Dark Reading

How Mobile Networks Have Become a Front in the Battle for Ukraine

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience.

RF Technologies Releases Safe Place Staff Protection for Healthcare Settings

RFT is expanding the Safe Place hospital market security system to include staff protection.

50% of Orgs Rely on Email to Manage Security

Even with dedicated identity management tools at their disposal, many companies — smaller ones especially — are sticking with email and spreadsheets for handling permissions.

iPhones Open to Attack Even When Off, Researchers Say

Wireless chips that run when the iPhone iOS is shut down can be exploited.

Open Source Security Gets $30M Boost From Industry Heavy Hitters

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Name That Toon: Knives Out

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.

How to Turn a Coke Can Into an Eavesdropping Device

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

US Agrees to International Electronic Cybercrime Evidence Swap

The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.

CISO Shares Top Strategies to Communicate Security's Value to the Biz

In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.

Black Hat Asia: Democracy's Survival Depends on Taming Technology

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.

How to Avoid Falling Victim to PayOrGrief's Next Rebrand

The group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

Black Hat Asia: Firmware Supply Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.