Unlocking the Cybersecurity Benefits of Digital Twins

Security pros can employ the technology to evaluate vulnerabilities and system capabilities, but they need to watch for the potential risks.

EU & US Unite to Fight Ransomware

A working group of European and US officials meet at The Hague to collaborate on ransomware operations and strategies.

RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.

CISOs Gain False Confidence in the Calm After the Storm of the Pandemic

While CISOs may feel more confident in their security posture emerging from the pandemic, new research suggests that doesn't mean organizations are better prepared for large-scale attacks.

Are You Hiring Enough Entry-Level Security Pros?

New (ISC)² survey shows employment levels for entry-level cyber pros lag behind every other experience level.

How Should I Think About Security When Considering Digital Transformation Projects?

Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.

Cisco’s Ash Devata on the Future of Secure Access

Ash Devata, Vice President & General Manager, Cisco Zero Trust and Duo Security, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the future of secure access.

7 Ways to Bring AI to Cybersecurity

Academic researchers are developing projects to apply artificial intelligence to detect and stop cyberattacks and keep critical infrastructure secure, thanks to grants from the C3.ai Digital Transformation Institute.

'Hertzbleed' Side-Channel Attack Threatens Cryptographic Keys for Servers

A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.

Critical Citrix Bugs Impact All ADM Servers, Agents

Citrix ADM vulnerabilities could lead to admin password reset and disruption of ADM license service, company warns.

Two Platforms to Rule Them All: CNAPP and SASE

As the public cloud matures, enterprises are converging on two platforms that meet their workload protection needs via a strategy based on zero-trust security.

Thousands Arrested in Global Raids on Social-Engineering Scammers

Interpol says it busted fraudsters who were operating call centers for romance scams, get-rich-quick schemes, and more.

How Information Security Teams Can Help Reduce Stress and Burnout

Work across the organization and take practical steps to ease user stress — prioritize user productivity by offering the right tools to avoid shadow IT and cultivate a transparent security culture. Remember the security team, too, and automate as many processes as possible.

Cybercriminals Capitalizing on Resurgence in Travel

Multiple cybercrime groups have been spotted selling stolen credentials and other sensitive personal information pilfered from travel-related websites.

Wormable Panchan Peer-to-Peer Botnet Harvests Linux Server Keys

The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.

Why We Need Security Knowledge and Not Just Threat Intel

Organizations that can break out of siloed data and apply context can transform intelligence into actionable, relevant security knowledge.

24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far

Username and password combinations offered for sale on the Dark Web by criminals has increased 65% since 2020.

Veterans Explain How Military Service Prepared Them for Cybersecurity Careers

The ability to handle intense pressure is just one of the skills that veterans bring to corporate cybersecurity work.

In Case You Missed RSA Conference 2022: A News Digest

Here's a rundown of Dark Reading's reporting and commentary from and surrounding the first in-person RSA Conference since the pandemic began in 2020.

Microsoft Patches 'Follina' Zero-Day Flaw in Monthly Security Update

Here are which Microsoft patches to prioritize among the June Patch Tuesday batch.

DDoS Subscription Service Operator Gets 2 Years in Prison

The distributed denial-as-a-service websites were behind more than 200K attacks on targets including schools and hospitals.

Quantifying the SaaS Supply Chain and Its Risks

Organizations do not have good visibility into all the software-as-a-service applications that connect to and access data stored in core business.

Incognia Introduces Location-Based Liveness Spoofing Detection Solution

Mobile apps that rely on facial recognition for identity proofing can now detect fraudulent attempts to fake liveness.

Google: SBOMs Effective Only if They Map to Known Vulns

SBOMs should be connected with vulnerability databases to fulfill their promise of reducing risk, Google security team says.

Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign

"Aoqin Dragon" has been operating since at least 2013, with targets including government and telecommunications companies in multiple countries.

How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat?

Martyn Ryder from Morphean explains why forging trusted partnerships is integral to the future of physical security in a world of networks, systems, and the cloud.

Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration

Service ingests AWS, GCP and Microsoft Azure data.

Beware the 'Secret Agent' Cloud Middleware

New open source database details the software that cloud service providers typically silently install on enterprises' virtual machines — often unbeknownst to customers.

Understanding and Mitigating Single Sign-on Risk

SSO's one-to-many architecture is both a big advantage and a weakness.

Corel Acquires Awingu

The combination of Awingu and the Parallels Remote Application Server platform will enable end users to securely work from anywhere, at any time, on any device, or OS.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

Kaiser Permanente Breach Exposes Data on 70K Patients

Employee email compromise potentially exposed patients' medical information, including lab test results and dates of services.

Exposed Travis CI API Leaves All Free-Tier Users Open to Attack

Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.

In Security, Less Is More

Cut away everything that costs more attention, storage, or time than its impact is worth.

Darktrace's Tony Jarvis on Shifting Security Gears as We Move to the Cloud

In this new episode of Tech Talks, Darktrace's Tony Jarvis and Dark Reading's Terry Sweeney discuss how to protect networks after the death of the perimeter.

3 Big Takeaways From the Verizon DBIR 2022

The annual report is always filled with useful security information. Here are several of the most important lessons from this year's edition.

DoS Vulnerability Allows Easy Envoy Proxy Crashes

The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers.

Security Leaders Discuss Industry Drivers at Dark Reading's News Desk at RSAC 2022

Tune into Dark Reading's News Desk interviews with the industry’s leaders, discussing news and hot topics, such as this year’s "Transofrm" theme, at RSA Conference 2022 in San Francisco

CrowdStrike Introduces Humio for Falcon, Redefining Threat Hunting with Unparalleled Scale and Speed

Humio for Falcon provides long-term, cost-effective data retention with powerful index-free search and analysis of enriched security telemetry across enterprise environments

Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry

A Linux-based banking Trojan is a master at staying under the radar.

CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots

CrowdStrike Asset Graph provides unprecedented visibility of assets in an IT environment to optimize cyber defense strategies and manage risk.

CrowdStrike Adds Strategic Partners to CrowdXDR Alliance and Expands Falcon XDR Capabilities

New CrowdXDR Alliance partners include Menlo Security, Ping Identity, and Vectra AI.

EU Debates AI Act to Protect Human Rights, Define High-Risk Uses

The commission argues that legislative action is needed to ensure a well-functioning market for AI systems that balances benefits and risks.

How to Blunt the Virulence of the New Ransomware

Halcyon's Jon Miller joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss how to mitigate ransomware.

How to Secure a High-Profile Event Like the Super Bowl

Cisco's TK Keanini and the NFL's Tomás Maldonado join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about end-to-end security.

Application Security Testing Is on the Mend With Automated Remediation

Mend's Arabella Hallawell joins Dark Reading's Terry Sweeney at Dark Reading News Desk at RSA Conference to talk about the benefits of automated remediation.

New Linux Malware 'Nearly Impossible to Detect'

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities.

Mitigating the Security Skills Shortage

Panther Labs' Jack Naglieri joins Dark Reading's Terry Sweeney at Dark Reading News Desk at RSA Conference to discuss how to improve hiring and training.

A Few Simple Ways to Transform Your Cybersecurity Hiring

Raytheon Intelligence & Space's Jon Check joins Dark Reading's Terry Sweeney at Dark Reading News Desk at RSA Conference to talk about how hiring must change.

Artificial Intelligence and Security: What You Should Know

Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.

How 4 Young Musicians Hacked Sheet Music to Help Fight the Cold War

In 1985, a group of klezmer musicians from the US rendezvoused with underground dissidents in Tbilisi, Georgia. This is the story of how they pulled it off with homebrew cryptography.

In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities

Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.

Design Weakness Discovered in Apple M1 Kernel Protections

The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel.

Sysdig Takes a Deeper Cut at Cloud Security

Sysdig's Omer Azaria joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about cloud security.

Noname: Proactiveness Is the Name of the Game in App Security

Noname Security's Shay Levi joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about making code more secure.

Lacework Blends Artificial Intelligence and Automation to Bolster Cloud Security

Lacework's Mark Nunnikhoven joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about AI and cloud security.

Prevent Breaches and Malware With Proactive Defenses

Darktrace's Mike Beck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about risk management.

DigiCert Acquires DNS Made Easy

The certificate management company plans to integrate DNS services throughout its portfolio.

Identity-First Security Helps Reduce and Neutralize Enterprise Threats

Okta's Marc Rogers and Auth0's Jameeka Aaron join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about remote work security.

Emotet Banking Trojan Resurfaces, Skating Past Email Security

The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.