Dark Reading

Lazarus Group Uses New Tactic to Evade Detection

04/19/2021
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.

SolarWinds: A Catalyst for Change & a Cry for Collaboration

04/19/2021
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Pandemic Drives Greater Need for Endpoint Security

04/16/2021
Endpoint security has changed. Can your security plan keep up?

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

04/16/2021
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Security Gaps in IoT Access Control Threaten Devices and Users

04/16/2021
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

How the Biden Administration Can Make Digital Identity a Reality

04/16/2021
A digital identity framework is the answer to the US government's cybersecurity dilemma.

Software Developer Arrested in Computer Sabotage Case

04/15/2021
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.

Google Brings 37 Security Fixes to Chrome 90

04/15/2021
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

04/15/2021
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.

Pandemic Pushes Bot Operators to Redirect Efforts

04/15/2021
As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.

6 Tips for Managing Operational Risk in a Downturn

04/15/2021
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

04/15/2021
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

04/15/2021
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.

Thycotic & Centrify Merge to Form Cloud Identity Security Firm

04/14/2021
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

04/14/2021
The agency urges researchers to take precautions amid an ongoing targeted threat campaign.

FBI Operation Remotely Removes Web Shells From Exchange Servers

04/14/2021
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.

The CISO Life is Half as Good

04/14/2021
Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.

Bolstering Our Nation's Defenses Against Cybersecurity Attacks

04/14/2021
Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.

Dependency Problems Increase for Open Source Components

04/14/2021
The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.

DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack

04/13/2021
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.