Third-Party Software Risks Grow, but So Do Solutions

Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.

Insider IP Theft Is Surging — and Most Can't Stop It

The Great Resignation is upon us, and insider IP theft is surging as a result. But it is a solvable problem.

Should Our Security Controls Be More Like North Korea or Norway?

When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.

New Application Security Toolkit Uncovers Dependency Confusion Attacks

The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.

Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months

Russian-speaking "Void Balaur" group's victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.

ChaosDB: Researchers Share Technical Details of Azure Flaw

Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.

Firms Will Struggle to Secure Extended Attack Surface in 2022

Companies are relying more heavily on third parties, remote employees, and partners, expanding their attack surface area beyond traditional boundaries.

SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike

Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.

SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks

Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.

Defining the Hierarchy of Value in Cyber Intelligence

One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.

CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery

The exercise included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making; roles and responsibilities during investigations; communication with first responders; and public messaging before and following an incident.

4 Tips to Secure the OT Cybersecurity Budget You Require

OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it's too late.

Securing the Public: Who Should Take Charge?

International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.

Researcher Details Vulnerabilities Found in AWS API Gateway

AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.

Dark Reading Video News Desk Comes to Black Hat Europe

While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.

Microsoft Fixes Exchange Server Zero-Day

November security update contains patches for 55 bugs — including six zero-days across various products.

Are You Planning for the Quantum, Transhumanist Threat?

Breaking encryption in a day and hacking without visible devices are two threats that could become a reality in the next decade and beyond, experts say.

Why Self-Learning AI Is Changing the Paradigm of ICS Security

By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat.

Zoho ManageEngine Flaw Highlights Risks of Race to Patch

Attackers used a pre-auth vulnerability in a component of the enterprise management software suite to compromise businesses, highlighting the dangers of Internet-facing software.

How to Minimize Ransomware's Trail of Destruction and Its Associated Costs

One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.

83% of Critical Infrastructure Organizations Suffered Breaches, 2021 Cybersecurity Research Reveals

Supply chain and third-party risk is a major threat to operational technology.

SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum

The new capital will fuel the company's plans to expand its market footprint to new geographies and evolve its offerings in response to client needs.

The State of the CISO

Dark Reading survey shows security officer influence is on the rise.

Building Bridges to a More Secure Hybrid Workplace

Wherever workers choose to do their jobs, they need technology that's unobtrusive, secure by design, and intuitive to use.

Edge Chat With Cisco Secure CTO TK Keanini on Achieving Better Security Outcomes

Now is the time for organizations to rethink their security strategies with a platform- and architecture-based approach in mind. Keanini explains.

UL Launches SafeCyber Platform to Secure IoT

UL’s SafeCyber will allow organizations to manage cybersecurity governance and processes as well as speed up time spent on firmware development.

US Charges Ukrainian National for Kaseya Ransomware Attack

Yaroslav Vasinskyi is one of seven individuals believed to be responsible for deploying REvil ransomware in attacks against 5,000 organizations.

What Security Strategies Are Driving InfoSec's Decisions Around Defense?

The data shows security leaders are focusing on multilayered defenses, including multifactor authentication, threat intelligence, and incident response.

Investor Group to Acquire McAfee for $14B

The group, made up of Advent, Permira, Crosspoint Capital, CPP Investments, GIC, and ADIA, will take ownership of McAfee.

What My Optometrist Taught Me About InfoSec Presentations

A broken pair of eyeglasses brings into focus an important lesson about how to tailor security messages to the right audience.

Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint

Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solution

Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated

The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.

Banking Malware Threats Surging as Mobile Banking Increases – Nokia Threat Intelligence Report

The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.

Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy

Through this latest acquisition, the company adds two more California locations.

Could Cyber Diplomacy Be the Ultimate Answer to American Ransomware Woes?

Incentives for good conduct and deterrents for bad behavior in cyberspace are impossible to effectively establish and enforce without international collaboration and commitment.

3 Ways to Deal With the Trojan Source Attack

These scripts and commands provide short-term fixes for blocking the Trojan Source attack that abuses Unicode to inject malicious backdoors int source code.

SecureAuth Buys Acceptto to Deliver Low-Friction Authentication to Enterprises

Acceptto’s contextual behavior threat intelligence technology will help SecureAuth deliver AI-driven MFA and continuous password-less authentication, SecureAuth says.

US Defense Contractor Discloses Data Breach

Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.

Who's Minding Your Company's Crypto Decisions?

Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment.

How InfoSec Should Use the Minimum Viable Secure Product Checklist

Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.

To Secure DevOps, Security Teams Must be Agile

The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.

4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks

The first step in improving your cybersecurity is understanding your risk of attack.

How Is Zero Trust Different From Traditional Security?

Unlike traditional security approaches, the zero-trust security model verifies a user's identity each and every time they need specific system access.

API Security Issues Hinder Application Delivery

A new survey explains why nearly all organizations experience API security problems to varying degrees.

Ripping Off the Blindfold: Illuminating OT Environments

A security tool that monitors OT devices can't disrupt operations. This is why the Self-Learning AI acts only on information obtained by passive monitoring of the network.

US Offers $10M Reward For ID, Location of DarkSide Leadership

The State Department offers multimillion-dollar rewards for information related to the leaders and members involved in DarkSide ransomware.

Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents

It's the latest in a series of clever brand impersonation scams that use multiple vectors to lure victims.

Coalfire Expands Application Security Vision With Major Upgrade to Application Security Platform, ThreadFix

ThreadFix v3.1 delivers fastest speed for AppSec automation and remediation.

Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance

The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.

Having Trouble Finding Cybersecurity Talent? You Might Be the Problem

Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.

How to Avoid Another Let's Encrypt-Like Meltdown

Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.

Researchers Scan the Web to Uncover Malware Infections

Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.

CISA Issues New Directive for Patching Known Exploited Vulnerabilities

The goal is to reduce civilian federal agency exposure to attacks that threat actors are actively using in campaigns, agency says.

5 MITRE ATT&CK Tactics Most Frequently Detected by Cisco Secure Firewalls

Cisco Security examines the most frequently encountered MITRE ATT&CK tactics and techniques.

Cloud Data Security Startup Launches

TrustLogix aims to streamline and simplify data governance in the cloud.

Where Is Cloud Permissions Management Headed?

Cloud permissions management emerged as a standalone cloud security technology but is quickly becoming part of a broader set of capabilities

US Blacklists Israeli Firms NSO Group and Candiru

The US Commerce Department has also added Russia's Positive Technologies and Singapore's Computer Security Initiative Consultancy.

Infosec and Business Alignment Lowers Breach Cost, Boosts Security

As attacks and security budgets continue to rise, data shows the most secure organizations are the ones that strike a security-business balance.

Is Sandboxing Dead?

Organizations should start to evaluate other security measures to replace or complement the once-venerable security sandbox.

Valtix Delivers Free Cloud Security for Departmental, Development, and Test Applications

Company aims to make cloud network security more accessible to all organizations.