Dark Reading

Capital One Ventures, Snowflake Ventures, Verizon Ventures, and Wipro Ventures Join Securonix $1B+ Growth Investment as

04/28/2022
Blue-chip companies deepen commitment based on success of long-standing customer and partner relationships and conviction of Securonix’s vision and hypergrowth potential.

The Ransomware Crisis Deepens, While Data Recovery Stalls

04/28/2022
Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.

Bumblebee Malware Buzzes Into Cyberattack Fray

04/28/2022
The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.

Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine

04/28/2022
Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.

A Peek into Visa's AI Tools Against Fraud

04/27/2022
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.

Doppler Takes on Secrets Management

04/27/2022
The startup is the latest company to try to solve the problem of organizing and sharing secrets.

Chinese APT Bronze President Mounts Spy Campaign on Russian Military

04/27/2022
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).

Synopsys to Acquire WhiteHat Security from NTT

04/27/2022
Acquisition expands security software-as-a-service capabilities.

CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021

04/27/2022
Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).

Tenable's Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets

04/27/2022
The four-year-old firm, started by two industry veterans, focuses on gaining visibility into Internet-facing services as more companies seek insight into what attackers see.

Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

04/27/2022
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.

5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable

04/27/2022
What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.

Log4j Attack Surface Remains Massive

04/26/2022
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.

How Do I Report My Security Program's ROI?

04/26/2022
If security leaders focus on visibility and metrics, they can demonstrate their programs' value to company leadership and boards.

Tenable Acquires External Attack Surface Management Vendor for $44.5M

04/26/2022
Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.

The Ins and Outs of Secure Infrastructure as Code

04/26/2022
The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.

CISA Taps Veteran CISO Bob Lord for Technical Adviser Role

04/26/2022
Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.

API Attacks Soar Amid the Growing Application Surface Area

04/26/2022
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.

Cyber Conflict Overshadowed a Major Government Ransomware Alert

04/26/2022
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.

What the ECDSA Flaw in Java Means for Enterprises

04/25/2022
This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the ECDSA flaw boils down to the version number.