7 Essentials for More Security-Aware Design Automation

Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.

AppSec Startup Cider Security Emerges from Stealth to Tackle SDLC Challenges

Cider Security tackles the No. 1 problem in application security -- finding and fixing vulnerabilities in code quickly -- by increasing visibility over code development and deployment.

8 More Women in Security You May Not Know but Should

Dark Reading highlights women who are quietly changing the game in cybersecurity. We also revisit some of those we've spoken to in the past to see what they're up to now.

Breaking the Bias for International Women’s Day 2022

The theme of International Women’s Day 2022 is "Break the bias." This is what #BreaktheBias means to me.

Trio of Vendors Offer Free Services to Organizations at Risk of Russian Cyberattacks

CrowdStrike, Cloudflare, and Ping Identity have teamed up with tools and services for the healthcare, power, and water industries as a way to quickly bolster their security on several fronts.

Google in Talks to Acquire Mandiant

Last month, Microsoft was interested in buying Mandiant. Now, it's Google that is looking at a deal to boost Google Cloud.

Name That Edge Toon: Animal Instincts

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Roqos Gets Patent For Game-changing VPN Technology, OmniVPN™

OmniVPN™, a VPN technology that allows connections over any network access including CGNAT, multiple NATs, private IP addresses, cellular and satellite routers is now patented.

Coalfire Launches Application Security Solutions Powered by ThreadFix Program

New capabilities bring scale, simplicity, and 40% productivity gains to enterprise SSDLC programs

CardinalOps Raises $17.5M Series A for Threat Coverage Optimization

CardinalOps takes on the challenge of identifying and remediating riskiest gaps in threat detection coverage, powered by AI and crowd-sourced best practices.

ConnectWise Expands Collaboration with Intel to Further Strengthen Cybersecurity for SMBs

Combined technology mitigates loss with improved detection of ransomware and cryptojacking attacks.

Samsung Source Code Compromised in Hack

Mobile vendor confirms that some source code used with its Galaxy devices was breached.

Industrial Systems See More Vulnerabilities, Greater Threat

The makers of operational technology and connected devices saw reported vulnerabilities grow by half in 2021, but other trends may be more disturbing.

Why the World Needs a Global Collective Cyber Defense

This sort of approach would enable cross-company and cross-sector threat information sharing, an effort that would allow companies to easily turn data into actionable insights.

After a Busy December, Attacks on Log4j Vulnerability Dropped

While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services.

More Than 70% of SOC Analysts Experiencing Burnout

Nearly 65% of security operations center (SOC) analysts are likely to change jobs in the next year, survey shows.

Companies Can't Just Train Their Way to More Secure Endpoints

Criminals will keep stealing end-user credentials despite employee awareness, so organizations need high-tech solutions as well.

Most Cybersecurity Vendors at Risk Due to Internet-Exposed IT Assets

Study shows more than 97% have exposed assets on AWS — among a wide range of other issues.

Diversified Search Group Acquires Alta Associates

The firm continues rapid growth with the addition of industry-recognized experts on cybersecurity, data privacy, and IT risk management talent.

Vade Releases 2021 Phishers' Favorites Report

Vade's annual phishing report reveals a sharp rise in Facebook phishing and growing sophistication in Microsoft phishing attacks.

DORA's Global Reach and Why Enterprises Need to Prepare

The new EU regulation is a response to the rise of ransomware attacks and other new cyberthreats that have proliferated in the wake of the global pandemic.

Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response

Threat actors have focused on two ends of the spectrum — quick, impactful attacks or stealthy intrusions — making strong prevention and faster response more important for enterprises.

Cybersecurity Mesh Architecture: Hope or Hype?

Gartner has touted CSMA as one of the top technology trends for this year. But what is it really?

8-Character Passwords Can Be Cracked in Less than 60 Minutes

Researchers say passwords with less than seven characters can be hacked "instantly."

Cybersecurity Platform CrowdSec Expands Into the United States

CrowdSec is launching a new solutions stack, comprised of three main products: CrowdSec Agent, CrowdSec Console, and CrowdSec Threat Intelligence.

Palo Alto Networks Introduces PAN-OS 10.2 Nebula

Software collects, analyzes, and interprets potential zero-day threats in real time using inline deep learning.

Attivo Expands Active Directory Protection from Unmanaged Devices, Including Mac, Linux, IoT/OT

Attivo Networks ADSecure-DC solution joins the company’s existing suite of Active Directory protection products.

Hundreds of Open Source Components Could Undermine Security, Census Finds

The Linux Foundation and Harvard University create lists of the top 500 most popular open source projects, highlighting critical software that needs to be secured.

How to Get One Step Ahead of Mobile Attacks

The advent of so-called "dropper" apps, which deliver and install malware that can also be later updated, is an emerging threat vector for mobile users.

How Retailers Can Address 'Buy Now, Pay Later' Fraud

As BNPL platforms grow in popularity, experts warn that cybercriminals could target them using synthetic identity fraud and first-party fraud.

Salt Security State of API Security Report Reveals API Attacks Increased 681% in the Last 12 Months

Key findings show API attack traffic grew at more than twice the rate of non-malicious traffic, and API security concerns are inhibiting innovation for two-thirds of organizations.

7 Ways to Secure Collaboration Tools in Your Organization

The push to embrace Slack, Teams, and Zoom at work comes with new security risks for organizations.

Researchers Devise Attack for Stealing Data During Homomorphic Encryption

A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.

Companies' Code Leaking More Passwords and Secrets

Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.

Protecting Field Programmable Gate Arrays From Attacks

FPGAs can be part of physical systems in the aerospace, medical, or industrial fields, so a security compromise can be potentially serious.

Log4Shell Makes the Case for Runtime Application Self-Protection

Dive into the case for RASP to combat Log4Shell and why Web app firewalls aren't great for these types of attacks.

3 Ways to Expand Gender Diversity in Cybersecurity

Why this is important: A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas.

Ordr Launches Clinical Defender to Streamline Management of Connected Medical Devices

Ordr Clinical Defender, running on the new Ordr 8 Software release, provides focused, actionable, and accurate HTM insights and workflows.

Reduce Risk With Better Cyber Due Diligence

Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.

NeuraLegion Rebrands as Bright Security

Also announces $20 million Series A funding round led by Evolution Equity Partners.

Cyberattacks in Ukraine Could Soon Spillover to Other Countries

Email-borne attacks out of Russia have already targeted at least a few US and European organizations.

IRONSCALES Expands Product Offering Across Email, Communication Platforms

New solutions protect customers from expanding threats to cybersecurity landscape.

What Do I Need to Know for SaaS Security?

Most importantly, someone needs to step forward and take it on as their job.

Darktrace Forms New U.S. Federal Division to Assist With Global Cyberthreats

Sally Kenyon Grant has been appointed as VP of Darktrace Federal, leading initiatives supporting U.S. government cybersecurity operations.

Why the Shifting Nature of Endpoints Requires a New Approach to Security

Endpoints have evolved, and legacy defenses aren't doing enough to keep them secure.

Beyond the Hype: AI's Future in Defensive Cybersecurity

Hybridizing signatures with artificial intelligence is making a significant difference in our ability to detect cyberattacks, including ransomware.

CISO Checklist for Offboarding Security Staff

The Great Resignation strikes cybersecurity teams, too. Here's a checklist for CISOs to ensure security is retained even when security staff is not.

Toyota Halts Production After Suspected Supply Chain Attack

Toyota suspends production at all 14 plants in Japan after a supplier reported being hit by "some kind of cyberattack."

KnowBe4 Research: Half of Employees Use Unauthorized File Services to Complete Work

Report examines the prevalence of two common insecure practices.

Deep Instinct 2022 Threat Landscape Report Finds 125% Increase in Threat Types and Novel Evasion Techniques

The Deep Instinct Threat Research team monitored attack volumes and types and extrapolated their findings to predict where the future of cybersecurity is heading, determine what motivates attackers, and lays out the steps organizations can take now in order to protect themselves in the future.

Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform

Invicti SCA enables users to track and secure open-source components to reduce security risk.

Phishing Attack in Ukraine Could be Prelude to Disinformation Campaign

Ukraine military personnel being targeted with mass phishing emails, country's CERT warns.

Researchers Warn of Stealthy Chinese Backdoor Targeting Multiple Foreign Agencies

A stealthy backdoor program used by China-linked threat actors has targeted government computers at multiple foreign agencies, allowing attackers to retain a presence on sensitive networks and exfiltrate data while remaining undetected.

Companies Borrow Attack Technique to Watermark Machine Learning Models

Researchers continue to improve on a technique for embedded crafted outputs into machine-learning models, an anti-copying technique originally thought up by adversarial researchers.

How to Boost Shift-Left Security in the SDLC

Organizations will see big wins from applying security controls early in the development life cycle.

7 Steps to Take Right Now to Prepare for Cyberattacks by Russia

A lot of the recommended preparation involves measures organizations should have in place already.

Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT

Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.

Top 5 Interview Questions to Ask DevOps Candidates in 2022

It's worthwhile to find candidates who have experience with models that embed security into their processes.

The Future of Cyber Insurance

Having cyber insurance is a good idea if the costs make sense — it could be the difference between going out of business and staying afloat. But it shouldn't be your first course of action.

Putting the X Factor in XDR

While extended detection and response (XDR) is effectively considered an upgrade from endpoint detection and response, enterprises must still begin with a strong EDR foundation.