Security: What Threats Lurk in Abandoned Offices? Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it’s a year later – what happened in those office parks and downtown ghost…

Read more →

Read the original article: The Ticking Time Bomb in Every Company’s Code Developers must weigh the benefits and risks of using third-party code in Web apps. Read the original article: The Ticking Time Bomb in Every Company’s Code

Read more →