By Elizabeth Montalbano, Contributor, Dark Reading
Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.
State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.
By Sergej Dechand, CEO and Co-Founder, Code Intelligence
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
By Robert Lemos, Contributing Writer, Dark Reading
A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.
By Tara Seals, Managing Editor, News, Dark Reading
The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.
By Robert Lemos, Contributing Writer, Dark Reading
The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
By Elizabeth Montalbano, Contributor, Dark Reading
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.
By Elizabeth Montalbano, Contributor, Dark Reading
AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names.
By David Fairman, Chief Information Officer and Chief Security Officer APAC, Netskope
By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk β and better counter threats.
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?
By Mark Pelkoski, Senior Director of Solutions Architecture USA, CYE
High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.
Latest release gives small and mid-sized enterprises AI-driven analysis tools and unified visibility across IT environments for stronger ransomware protection.
Platform opens new opportunities for managed service providers to manage, visualize, and secure customer devices from a single pane of glass, including automated maintenance and other operations.
By Andrew Braunberg, Principal Analyst, SecOps, Omdia
Omdia has learned that Gigamon sold its ThreatInsight NDR business to Fortinet for approximately $31 million. The deal highlights what may be a pivot point for the NDR market.
By Elizabeth Montalbano, Contributor, Dark Reading
The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.
From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.
Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.
For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.