'Beware the Lady Named Katie'

A semester-long course boiled down to two minutes and 45 seconds.

The Workforce Shortage in Cybersecurity Is a Myth

What we really have is an automation-in-the-wrong-place problem.

Intl. Law Enforcement Operation Disrupts Slilpp Marketplace

A seizure warrant affidavit unsealed today states Slilpp had sold allegedly stolen login credentials since 2012.

Deepfakes Are on the Rise, but Don't Panic Just Yet

Deepfakes will likely give way to deep suspicion, as users try to sort legitimate media from malicious.

11 Cybersecurity Vendors to Watch in 2021

The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer.

Cyber Is the New Cold War & AI Is the Arms Race

Continual cyberattacks have pushed us into a new kind of Cold War, with artificial intelligence the basis of this new arms race.

Required MFA Is Not Sufficient for Strong Security: Report

Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.

What to Know About Updates to the PCI Secure Software Standard

New requirements add 50 controls covering five control objectives. Here's a high-level look at each objective.

RSA Spins Off Fraud & Risk Intelligence Unit

The new company, called Outseer, will continue to focus on payment authentication and fraud detection and analysis.

CISA Addresses Rise in Ransomware Threatening OT Assets

The agency has released guidance in response to a rise of ransomware attacks affecting OT assets and control systems.

New Security Event @Hack to Take Place in Saudi Arabia

The Saudi Federation of Cybersecurity, Programming, and Drones (SAFCSP) and Informa Tech will launch a multi-day event in Riyadh this November.

With Cloud, CDO and CISO Concerns Are Equally Important

Navigated properly, a melding of these complementary perspectives can help keep an organization more secure.

Hardening the Physical Security Supply Chain to Mitigate the Cyber-Risk

Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyberattacks by reviewing the cybersecurity policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.

Ransomware Is Not the Problem

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Phished Account Credentials Mostly Verified in Hours

Almost two-thirds of all phished credentials are verified by attackers within a day and then used in a variety of schemes, including business email compromise and targeting other users with malicious code.

Microsoft Patches 6 Zero-Days Under Active Attack

The June 2021 Patch Tuesday fixes 50 vulnerabilities, six of which are under attack and three of which were publicly known at the time of disclosure.

FBI Issued Encrypted Devices to Capture Criminals

A sting operation delivered devices into the hands of global criminals and used the intelligence gathered to stop drug crimes.

Colonial Pipeline CEO: Ransomware Attack Started via Pilfered 'Legacy' VPN Account

No multifactor authentication was attached to the stolen VPN password used by the attackers, Colonial Pipeline president & CEO Joseph Blount told a Senate committee today.

Microsoft CISO Shares Remote Work Obstacles & Lessons Learned

Bret Arsenault explains changes he implemented along the way as Microsoft's workforce went from 20% to 97% remote.

How Employees Can Keep Their 401(k)s Safe From Cybercriminals

As retirement fund balances grow, cybercriminals are becoming more brazen in their efforts to deplete people's savings.

Cyber Resilience: The Emerald City of the Security World

Small and midsize businesses and managed service providers must use their heart, brain, and courage as they follow the Yellow Brick Road to cyber resilience.

An Answer to APP Scams You Can Bank On

Financial institutions' usual fraud-detection methods can't detect most authorized push payment (APP) scams, putting customers and banks at risk.

First Known Malware Surfaces Targeting Windows Containers

Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.

DoJ Seizes $2.3M in Bitcoin Paid to Colonial Pipeline Attackers

The amount allegedly represents a May 8 payment to the DarkSide ransomware group.

Latvian Woman Charged for Role In Crafting Trickbot Malware

Alla Witte and her associates are accused of using Trickbot to infect tens of millions of computers around the world, the Justice Department reports.

CISA Warns Criminals Seek to Exploit Critical VMware Bug

Organizations running vCenter Server and VMware Cloud Foundation are urged to apply fixes deployed on May 25.

Cartoon Caption Winner: Road Trip

And the winner of Dark Reading's cartoon caption contest is ...

Cyber Athletes Compete to Form US Cyber Team

Here's how security pros can showcase value to future employers: a field of friendly strife to measure their aptitude against competitors.

NortonLifeLock Criticized for New Cryptomining Feature

While the crypto crowd applauds the move, critics worry about the environmental impact, supporting a currency used for ransomware, and mining further slowing down systems.

How Can I Test the Security of My Home-Office Employees' Routers?

From the most accurate to the most practical, here are a few ways to ensure both employees and organizations are protected from risk.

The US Must Redefine Critical Infrastructure for the Digital Era

The template being used to manage essential connectivity isn't just outdated, it's actively counter-productive.

SentinelOne Files S-1 for IPO

The security company looks to raise up to $100 million in its IPO, its filing reveals.

Organizations Shift Further Left in App Development

Most IT and security professionals surveyed think security is a critical enough reason to pause app development.

Data Breaches Drive Higher Loan Interest Rates

Businesses that suffer a security breach may not see their stock price tumble, but they may pay higher rates for loans and be forced to provide collateral, researchers report.

Welcome to the New Workplace

The pandemic has changed the landscape in which security pros work. Here are five ways how.

What the FedEx Logo Taught Me About Cybersecurity

Cyber threats are staring you in the face, but you can't see them.

The Perfect Storm for PAM to Grow In

With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.

Proposed Sale Casts Cloud Over Future of FireEye's Products

Symphony Technology Group, which is buying FireEye, already owns multiple security companies "with redundancies in numerous areas."

Google Experts Explore Open Source Security Challenges & Fixes

An open source security event brought discussions of supply chain security and managing flaws in open source projects.

NY & Mass. Transportation Providers Targeted in Recent Attacks

New York's Metropolitan Transportation Authority and the Steamship Authority of Massachusetts were both victims of cyberattacks.

REvil Behind JBS Ransomware Attack: FBI

Officials attribute the attack to REvil/Sodinokibi and say they are working to bring the threat actors to justice.

The True Cost of a Ransomware Attack

Companies need to prepare for the costs of an attack now, before they get attacked. Here's a checklist to help.

The Colonial Pipeline Attack Is Your Boardroom Wake-Up Call

Why business leaders must adopt a risk-led approach to cybersecurity.

Phishing Emails Remain in User Inboxes Over 3 Days Before They're Removed

Most malicious emails get blocked, but the ones that get through linger around dangerously long, a new study shows.

FireEye Sells Products Business to Symphony Group for $1.2B

The transaction will include the FireEye brand name; the business that remains will be called Mandiant Solutions.

Encryption Helps Companies Avoid Breach Notifications

With nearly twice as many firms suffering a breach compared with the previous year, limiting the damage becomes more important, a survey finds.

Microsoft Buys ReFirm Labs to Drive IoT Security Efforts

The acquisition will bring ReFirm's firmware analysis capabilities alongside Microsoft's Azure Defender for IoT to boost device security.

A View From Inside a Deception

Pen-testing today's threat deception technology is not for the faint-hearted. Do modern deception tools truly frustrate adversaries, and are they ready for the enterprise SOC?

Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in

The plug-in under active attack has been installed on more than 17,000 websites, say researchers.

Is Your Adversary James Bond or Mr. Bean?

Especially with nation-state attacks, its critical to assess whether you're up against jet fighter strength or a bumbler who tries to pick locks.

Microsoft 365: Most Common Threat Vectors & Defensive Tips

Security pros discuss the most typical ways attackers leverage Microsoft 365 and share their guidance for defenders.

Chaos for the Sake of Chaos? Yes, Nation-States Are That Cynical

Many nation-state-backed attacks are intended to destabilize the US government, not steal from it.

Processor Morphs Its Architecture to Make Hacking Really Hard

Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.

US Seizes Attacker Domains Used in USAID Phishing Campaign

The move follows last week's disclosure of an ongoing attack designed to mimic emails from the US Agency for International Development.

New Barebones Ransomware Strain Surfaces

The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts.

Meat Producer JBS USA Hit By Ransomware Attack

The company says recovery from the attack may delay transactions with customers and suppliers.

Return to Basics: Email Security in the Post-COVID Workplace

As we reimagine the post-pandemic workplace, we must also reevaluate post-pandemic email security practices.

Name That Edge Toon: In Tow

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

CISO Confidence Is Rising, but Issues Remain

New research reveals how global CISOs dealt with COVID-19 and their plans for 2022-2023.

Cybersecurity Group Hopes to Push 30 More National Priorities

The Cyberspace Solarium Commission worked with legislators and the Trump administration to get 27 recommendations implemented in policy last year. It's aiming for 30 more in 2021.