Dark Reading

How and Why to Apply OSINT to Protect the Enterprise

08/15/2022
Here's how to flip the tide and tap open source intelligence to protect your users.

Cybercriminals Weaponizing Ransomware Data for BEC Attacks

08/12/2022
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

08/12/2022
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

08/12/2022
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

The Time Is Now for IoT Security Standards

08/11/2022
Industry standards would provide predictable and understandable IoT security frameworks.

New Open Source Tools Launched for Adversary Simulation

08/10/2022
The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.

New HTTP Request Smuggling Attacks Target Web Browsers

08/10/2022
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

08/10/2022
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.

Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

08/10/2022
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.

Rethinking Software in the Organizational Hierarchy

08/10/2022
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?

Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

08/10/2022
Platform engineered to let organizations mitigate risk and manage complexities.

OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022

08/10/2022
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.

Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape

08/10/2022
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.

Zero Trust & XDR: The New Architecture of Defense

08/10/2022
Zero trust and XDR are complementary and both are necessary in today's modern IT environment. In this article, we discuss the intersection of zero trust and XDR.

Compliance Certifications: Worth the Effort?

08/10/2022
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.

Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

08/10/2022
First-of-its-kind solution discovers and protects both data at rest and in motion.

Looking Back at 25 Years of Black Hat

08/10/2022
The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.

Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem

08/09/2022
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.

Microsoft Patches Zero-Day Actively Exploited in the Wild

08/09/2022
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.