Dark Reading

UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data

09/22/2021
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.

FragAttacks Foil 2 Decades of Wireless Security

08/06/2021
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.

Researchers Call for 'CVE' Approach for Cloud Vulnerabilities

08/06/2021
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.

HTTP/2 Implementation Errors Exposing Websites to Serious Risks

08/05/2021
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.

CISA Launches JCDC, the Joint Cyber Defense Collaborative

08/05/2021
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.

Incident Responders Explore Microsoft 365 Attacks in the Wild

08/05/2021
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.

Researchers Find Significant Vulnerabilities in macOS Privacy Protections

08/05/2021
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.

A New Approach to Securing Authentication Systems' Core Secrets

08/05/2021
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.

Organizations Still Struggle to Hire & Retain Infosec Employees: Report

08/05/2021
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.

Why Supply Chain Attacks Are Destined to Escalate

08/05/2021
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.

New Normal Demands New Security Leadership Structure

08/02/2021
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.

Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System

08/02/2021
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.

8 Security Tools to be Unveiled at Black Hat USA

07/28/2021
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.

Biden Administration Responds to Geopolitical Cyber Threats

07/23/2021
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

07/19/2021
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations

07/19/2021
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.

How Gaming Attack Data Aids Defenders Across Industries

07/19/2021
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.

NSO Group Spyware Used On Journalists & Activists Worldwide

07/19/2021
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.

When Ransomware Comes to (Your) Town

07/19/2021
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.

7 Ways AI and ML Are Helping and Hurting Cybersecurity

07/19/2021
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.