News & Commentary

The attackers hit dealer sales systems in Japan, according to the automaker.

7 Malware Families Ready to Ruin Your IoT's Day

Slideshows | 3/29/2019 |

This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.

20 Years of STRIDE: Looking Back, Looking Forward

Commentary | 3/29/2019 |

The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.

UK Watchdog Criticizes Huawei for Lax Software Security, Development

News | 3/29/2019 |

Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.

Microsoft Takes Down 99 Hacker-Controlled Websites

News | 3/28/2019 |

A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.

New Android Trojan Targets 100+ Banking Apps

News | 3/28/2019 |

'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.

40% of Organizations Not Doing Enough to Protect Office 365 Data

News | 3/28/2019 |

4 comments

Companies could be leaving themselves vulnerable by not using third-party data backup tools, a new report finds.

Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers

Quick Hits | 3/28/2019 |

Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.

Quantum Computing and Code-Breaking

Commentary | 3/28/2019 |

Prepare today for the quantum threats of tomorrow.

Enterprise Data Encryption Hits All-time High

Quick Hits | 3/28/2019 |

A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.

Microsoft Tackles IoT Security with New Azure Updates

News | 3/28/2019 |

The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.

Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents

Commentary | 3/28/2019 |

How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.

Tidying Expert Marie Kondo: Cybersecurity Guru?

News | 3/28/2019 |

8 comments

The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.

Inside Cyber Battlefields, the Newest Domain of War

News | 3/28/2019 |

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

6 Things To Know About the Ransomware That Hit Norsk Hydro

News | 3/27/2019 |

15 comments

In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.

New Shodan Tool Warns Organizations of Their Internet-Exposed Devices

News | 3/27/2019 |

9 comments

Shodan Monitor is free to members of the popular Internet search engine.

Threat Hunting 101: Not Mission Impossible for the Resource-Challenged

Commentary | 3/27/2019 |

How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.

GAO Finds Deficiencies in Systems for Handling National Debt

Quick Hits | 3/27/2019 |

IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.

The 'Twitterverse' Is Not the Security Community

Commentary | 3/27/2019 |

The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.

Russia Regularly Spoofs Regional GPS

News | 3/26/2019 |

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks

News | 3/26/2019 |

Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.

Small Businesses Turn to Managed Service Providers for Security

News | 3/26/2019 |

The average cost of a cyberattack at an SMB is $54,650, a new study shows.

Insurers Collaborate on Cybersecurity Ratings

Quick Hits | 3/26/2019 |

A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Commentary | 3/26/2019 |

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

10 Movies All Security Pros Should Watch

Slideshows | 3/26/2019 |

Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.

Under Attack: Over Half of SMBs Breached Last Year

Commentary | 3/26/2019 |

Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.

87% of Cloud Pros Say Lack of Visibility Masks Security

Quick Hits | 3/26/2019 |

The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.

Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'

News | 3/26/2019 |

Ret. Admiral Michael Rogers – who served as head of the NSA and the US Cyber Command from 2014 to 2018 – on how to handle the risk of insiders exposing an organization's sensitive data.

Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics

News | 3/25/2019 |

In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards—just like the real marketplace.

Attackers Compromise ASUS Software Update Servers to Distribute Malware

News | 3/25/2019 |

ShadowHammer campaign latest to highlight dangers of supply chain attacks.

IT Leaders, Employees Divided on Data Security

Quick Hits | 3/25/2019 |

4 comments

Execs and employees have dramatically different ideas of how much information is being lost and why – a gap that puts enterprise data in grave danger.

Dark Reading’s Kelly Jackson Higgins Honored as Top Cybersecurity Journalist

Quick Hits | 3/25/2019 |

In voting conducted by the SANS Institute, Jackson Higgins is named by peers as one of the top 10 journalists in the industry.

A Glass Ceiling? Not in Privacy

Commentary | 3/25/2019 |

According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.

Inside Incident Response: 6 Key Tips to Keep in Mind

Slideshows | 3/22/2019 |

Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.

Two Found Guilty in Online Dating, BEC Scheme

Quick Hits | 3/22/2019 |

Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.

Security Lessons from My Game Closet

Commentary | 3/22/2019 |

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

FIN7 Cybercrime Gang Rises Again

News | 3/21/2019 |

The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.

Businesses Manage 9.7PB of Data but Struggle to Protect It

News | 3/21/2019 |

What's more, their attempts to secure it may be putting information at risk, a new report finds.

Facebook Employees for Years Could See Millions of User Passwords in Plain Text

Quick Hits | 3/21/2019 |

6 comments

2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.

Hacker AI vs. Enterprise AI: A New Threat

Commentary | 3/21/2019 |

Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.

SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats

News | 3/21/2019 |

Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.

Microsoft Brings Defender Security Tools to Mac

News | 3/21/2019 |

Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.

Police Federation of England and Wales Suffers Apparent Ransomware Attack

Quick Hits | 3/21/2019 |

National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.

What the Transition to Smart Cards Can Teach the US Healthcare Industry

Commentary | 3/21/2019 |

Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.

Researchers Seek Out Ways to Search IPv6 Space

News | 3/20/2019 |

Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?

BEC Scammer Pleads Guilty

Quick Hits | 3/20/2019 |

Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

Google Photos Bug Let Criminals Query Friends, Location

News | 3/20/2019 |

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

The Insider Threat: It's More Common Than You Think

Commentary | 3/20/2019 |

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

Less Than 3% of Recycled Computing Devices Properly Wiped

News | 3/20/2019 |