Microsoft Adds GPS Location to Identity & Access Control in Azure AD

New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.

Adapting to the Security Threat of Climate Change

Business continuity plans that address natural and manmade disasters can help turn a cataclysmic business event into a minor slowdown.

Defending the Castle: How World History Can Teach Cybersecurity a Lesson

Cybersecurity attackers follow the same principles practiced in warfare for millennia. They show up in unexpected places, seeking out portions of an organization's attack surface that are largely unmonitored and undefended.

Verizon DBIR 2021: "Winners" No Surprise, But All-round Vigilance Essential

Verizon's Data Breach Investigations Report (DBIR) covers 2020 -- a year like no other. Phishing, ransomware, and innovation caused big problems.

Despite Heightened Breach Fears, Incident Response Capabilities Lag

Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.

Researchers Unearth 167 Fake iOS & Android Trading Apps

The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.

Putting the Spotlight on DarkSide

Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack.

66% of CISOs Feel Unprepared for Cyberattacks

More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report.

Vulnerable Protocols Leave Firms Open to Further Compromises

Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.

Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker

Understanding a few basics about how password crackers think and behave could help you keep your users safer.

Cybersecurity: What Is Truly Essential?

In an effort to protect their organizations, security professionals can overdo it. The result often works against them.

Why You Should Be Prepared to Pay a Ransom

Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.

The Long Road to Rebuilding Trust After 'Golden SAML'-Like Attacks

Eradicating 'privileged intruders' from the network in the aftermath of an attack poses major challenges, experts say.

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?

Adobe Issues Patch for Acrobat Zero-Day

The vulnerability is being exploited in limited attacks against Adobe Reader users on Windows.

Application Attacks Spike as Criminals Target Remote Workers

Application-specific and Web application attacks made up 67% of all attacks in 2020 as criminal strategies shifted in the pandemic.

Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable

Microsoft releases security patches for 55 vulnerabilities in its monthly roundup, which includes a critical, wormable flaw in the HTTP protocol stack.

Cartoon Caption Winner: Greetings, Earthlings

And the winner of Dark Reading's April cartoon caption contest is ...

3 Cybersecurity Myths to Bust

Deeply rooted cybersecurity misconceptions are poisoning our ability to understand and defend against attacks.

Critical Infrastructure Under Attack

Several recent cyber incidents targeting critical infrastructure prove that no open society is immune to attacks by cybercriminals. The recent shutdown of key US energy pipeline marks just the tip of the iceberg.

Colonial Pipeline Cyberattack: What Security Pros Need to Know

As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.

Tulsa Deals With Aftermath of Ransomware Attack

Weekend attack shuts down several city sites and service.

Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime

The "bulletproof hosting" organization hosted malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit.

10 Security Awareness Training Mistakes to Avoid

Give your cybersecurity culture a boost by adding these to the "don't" column of your cybersecurity awareness training do's and don'ts list.

Exchange Exploitation: Not Dead Yet

The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover.

How North Korean APT Kimsuky Is Evolving Its Tactics

Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.

Most Organizations Feel More Vulnerable to Breaches Amid Pandemic

More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity

The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.

The Edge Pro Quote: Password Empowerment

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.

Defending Against Web Scraping Attacks

Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.

11 Reasons Why You Sorta Love Passwords

We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.

Troy Hunt: Organizations Make Security Choices Tough for Users

The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.

New Techniques Emerge for Abusing Windows Services to Gain System Control

Organizations should apply principles of least privilege to mitigate threats, security researcher says.

Google Plans to Automatically Enable Two-Factor Authentication

The company plans to automatically enroll users in two-step verification if their accounts are properly configured.

CISA Publishes Analysis on New 'FiveHands' Ransomware

Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.

Securing the Internet of Things in the Age of Quantum Computing

Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.

Cloud-Native Businesses Struggle With Security

More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.

Biden's Supply Chain Initiative Depends on Cybersecurity Insights

Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.

How to Move Beyond Passwords and Basic MFA

It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security

Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.

Attackers Seek New Strategies to Improve Macros' Effectiveness

The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.

Gap Between Security and Networking Teams May Hinder Tech Projects

Professionals in each field describe a poor working relationship between the two teams

DoD Lets Researchers Target All Publicly Accessible Info Systems

The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.

Wanted: The (Elusive) Cybersecurity 'All-Star'

Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.

Debating Law Enforcement's Role in the Fight Against Cybercrime

The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.

Will 2021 Mark the End of World Password Day?

We might be leaving the world of mandatory asterisks and interrobangs behind for good.

Newer Generic Top-Level Domains a Security 'Nuisance'

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.

Apple Issues Patches for Webkit Security Flaws

The vulnerabilities may already be under active attack, Apple says in an advisory.

Planning Our Passwordless Future

All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.

Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities

SPONSORED CONTENT. While organizations may be more vulnerable than ever to supply chain hacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, said Jon Check, a senior director in Raytheon's cyber protection solutions business unit. Check also foresees wider use of automation to handle tasks humans in the SOC can't get to.

More Companies Adopting DevOps & Agile for Security

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.

Scripps Health Responds to Cyberattack

The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.

It's Time to Ditch Celebrity Cybersecurity

High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.

Researchers Explore Active Directory Attack Vectors

Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.

Name That Edge Toon: Magical May

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Imperva to Buy API Security Firm CloudVector

The deal is intended to expand Imperva's API security portfolio, officials say.

Buer Malware Variant Rewritten in Rust Programming Language

Researchers suggest a few reasons why operators rewrote Buer in an entirely new language

Researchers Find Bugs Using Single-Codebase Inconsistencies

A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.