WhiteHat Security Rebrands as NTT Application Security

The name change follows NTT Security Corporation's acquisition of WhiteHat in 2019.

Name That Edge Toon: Security Grill

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

CISA Updates CSET Tool for Ransomware Defense

A new module provides a set of practices to help organizations assess how well-equipped they are to defend and recover from ransomware.

NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs

Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.

Why Are There Never Enough Logs During an Incident Response?

Most security pros believe their responses could be dramatically quicker were the right logs available, and usually they're not.

Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats

One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.

SentinelOne Starts Trading on NYSE, Raises $1.2B in IPO

IPO is the highest valued in cybersecurity history, according to reports.

SMB Worm Targeting EternalBlue Vuln Spreads to US

"Indexsinas" is the latest threat designed to exploit Windows servers that remain vulnerable to an NSA-developed exploit Microsoft patched more than four years ago.

Impersonation Becomes Top Phishing Technique

A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.

MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities

A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.

Attackers Already Unleashing Malware for Apple macOS M1 Chip

Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.

Intl. Law Enforcement Operation Takes Down DoubleVPN

The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.

Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?

Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.

9 Hot Trends in Cybersecurity Mergers & Acquisitions

Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.

Google Updates Vulnerability Data Format to Support Automation

The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.

Ransomware Losses Drive Up Cyber-Insurance Costs

Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.

CISA Publishes Catalog of Poor Security Practices

Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.

Survey Data Reveals Gap in Americans' Security Awareness

Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.

Technology's Complexity and Opacity Threaten Critical Infrastructure Security

Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.

3 Ways Cybercriminals Are Undermining MFA

Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

Rogue driver was distributed within gaming community in China, company says.

Attacks Erase Western Digital Network-Attached Storage Drives

The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.

New House Bill Aims to Drive Americans' Security Awareness

The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.

Microsoft Tracks Attack Campaign Against Customer Support Agents

The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.

An Interesting Approach to Cyber Insurance

What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.

The Danger of Action Bias: Is It Always Better to Act Quickly?

Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.

The Role of Encryption in Protecting LGBTQ+ Community Members

The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.

New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says

Redmond's latest OS will run only on systems with TPM 2.0 chips.

Amazon Acquires Secure Messaging Platform Wickr

AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.

Data Privacy Is in 23andMe CSO's DNA

How serious is the company about safeguarding its customers and their genetic information? "We're hiding data even from ourselves," says the biotech and genetic testing company's head of security.

School's Out for Summer, but Don't Close the Book on Cybersecurity Training

Strengthening their security posture should be at the top of school IT departments' summer to-do list.

High-Level FIN7 Member Sentenced to 7 Years in Prison

Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.

7 Unconventional Pieces of Password Wisdom

Challenging common beliefs about best practices in password hygiene.

74% of Q1 Malware Was Undetectable Via Signature-Based Tools

Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.

D3FEND Framework Seeks to Lay Foundation for Cyber Defense

The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.

Tulsa Officials Warn Ransomware Attackers Leaked City Files

The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.

Boardroom Perspectives on Cybersecurity: What It Means for You

Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.

Storms & Silver Linings: Avoiding the Dangers of Cloud Migration

We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?

John McAfee, Creator of McAfee Antivirus Software, Dead at 75

McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.

rMTD: A Deception Method That Throws Attackers Off Their Game

Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.

79% of Third-Party Libraries in Apps Are Never Updated

A lack of contextual information and concerns over application disruption among contributing factors.

VMs Help Ransomware Attackers Evade Detection, but It's Uncommon

Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.

Microsoft Tracks New BazaCall Malware Campaign

Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.

New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies

Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.

Survey Seeks to Learn How 2020 Changed Security

Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.

When Will Cybersecurity Operations Adopt the Peter Parker Principle?

Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.

Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021

Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.

Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO

A new report suggests that top management at most companies still don't get security.

Transmit Security Announces $543M Series A Funding Round

The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.

Chart: Strength in Numbers

More companies are heeding expert advice to beef up their incident-response teams.

NSA Funds Development & Release of D3FEND Framework

The framework, now available through MITRE, provides countermeasures to attacks.

Identity Eclipses Malware Detection at RSAC Startup Competition

All 10 finalists in the Innovation Sandbox were focused on identity, rather than security's mainstay for the last 20 years: Malware detection.

7 Powerful Cybersecurity Skills the Energy Sector Needs Most

Those looking to join the fight might want to polish up or acquire some (or all) of these hottest skills on the market.

Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started

Don't overlook crisis communications in your cybersecurity incident response planning.

Did Companies Fail to Disclose Being Affected by SolarWinds Breach?

The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.

Software-Container Supply Chain Sees Spike in Attacks

Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.

Data Leaked in Fertility Clinic Ransomware Attack

Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.

Baltimore County Public Schools' Ransomware Recovery Tops $8M

The school district has spent seven months and a reported $8.1 million recovering from the November attack.

Fintech at SaaS Speed