Dark Reading

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity

05/07/2021
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.

The Edge Pro Quote: Password Empowerment

05/07/2021
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.

Defending Against Web Scraping Attacks

05/07/2021
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.

11 Reasons Why You Sorta Love Passwords

05/07/2021
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.

Troy Hunt: Organizations Make Security Choices Tough for Users

05/06/2021
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.

Google Plans to Automatically Enable Two-Factor Authentication

05/06/2021
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.

CISA Publishes Analysis on New 'FiveHands' Ransomware

05/06/2021
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.

Cloud-Native Businesses Struggle with Security

05/06/2021
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.

Securing the Internet of Things in the Age of Quantum Computing

05/06/2021
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.

Biden's Supply Chain Initiative Depends on Cybersecurity Insights

05/06/2021
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.

How to Move Beyond Passwords and Basic MFA

05/06/2021
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security

05/06/2021
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.

Attackers Seek New Strategies to Improve Macros' Effectiveness

05/05/2021
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.

Gap Between Security and Networking Teams May Hinder Tech Projects

05/05/2021
Professionals in each field describe a poor working relationship between the two teams

DoD Lets Researchers Target All Publicly Accessible Info Systems

05/05/2021
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.

Wanted: The (Elusive) Cybersecurity 'All-Star'

05/05/2021
Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.

Debating Law Enforcement's Role in the Fight Against Cybercrime

05/05/2021
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.

Will 2021 Mark the End of World Password Day?

05/05/2021
We might be leaving the world of mandatory asterisks and interrobangs behind for good.

Newer Generic Top-Level Domains a Security 'Nuisance'

05/04/2021
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.

Apple Issues Patches for Webkit Security Flaws

05/04/2021
The vulnerabilities may already be under active attack, Apple says in an advisory.