Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
What Can Your Connected Car Reveal About You?
App developers must take responsibility for the security of users' data.
Kia Denies Ransomware Attack as IT Outage Continues
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
Attackers Already Targeting Apple's M1 Chip with Custom Malware
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Microsoft Concludes Internal Investigation into Solorigate Breach
The software giant found no evidence that attackers gained extensive access to services or customer data.
CrowdStrike Buys Log Management Startup Humio for $400M
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
Apple Offers Closer Look at Its Platform Security Technologies, Features
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Microsoft Azure Front Door Gets a Security Upgrade
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
Data Security Accountability in an Age of Regular Breaches
As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
How to Run a Successful Penetration Test
These seven tips will help ensure a penetration test improves your organization's overall security posture.
Virginia Takes Different Tack Than California With Data Privacy Law
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
White House Says 100 Private Sector Orgs Hit in SolarWinds Campaign
Anne Neuberger, a top Biden cybersecurity official, provided an update on the government's investigation into the massive breach.
Kia Faces $20M DoppelPaymer Ransomware Attack
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
Ransomware? Let's Call It What It Really Is: Extortionware
Just as the targets of these attacks have shifted from individuals to corporations, so too has the narrow focus given way to applying force and pressure to pay.
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
4 Predictions for the Future of Privacy
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
Compromised Credentials Show That Abuse Happens in Multiple Phases
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Firms Patch Greater Number of Systems, but Still Slowly
Fewer systems have flaws; however, the time to remediate vulnerabilities stays flat, and many issues targeted by in-the-wild malware remain open to attack.
Strata Identity Raises $11M in Series A Round
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
Under Attack: Hosting & Internet Service Providers
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
Palo Alto Networks Plans to Acquire Cloud Security Firm
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
Black History Month 2021: Time to Talk Diversity and Cybersecurity
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees
Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.
100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
How to Submit a Column to Dark Reading
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Water Utility Hack Could Inspire More Intruders
If past cyberattacks are any indication, success begets imitation. In the wake of last week's hack of Florida water utility, other water utilities and users of remote desktop software would be wise to shore up defenses, experts say.
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
Ransomware Attackers Set Their Sights on SaaS
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.
Pandemic Initially Led to Fewer Disclosed Vulnerabilities, Data Suggests
Vulnerability disclosure started off slow but caught up by the end of the year, according to a new report.
Microsoft Launches Phase 2 Mitigation for Zerologon Flaw
The Netlogon remote code execution vulnerability, disclosed last August, has been weaponized by APT groups.
Game Over: Stopping DDoS Attacks Before They Start
Video games are poised for a revolution, but benefits will come to fruition only if the industry can guarantee consistent performance and availability.
7 Things We Know So Far About the SolarWinds Attacks
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks
Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
SASE Surge: Why the Market Is Poised to Grow
Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.
Zero Trust in the Real World
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Multivector Attacks Demand Security Controls at the Messaging Level
As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
SentinelOne Buys Data Analytics Company Scalyr
Cloud-based big data platform boosts extended detection and response (XDR) offering.
How Neurodiversity Can Strengthen Cybersecurity Defense
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
|
Latest Comment: This comment is waiting for review by our moderators.
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Tweet This
0 Comments
