Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
Why You Should Be Prepared to Pay a Ransom
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
Cartoon Caption Winner: Greetings, Earthlings
And the winner of Dark Reading's April cartoon caption contest is ...
Defending Against Web Scraping Attacks
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
Google Plans to Automatically Enable Two-Factor Authentication
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
Newer Generic Top-Level Domains a Security 'Nuisance'
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Pandemic Drives Greater Need for Endpoint Security
Endpoint security has changed. Can your security plan keep up?
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
8 Security & Privacy Apps to Share With Family and Friends
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
How Us Shady Geeks Put Others Off Security
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Facebook Expands Security Key Support to iOS & Android
Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
NSA Releases Guidance on Zero-Trust Architecture
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
Strata Identity Raises $11M in Series A Round
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
7 Things We Know So Far About the SolarWinds Attacks
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Digital Identity Is the New Security Control Plane
Simplifying the management of security systems helps provide consistent protection for the new normal.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
HelpSystems Acquires Data Security Firm Vera
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
White Ops Announces Its Acquisition
A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
Evidence-Based Trust Gets Black Hat Europe Spotlight
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
Apple Issues Security Updates
Vulnerabilities found in three most recent versions of macOS.
Credential Stuffing Fills E-commerce Pipeline in 2020
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Plans call for expanding the Barracuda CloudGen SASE platform.
Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
FTC Announces Consent Agreement With Zoom
The agreement covers Zoom's misleading statements on security for its audio and video calling.
7 Online Shopping Tips for the Holidays
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
How to Increase Voter Turnout & Reduce Fraud
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
6 Ways Passwords Fail Basic Security Tests
New data shows humans still struggle with password creation and management.
Neural Networks Help Users Pick More-Secure Passwords
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Businesses Rethink Endpoint Security for 2021
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Building the Human Firewall
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Online Voting Is Coming, but How Secure Will It Be?
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
Why MSPs Are Hacker Targets, and What To Do About It
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
'Father of Identity Theft' Sentenced to 207 Months
James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year.
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
Research Finds Nearly 800,000 Access Keys Exposed Online
The keys were primarily for access to databases and cloud services.
Zoom Brings Two-Factor Authentication to All Users
This marks the latest step Zoom has taken to improve user security as more employees work from home.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
Don't Forget Cybersecurity on Your Back-to-School List
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Twitter Hack: The Spotlight that Insider Threats Need
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
|
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
