Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
US National Cyber Director: Toward a New Cybersecurity Social Contract
In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
CISO Shares Top Strategies to Communicate Security's Value to the Biz
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.
Black Hat Asia: Democracy's Survival Depends on Taming Technology
The conference opens with stark outlook on the future of global democracy -- currently squeezed between Silicon Valley and China.
Transforming SQL Queries Bypasses WAF Security
A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
How to Negotiate With Ransomware Attackers
Security researchers investigate the ransom negotiation process to create strategies businesses can use if they face an attack.
Cloud Attack Analysis Unearths Lessons for Security Pros
Researchers detail their investigation of a cryptomining campaign stealing AWS credentials and how attackers have evolved their techniques.
What Happens If Time Gets Hacked
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.
Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months
Russian-speaking "Void Balaur" group's victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.
ChaosDB: Researchers Share Technical Details of Azure Flaw
Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.
Securing the Public: Who Should Take Charge?
International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.
Dark Reading Video News Desk Comes to Black Hat Europe
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.
APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm
A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.
Read Between the Lines: Finding Flaws in EPUB Reading Systems
Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.
Who's In Your Wallet? Exploring Mobile Wallet Security
Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
Applying Behavioral Psychology to Strengthen Your Incident Response Team
A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.
FragAttacks Foil 2 Decades of Wireless Security
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
Researchers Call for 'CVE' Approach for Cloud Vulnerabilities
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
CISA Launches JCDC, the Joint Cyber Defense Collaborative
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.
Incident Responders Explore Microsoft 365 Attacks in the Wild
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
A New Approach to Securing Authentication Systems' Core Secrets
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
Why Supply Chain Attacks Are Destined to Escalate
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
New Normal Demands New Security Leadership Structure
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.
Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.
8 Security Tools to be Unveiled at Black Hat USA
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
Researchers Create New Approach to Detect Brand Impersonation
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
New Framework Aims to Describe & Address Complex Social Engineering Attacks
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln
It urges organizations to immediately apply security update, citing exploit activity.
Researchers Learn From Nation-State Attackers' OpSec Mistakes
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.
Microsoft Issues New CVE for 'PrintNightmare' Flaw
Company says remote code execution issue in all Windows versions is different from one in Windows Print Spooler that it had patched last month, though both affect same function.
Attackers Already Unleashing Malware for Apple macOS M1 Chip
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.
The Danger of Action Bias: Is It Always Better to Act Quickly?
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
Survey Seeks to Learn How 2020 Changed Security
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.
New Techniques Emerge for Abusing Windows Services to Gain System Control
Organizations should apply principles of least privilege to mitigate threats, security researcher says.
Researchers Explore Active Directory Attack Vectors
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Dark Reading Celebrates 15th Anniversary
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Researchers Connect Complex Specs to Software Vulnerabilities
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
10 Free Security Tools at Black Hat Asia 2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
Cartoon Caption Winner: Insider Threat
And the winner of Dark Reading's January cartoon caption contest is ...
DoJ's Microsoft 365 Email Accounts Compromised in SolarWinds Attacks
Three percent of email accounts were breached, the Department of Justice reports.
|
Practical Network Security Approaches for a Multicloud, Hybrid IT WorldThe report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy:
-increase visibility over the environment
-learning cloud-specific skills
-relying on established security frameworks
-re-architecting the network
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
