Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Why Anti-Phishing Training Isn't Enough
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.
How to Mitigate Against Domain Credential Theft
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
Agility Broke AppSec. Now It's Going to Fix It.
Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured.
Name That Toon: Road Trip
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
Security Trends to Follow at RSA Conference 2021
Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.
Adapting to the Security Threat of Climate Change
Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.
Defending the Castle: How World History Can Teach Cybersecurity a Lesson
Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization's attack surface that are largely unmonitored and undefended.
Verizon DBIR 2021: "Winners" No Surprise, But All-round Vigilance Essential
Verizon's Data Breach Investigations Report (DBIR) covers 2020 -- a year like no other. Phishing, ransomware, and innovation caused big problems.
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
Why You Should Be Prepared to Pay a Ransom
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
Cartoon Caption Winner: Greetings, Earthlings
And the winner of Dark Reading's April cartoon caption contest is ...
3 Cybersecurity Myths to Bust
Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.
Critical Infrastructure Under Attack
Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.
Exchange Exploitation: Not Dead Yet
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.
Defending Against Web Scraping Attacks
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
Securing the Internet of Things in the Age of Quantum Computing
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
Will 2021 Mark the End of World Password Day?
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
SPONSORED CONTENT: While organizations may be more vulnerable than ever to supply chain attacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, says Jon Check, senior director in Raytheon's cyber protection solutions unit.
Can Organizations Secure Remote Workers for the Long Haul?
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
It's Time to Ditch Celebrity Cybersecurity
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
Dark Reading Celebrates 15th Anniversary
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Stopping the Next SolarWinds Requires Doing Something Different
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
The Ticking Time Bomb in Every Company's Code
Developers must weigh the benefits and risks of using third-party code in Web apps.
Your Digital Identity's Evil Shadow
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
The Challenge of Securing Non-People Identities
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
How to Secure Employees' Home Wi-Fi Networks
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Is Your Cloud Raining Sensitive Data?
Learn common Kubernetes vulnerabilities and ways to avoid them.
4 Ways CISOs Can Strengthen Their Security Resilience
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Challenging Our Education System to Nurture the Cyber Pipeline
Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.
Shift Left: From Concept to Practice
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.
SOC 2 Attestation Tips for SaaS Companies
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Business Email Compromise Costs Businesses More Than Ransomware
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
6 Tips for Managing Operational Risk in a Downturn
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
Nation-State Attacks Force a New Paradigm: Patching as Incident Response
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
Bolstering Our Nation's Defenses Against Cybersecurity Attacks
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
Dark Reading to Upgrade Site Design, Performance
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Clear & Present Danger: Data Hoarding Undermines Better Security
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Wake Up and Smell the JavaScript
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.
Omdia Research Spotlight: XDR
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help
Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
|
Latest Comment: "Pass him dear! We'll never get there if the screensaver kicks in!"
2021 Top Enterprise IT TrendsWe've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Tweet This
0 Comments
