BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.
By Deepen Desai, CISO and VP, Security Research, Zscaler
It's a classic attacker move: Use security protections against those who deploy them. But organizations can still defuse and prevent these encrypted attacks.
Powered by WatchGuardโs Unified Security Platformยฎ architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.
By Robert Lemos, Contributing Writer, Dark Reading
Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.
Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.
By Fahmida Y. Rashid, Managing Editor, Features, Dark Reading
Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.
By Robert Lemos, Contributing Writer, Dark Reading
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.
Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.
By Robert Lemos, Contributing Writer, Dark Reading
The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched.
De-shaming security mistakes and taking the blame and punishment out of incident reporting can strengthen security efforts both inside and outside of the workplace.
By Elizabeth Montalbano, Contributor, Dark Reading
Vladislav Klyushin and co-conspirators used SEC filings stolen from the networks of Tesla, Roku, and other publicly traded companies to earn nearly $100 million in illegal trades.
By Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.
By Elizabeth Montalbano, Contributor, Dark Reading
Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.
State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.
By Sergej Dechand, CEO and Co-Founder, Code Intelligence
Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
By Robert Lemos, Contributing Writer, Dark Reading
A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.
By Tara Seals, Managing Editor, News, Dark Reading
The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.
By Robert Lemos, Contributing Writer, Dark Reading
The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.