SecTor

Cartoon Caption Winner: Magic May

And the winner of The Edge's May cartoon caption contest is ...

Former FBI Employee Indicted for Taking Documents Home

The long-time intelligence analyst was accused of inappropriately handling documents related to national security.

Air India Confirms Data of 4.5M Travelers Compromised

Affected data includes names, birthdates, contact information, passport details, and credit card data, the airline reports.

Sophos Research Uncovers Widespread Use of TLS By Cybercriminals

SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.

Work from Home Modifies the Endpoint Security Equation, Cisco Says

SPONSORED CONTENT: As customers get to grips with this new WFH reality, they'll need to simplify their implementations and make more use of automation, says Cisco Secure's Al Huger.

As Threat Hunting Matures, Malware Labs Emerge

By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.

Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise

A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?

Data in Danger Amid New IT Challenges

Survey finds new threats due to the pandemic make managing enterprise cyber-risk even more challenging.

FBI Issues Conti Ransomware Alert as Attacks Target Healthcare

Officials have identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks.

Cloud Security Blind Spots: Where They Are and How to Protect Them

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture.

The Changing Face of Cybersecurity Awareness

In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.

The Edge Poll: Moving On

During the stresses of the pandemic, did you ever consider quitting security?

Dev-Sec Disconnect Undermines Secure Coding Efforts

Rather than continue to complain about each other, developers and security pros need to work together and celebrate their successes.

Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations

When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.

Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy

Resilience planning should be based on data and backed by technology, cybersecurity pros agreed at this week's RSA Conference.

Maricopa County CISO: Online Misinformation/Disinformation in 2020 Election a 'Gamechanger'

Custom playbooks played a key role in the Arizona election jurisdiction's security strategy.

100M Users' Data Exposed via Third-Party Cloud Misconfigurations

Researchers who examined 23 Android apps report developers potentially exposed the data of more than 100 million people.

Security Providers Describe New Solutions (& Growing Threats) at RSAC

SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.

Cost Savings, Better Security Drive Adoption of Emerging Technologies

However, senior technology managers express concerns about whether their current infrastructure can properly safeguard them.

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.

Cobalt Strike Becomes a Preferred Hacking Tool by Cybercrime, APT Groups

Incident response cases and research show how the red-team tool has become a become a go-to for attackers.

SolarWinds CEO: Attack Began Much Earlier Than Previously Thought

Investigation shows threat actors began probing SolarWinds' network in January 2019, according to Sudhakar Ramakrishna.

Google Chrome Makes It Easier to Update Compromised Passwords

A new capability will use Google's Duplex technology to alert people when their passwords are compromised and help change them.

Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws

Research underscores the acceleration of attack activity and points to a growing concern that defenders can't keep pace.

Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030

A project to look at potential cybersecurity threats in a decade sees hackers and marketers sending spam directly to our vision, while attackers' automated systems adapt faster than defenses.

Colonial Pipeline CEO Confirms Ransom Payment

CEO Joseph Blount says the $4.4 million payment was a necessary decision amid high-stakes infrastructure disruption.

How to Adapt to Rising Consumer Expectations of Invisible Security

Working from home has changed users' ideas about seamless security. Here's how to address them.

Credential Stuffing Reaches 193 Billion Login Attempts Annually

More attacks does not necessarily mean more threats, but all attacks types have increased, according to Akamai's new "State of the Internet" report.

How Ransomware Encourages Opportunists to Become Criminals

And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.

How Attackers Weigh the Pros and Cons of BEC Techniques

Security researchers discuss attackers' evolving methodologies in business email compromise and phishing campaigns.

How to Get Employees to Care About Security

Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.

Splunk to Acquire TruSTAR for Data Management

Splunk said it will integrate TruSTAR's data-sharing capabilities into its Data-to-Everything platform following the acquisition.

FBI's IC3 Logs 1M Complaints in 14 Months

The FBI's IC3 reports COVID-related scams and an increase in online retail may be behind the upswing in complaints.

Why Anti-Phishing Training Isn't Enough

Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.

Best 11 Quotes From Cryptographers' Panel

Cryptographers at an RSA Conference panel aren't worried about adversarial quantum cryptography. Machine learning, though, causes pressing practical issues.

Researchers Create Covert Channel Over Apple AirTag Network

Small amounts of data could be sent from nearly anywhere using Apple's "Find My" network, hidden in the large volume of traffic as AirTags become widely used, two researchers say.

How to Mitigate Against Domain Credential Theft

Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.

Cisco Plans to Create 'Premium' SecureX Offering With Kenna Security Features

Executives from Cisco share insights on the networking giant's ambitious security strategy.

DarkSide Ransomware Variant Targets Disk Partitions

A newly discovered DarkSide ransomware variant can detect and compromise partitioned hard drives, researchers report.

47% of Criminals Buying Exploits Target Microsoft Products

Researchers examine English- and Russian-language underground exploits to track how exploits are advertised and sold.

DDoS Attacks Up 31% in Q1 2021: Report

If pace continues, DDoS attack activity could surpass last year's 10-million attack threshold.

Rapid7 Is the Latest Victim of a Software Supply Chain Breach

Security vendor says attackers accessed some of its source code using a previously compromised Bash Uploader script from Codecov.

RSAC 2021: What Will SolarWinds' CEO Reveal?

In a keynote conversation with Forrester analyst Laura Koetzle, Sudhakar Ramakrishna will get candid about the historic breach.

Latest Security News From RSAC 2021

Check out Dark Reading's updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.

Agility Broke AppSec. Now It's Going to Fix It.

Outnumbered 100 to 1 by developers, AppSec needs a new model of agility to catch up and protect everything that needs to be secured.

Name That Toon: Road Trip

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Rapid7 Source Code Accessed in Supply Chain Attack

An investigation of the Codecov attack revealed intruders accessed Rapid7 source code repositories containing internal credentials and alert-related data.

How Faster COVID-19 Research Is Being Made Possible by Secure Silicon

When Intel and Leidos set up a "trusted execution environment" to enable a widespread group of researchers to securely share and confidentially compute real-world data, it was no small achievement.

Cisco Confirms Plans to Acquire Kenna Security

Cisco plans to integrate Kenna's vulnerability management technology into its SecureX platform.

Chart: Cybersecurity Now a Top Corporate Priority

Majority of global IT decision makers say cybersecurity is extremely or more important now than it was pre-pandemic, according to Cisco.

SOC Teams Burdened by Alert Fatigue Explore XDR

ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately

Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks

Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.

Security Trends to Follow at RSA Conference 2021

Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.

Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order

Overall objectives are good, but EO may be too prescriptive in parts, industry experts say.

85% of Data Breaches Involve Human Interaction: Verizon DBIR

Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element.

Firms Struggle to Secure Multicloud Misconfigurations

Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.

Dragos & IronNet Partner on Critical Infrastructure Security

The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security

When AI Becomes the Hacker

Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.