Dark Reading

How and Why to Apply OSINT to Protect the Enterprise

Here's how to flip the tide and tap open source intelligence to protect your users.

Cybercriminals Weaponizing Ransomware Data for BEC Attacks

Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

The Time Is Now for IoT Security Standards

Industry standards would provide predictable and understandable IoT security frameworks.

New Open Source Tools Launched for Adversary Simulation

The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.

New HTTP Request Smuggling Attacks Target Web Browsers

Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.

Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.

Rethinking Software in the Organizational Hierarchy

Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?

Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

Platform engineered to let organizations mitigate risk and manage complexities.

OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022

Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.

Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape

New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.

Zero Trust & XDR: The New Architecture of Defense

Zero trust and XDR are complementary and both are necessary in today's modern IT environment. In this article, we discuss the intersection of zero trust and XDR.

Compliance Certifications: Worth the Effort?

Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.

Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

First-of-its-kind solution discovers and protects both data at rest and in motion.

Looking Back at 25 Years of Black Hat

The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.

Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem

A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.

Microsoft Patches Zero-Day Actively Exploited in the Wild

The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.