See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures β but were busted by AI.
By Andrew Braunberg, Principal Analyst, SecOps, Omdia
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.
By Yaniv Sazman, Lead Product Manager, F5 NGINX and OSS Security, F5 Networks
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services β plus fixes for them where available.
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
By Ericka Chickowski, Contributing Writer, Dark Reading
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable β but is "attackability" the best method for prioritizing bugs?
By John Whelan, Senior Director of Product Management, AppOmni
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
Bronze Starlightβs use of multiple ransomware families and its victim-targeting suggest thereβs more to the groupβs activities than just financial gain, security vendor says.
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
By Tara Seals, Managing Editor, News, Dark Reading
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
Organizations may not frequently encounter malware targeting cloud systems or networking equipment, but the array of malware they do encounter just occasionally is no less disruptive or damaging. That is where the focus needs to be.
By Tara Seals, Managing Editor, News, Dark Reading
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
Data Processing and Infrastructure Processing Units β DPU and IPU β are changing the way enterprises deploy and manage compute resources across their networks.
Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties.