You Can't Opt Out of Citizen Development

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Name That Toon: Knives Out

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.

How to Turn a Coke Can Into an Eavesdropping Device

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

US Agrees to International Electronic Cybercrime Evidence Swap

The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.

CISO Shares Top Strategies to Communicate Security's Value to the Biz

In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.

Black Hat Asia: Democracy's Survival Depends on Taming Technology

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.

How to Avoid Falling Victim to PayOrGrief's Next Rebrand

The group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

Black Hat Asia: Firmware Supply Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

3 Predictors of Cybersecurity Startup Success

Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

Egnyte Enhances Program for Managed Service Providers

Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.

StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.

Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.

Needs Improvement: Scoring Biden's Cyber Executive Order

One year after it was issued, has President Biden's Cyber Executive Order had an impact?

How Can Your Business Defend Itself Against Fraud-as-a-Service?

By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

5 Years That Altered the Ransomware Landscape

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

Google Will Use Mobile Devices to Thwart Phishing Attacks

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Nokia Opens Cybersecurity Testing Lab

The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.

On the Air With Dark Reading News Desk at Black Hat Asia 2022

This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.

PlainID Debuts Authorization-as-a-Service Platform

Platform powered by policy-based access control (PBAC).

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.

Ready, IAM, Fire: How Weak IAM Makes You a Target

Proper identity and access management configuration serves as an effective starting point for organizations looking to secure their cloud infrastructure.

Microsoft Simplifies Security Patching Process for Exchange Server

Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.

Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier

Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.

Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme

.

Fraudulent 'Bot-driven' College Enrollment up 50%, New Study Finds

.

NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

International cybersecurity authorities issue guidance to help information and communications service providers secure their networks.

Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)

The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).

Top 6 Security Threats Targeting Remote Workers

Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.

Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data

Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.

Breaking Down the Strengthening American Cybersecurity Act

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

Quantum Ransomware Strikes Quickly, How to Prepare and Recover

NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.

Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.

SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies

Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

The Danger of Online Data Brokers

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Vanity URLs Could Be Spoofed for Social Engineering Attacks

Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.

Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

US Pledges to Help Ukraine Keep the Internet and Lights On

US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.

Lincoln College Set to Close After Crippling Cyberattack

COVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.

Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler

Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.

Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting

New research-focused division focused on advancing innovation in the field of security operations.

5-Buck DCRat Malware Foretells a Worrying Cyber Future

The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.

Onapsis Announces New Offering to Jumpstart Security for SAP Customers

Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .

Mastering the New CISO Playbook

How can you safeguard your organization amid global conflict and uncertainty?

How to Check If Your F5 BIG-IP Device Is Vulnerable

This Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.

Joker, Other Fleeceware Surges Back Into Google Play

The infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services.

Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks

Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.

5 Tips to Protect Your Career Against a Narcissist

When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.

NFTs Emerge as the Next Enterprise Attack Vector

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.

Deloitte Launches Expanded Cloud Security Management Platform

The CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services.