Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
By Tara Seals, Managing Editor, News, Dark Reading
It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
By Robert Lemos, Contributing Writer, Dark Reading
A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?
Titaniamβs βState of Data Exfiltration & Extortion Reportβ also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands.
An unauthenticated remote code execution vulnerability found in Zohoβs compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.
See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures β but were busted by AI.
By Andrew Braunberg, Principal Analyst, SecOps, Omdia
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.
By Yaniv Sazman, Lead Product Manager, F5 NGINX and OSS Security, F5 Networks
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services β plus fixes for them where available.
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
By Ericka Chickowski, Contributing Writer, Dark Reading
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable β but is "attackability" the best method for prioritizing bugs?
By John Whelan, Senior Director of Product Management, AppOmni
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
Bronze Starlightβs use of multiple ransomware families and its victim-targeting suggest thereβs more to the groupβs activities than just financial gain, security vendor says.
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
By Tara Seals, Managing Editor, News, Dark Reading
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.