Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
By Fahmida Y. Rashid, Managing Editor, Features, Dark Reading
Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.
In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.
By Storm Swendsboe, Director of Intelligence, SafeGuard Cyber
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.
By Andrew Useckas, Chief Technology Officer and Co-Founder, ThreatX
Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.
It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.
By Tara Seals, Managing Editor, News, Dark Reading
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.
Multi-million-pound commitment will empower everyone from recent graduates to career changers to IT professionals in the UK to begin a successful career in cybersecurity.
By John Anthony Smith, Chief Listening Officer, CEO, & Founder, Conversant Group/Fenix 24
Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.
By Robert Lemos, Contributing Writer, Dark Reading
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
Enables organizations to provide simple, secure access to the private and public cloud or Web-based corporate apps that workers using unmanaged devices need for their work.
By Cathal Mc Daid, CTO, AdaptiveMobile Security, an Enea Company
Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience.
MDR Sentinel expands TorchLightβs leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status
Even with dedicated identity management tools at their disposal, many companies β smaller ones especially β are sticking with email and spreadsheets for handling permissions.
By Robert Lemos, Contributing Writer, Dark Reading
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS β and about 97% of software does β will gain more data on security.
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
By Richard Searle, Vice President of Confidential Computing, Fortanix
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
By Robert Lemos, Contributing Writer, Dark Reading
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.
By Tara Seals, Managing Editor, News, Dark Reading
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness β and getting others in the organization to listen.
By Tara Seals, Managing Editor, News, Dark Reading
The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.
Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.