Dark Reading

Tool Overload & Attack Surface Expansion Plague SOCs

12/14/2021
Security professionals are burning out from handling too many tools and facing a growing number of threats, and more than 40% see lack of leadership as the main problem.

Microsoft Patches Zero-Day Spreading Emotet Malware

12/14/2021
The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities.

Source Code Leaks: The Real Problem Nobody Is Paying Attention To

12/14/2021
Source code is a corporate asset like any other, which makes it an attractive target for hackers.

Combat Misinformation by Getting Back to Security Basics

12/14/2021
One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources.

XDR: What It Is, What It Isn't

12/13/2021
The three must-haves in eXtended Detection and Response are: making data accessible, facilitating real-time threat detection, and providing remediation strategies.

Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums

12/13/2021
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.

Why Classifying Ransomware as a National Security Threat Matters

12/13/2021
Government actions help starve attack groups of the resources - money, ability to recruit, and time.

How Do I Find My Servers With the Log4j Vulnerability?

12/13/2021
This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228.

Volvo Confirms R&D Data Stolen in Breach

12/13/2021
The company confirmed last week that one of its file repositories was accessed by a third party.

Kronos Suffers Ransomware Attack, Expects Full Restoration to Take 'Weeks'

12/13/2021
Customers advised to adopt alternative internal processes to support the affected human resources services.

40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j

12/13/2021
More than 60 variants of the original exploit were introduced over the last day alone.

Bug-Bounty Programs Shift Focus to Most Critical Flaws

12/13/2021
The number of bug bounty programs jumped by a third, the median payout for a critical vulnerability report rose to $3,000, but rewards for easier-to-find lower-severity flaws stagnated in 2021.

Name That Toon: Modern-Day Frosty

12/13/2021
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Darktrace Reports Information Technology and Communications Sector Most Targeted by Cyberattackers in 2021

12/13/2021
Most targeted industry shifts from the financial and insurance sector in 2020.

Kaspersky Opens Doors to New Transparency Center in North America

12/13/2021
The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.

2 Website Threats to Address for the Holiday Shopping Rush

12/13/2021
Some tips for effectively combating Web supply chain attacks and customer hijacking via browser extensions.

What to Do While Waiting for the Log4J Updates

12/10/2021
This Tech Tip outlines how enterprise defenders can mitigate the risks of the Log4j vulnerabilities for the short-term while waiting for updates.

Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool

12/10/2021
A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say.

NIST Cyber-Resiliency Framework Extended to Include Critical Infrastructure Controls

12/10/2021
The latest NIST publication outlines how organizations can build systems that can anticipate, withstand, recover from, and adapt to cyberattacks.

Russian National Sentenced for Role in Kelihos Botnet

12/10/2021
Oleg Koshkin was sentenced for running a crypting service used to hide the Kelihos malware from antivirus software.