Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
Attackers Heavily Targeting VPN Vulnerabilities
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
Clear & Present Danger: Data Hoarding Undermines Better Security
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
New Malware Downloader Spotted in Targeted Campaigns
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
Did 4 Major Ransomware Groups Truly Form a Cartel?
An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer.
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.
7 Security Strategies as Employees Return to the Office
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack
A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
Ghost Users Haunt Healthcare Firms
Data security hygiene severely lacking among healthcare firms, new research shows.
CISA Builds Out Defensive Tools for Security Teams
Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox.
Beware the Package Typosquatting Supply Chain Attack
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
7 Tips to Secure the Enterprise Against Tax Scams
Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.
US Schools Faced Record Number of Security Incidents in 2020
The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
And the winner of Dark Reading's February cartoon caption contest is ...
Look to Banking as a Model for Stopping Crime-as-a-Service
The first step toward prevention is understanding the six most common CaaS services.
How SolarWinds Busted Up Our Assumptions About Code Signing
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Attackers Turn Struggling Software Projects Into Trojan Horses
While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Educational institutions have become prime targets, but there are things they can do to stay safer.
New APT Group Targets Airline Industry & Immigration
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
3 Security Flaws in Smart Devices & IoT That Need Fixing
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
SonicWall Releases Second Set of February Firmware Patches
The latest patches, for its SMA 100 series products, comes less than three weeks after an updates to patch a zero-day vulnerability.
Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer
Any organization can use MITRE ATT&CK as a force multiplier, but it's especially valuable for small ones.
CVSS as a Framework, Not a Score
The venerable system has served us well but is now outdated. Not that it's time to throw the system away; use it as a framework to measure risk using modern, context-based methods.
What Can Your Connected Car Reveal About You?
App developers must take responsibility for the security of users' data.
How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Microsoft Concludes Internal Investigation into Solorigate Breach
The software giant found no evidence that attackers gained extensive access to services or customer data.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
Egregor Arrests a Blow, but Ransomware Will Likely Bounce Back
Similar to previous ransomware takedowns, this disruption to the ransomware-as-a-service model will likely be short-lived, security experts say.
Under Attack: Hosting & Internet Service Providers
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
7 Things We Know So Far About the SolarWinds Attacks
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever
Cloud-native deployments tend to be small, interchangeable, and easier to protect, but their software supply chains require closer attention.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
How Neurodiversity Can Strengthen Cybersecurity Defense
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.
Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Microsoft Says It's Time to Attack Your Machine-Learning Models
With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
Pay-or-Get-Breached Ransomware Schemes Take Off
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
Why North Korea Excels in Cybercrime
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.
7 Steps to Secure a WordPress Site
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
SolarWinds Attack, Cyber Supply Chain Among Priorities for Biden Administration
During Senate confirmation hearings, the nominees for Secretary of Homeland Security and Director of National Intelligence pledged to focus on cybersecurity.
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
|
Latest Comment: Congratulations George - you have won the Venuvian Lottery! Now if you will just type in your SSN, Date of Birth, Mother's maiden name ...
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
