3 SASE Misconceptions to Consider

SASE is all the rage, promising things IT leaders have long dreamed about, but a purist approach may create consequences.

Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs

Security vendor says it has observed threat groups using a set of 16 tools specifically designed to attack Pulse Secure devices since April 2020.

Chart: Cloud Concerns

As more organizations make their way to the cloud, their eyes are wide open to the associated cybersecurity risks that tag along for the ride.

Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report

A new study examines the tools and technologies driving investment and activities for security operations centers.

SolarWinds Attackers Impersonate USAID in Advanced Email Campaign

Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.

A Wrench and a Screwdriver: Critical Infrastructure's Last, Best Lines of Defense?

Critical infrastructure's cybersecurity problems are complex, deep-rooted, and daunting. Addressing them won't be easy...but it isn't impossible.

Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection

Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.

Plug-ins for Code Editors Pose Developer-Security Threat

There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.

Most Mobile Apps Can Be Compromised in 15 Minutes or Less

In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.

'Have I Been Pwned' Code Base Now Open Source

Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.

BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims

The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.

Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues

SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wuest, VP of cyber protection research for Acronis.

Let's Stop Blaming Employees for Our Data Breaches

Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.

DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture

On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.

How Menlo Uses Isolation to Secure Mobile Devices in the Cloud

SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.

Prevention Is the Only Cure: The Dangers of Legacy Systems

Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.

ExtraHop Explains How Advanced Threats Dominate Threat Landscape

SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

New study shows sharp increase in number of endpoint devices with sensitive data on them.

Google Discovers New Rowhammer Attack Technique

Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips.

Zscaler Buys Deception Technology Startup

ZScaler's CEO says Smokescreen Technologies' capabilities will be integrated with Zscaler's ZIA and ZPA products.

Cisco: Reduced Complexity in the SOC Improves Enterprise Security

SPONSORED: WATCH NOW -- All it took was a global pandemic and a shift to working from home to expose security operations centers' open secret: Too much software, systems, and data to filter. Dug Song, chief strategy officer of Cisco Secure, makes a strong case for why reducing that complexity is the only tenable way forward for security professionals.

Bug Bounties and the Cobra Effect

Are bug bounty programs allowing software companies to skirt their responsibility to make better, more secure products from the get-go?

How Are Cyber Insurance Companies Assessing Ransomware Risk?

From limiting claims payments to tying payments to policyholders' actions, the cyber insurance industry is in "a very dynamic place right now," says Corvus Insurance CEO Phil Edmundson.

Devo: SIEM Continues to Evolve with Tech Trends and Emerging Threats

SPONSORED: WATCH NOW -- Some organizations split the difference with a hybrid of premises- and cloud-based SIEM, says Ted Julian, senior VP of product at Devo. As security data volumes continue to increase, SIEM's evolution will only continue.

Messaging Apps: The Latest Hotbed in the Fraud Ecosystem

Telegram and other secure messaging apps have become a haven for professional criminals to wreak havoc and turn a profit.

New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks

The Agrius group's focus appears to be Israel and the Middle East.

Orange: Your Leaky Security is Coming from Inside the House!

SPONSORED: Your home WiFi router may be screaming fast, but it's also a major point of vulnerability in this work-from-home era, says Charl van der Walt, head of security research at Orange Cyberdefense. And while Zero Trust offers some relief, he offers up some how-to advice to ensure it's properly deployed.

Cloud Compromise Costs Organizations $6.2M Per Year

Organizations reported an average of 19 cloud-based compromises in the past year, but most don't evaluate the security of SaaS apps before deployment.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks

Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.

Russia Profiting from Massive Hydra Cybercrime Marketplace

An analysis of Bitcoin transactions from the Hydra marketplace show that the operators are locking sellers into Russian exchanges, likely fueling profits for local actors.

MacOS Zero-Day Let Attackers Bypass Privacy Preferences

Apple has released security patches for vulnerabilities in macOS and tvOS that reports indicate have been exploited in the wild.

Axis Fosters Work-From-Home Momentum with Zero Trust Network Access

SPONSORED: Watch now -- VPN and VDI, while still useful, lack the hardened security required to keep users secure. That's created an opening for Zero Trust network access.

Russian Sentenced to 30 Months for Running Criminal Website

FBI says sales from illicit online shop deer.io exceeded $17 million

Your Network's Smallest Cracks Are Now Its Biggest Threats

Bad actors have flipped the script by concentrating more on low-risk threats. Here's how to address the threat and the tactics.

Uptycs Offers Resilience Formula to Boost Business Continuity

SPONSORED CONTENT: Breaches and data loss are inevitable, but customers can bounce back more readily with some planning and foresight, says Ganesh Pai, CEO and founder of Uptycs. He suggests a trajectory for customers looking to improve their own resilience, starting with proactiveness, followed by reactivity, then predictive capabilities and better protection.

The Makings of a Better Cybersecurity Hire

Experience counts, but as one CISO has learned, don't overlook a creative, motivated candidate just because their background doesn't match the job description.

The Adversary Within: Preventing Disaster From Insider Threats

Insiders are in a position of trust, and their elevated permissions provide opportunities to cause serious harm to critical business applications and processes.

Businesses Boost Security Budgets. Where Will the Money Go?

Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.

Turn the Tables: Supply Chain Defense Needs Some Offense, Fortinet Says

SPONSORED CONTENT: Watch now -- While the SolarWinds hack put fresh attention on supply chain vulnerabilities, Derek Manky of Fortinet's Fortiguard Labs suggests dismantling cybercriminals' own supply chains.

SecTor

Cartoon Caption Winner: Magic May

And the winner of The Edge's May cartoon caption contest is ...

Former FBI Employee Indicted for Taking Documents Home

The long-time intelligence analyst was accused of inappropriately handling documents related to national security.

Air India Confirms Data of 4.5M Travelers Compromised

Affected data includes names, birthdates, contact information, passport details, and credit card data, the airline reports.

Sophos Research Uncovers Widespread Use of TLS By Cybercriminals

SPONSORED CONTENT: Nearly half of all malware is being disseminated via the Transport Layer Security cryptographic protocol, says Dan Schiappa, executive VP and chief product officer for Sophos.

Work from Home Modifies the Endpoint Security Equation, Cisco Says

SPONSORED CONTENT: As customers get to grips with this new WFH reality, they'll need to simplify their implementations and make more use of automation, says Cisco Secure's Al Huger.

As Threat Hunting Matures, Malware Labs Emerge

By leveraging their analysis outputs, security pros can update detection rules engines and establish a stronger security posture in the process.

Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise

A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?

Data in Danger Amid New IT Challenges

Survey finds new threats due to the pandemic make managing enterprise cyber-risk even more challenging.

FBI Issues Conti Ransomware Alert as Attacks Target Healthcare

Officials have identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks.

Cloud Security Blind Spots: Where They Are and How to Protect Them

Security experts discuss oft-neglected areas of cloud security and offer guidance to businesses working to strengthen their security posture.

The Changing Face of Cybersecurity Awareness

In the two decades since cybersecurity awareness programs emerged, they've been transformed from a good idea to a business imperative.

The Edge Poll: Moving On

During the stresses of the pandemic, did you ever consider quitting security?

Dev-Sec Disconnect Undermines Secure Coding Efforts

Rather than continue to complain about each other, developers and security pros need to work together and celebrate their successes.

Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations

When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.

Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy

Resilience planning should be based on data and backed by technology, cybersecurity pros agreed at this week's RSA Conference.

Maricopa County CISO: Online Misinformation/Disinformation in 2020 Election a 'Gamechanger'

Custom playbooks played a key role in the Arizona election jurisdiction's security strategy.

100M Users' Data Exposed via Third-Party Cloud Misconfigurations

Researchers who examined 23 Android apps report developers potentially exposed the data of more than 100 million people.

Security Providers Describe New Solutions (& Growing Threats) at RSAC

SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.

Cost Savings, Better Security Drive Adoption of Emerging Technologies

However, senior technology managers express concerns about whether their current infrastructure can properly safeguard them.

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.