Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
By Tara Seals, Managing Editor, News, Dark Reading
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.
Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.
By Ericka Chickowski, Contributing Writer, Dark Reading
Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.
New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.
A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.
Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.
According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.
This year's finalists tackle such vital security concerns as permissions management, software supply chain vulnerability, and data governance. Winners will be announced June 6.
Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.
By Alex Lisle, Chief Technology Officer, Kryptowire
Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.
By Jordan Kendall, President, Security Compass Advisory
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.
NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
By Fahmida Y. Rashid, Managing Editor, Features, Dark Reading
Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.