Dark Reading

Name That Toon: Greetings, Earthlings

04/22/2021
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.

Looking for Greater Security Culture? Ask an 8-Bit Plumber

04/22/2021
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.

10 Free Security Tools at Black Hat Asia 2021

04/22/2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

04/22/2021
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.

Who's Your Login?

04/22/2021
If only Abbott and Costello were around today.

Rapid7 Acquires Velociraptor Open Source Project

04/21/2021
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.

Justice Dept. Creates Task Force to Stop Ransomware Spread

04/21/2021
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.

Zero-Day Flaws in SonicWall Email Security Tool Under Attack

04/21/2021
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.

Business Email Compromise Costs Businesses More Than Ransomware

04/21/2021
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.

How to Attack Yourself Better in 2021

04/21/2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.

Attackers Heavily Targeting VPN Vulnerabilities

04/21/2021
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

04/20/2021
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.

Foreign Spies Target British Nationals With Fake Social Media Profiles

04/20/2021
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.

Attackers Compromised Code-Checking Vendor's Tool for Two Months

04/20/2021
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

04/20/2021
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.

2020 Changed Identity Forever; What's Next?

04/20/2021
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.

7 Old IT Things Every New InfoSec Pro Should Know

04/20/2021
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.

Beware the Bug Bounty

04/20/2021
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

White House Scales Back Response to SolarWinds & Exchange Server Attacks

04/19/2021
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.

Attackers Test Weak Passwords in Purple Fox Malware Attacks

04/19/2021
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.