Dark Reading

10 Stocking Stuffers for Security Geeks

11/22/2021
Check out our list of gifts with a big impact for hackers and other techie security professionals.

Is it OK to Take Your CEO Offline to Protect the Network?

11/22/2021
Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate?

Why the 'Basement Hacker' Stereotype Is Wrong — and Dangerous

11/22/2021
It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.

US Banks Will Be Required to Report Cyberattacks Within 36 Hours

11/19/2021
There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours.

3 Takeaways from the Gartner Risk Management Summit

11/19/2021
Security leaders can be treated as partners supporting the business and share accountability by establishing relationships with business stakeholders.

To Beat Ransomware, Apply Zero Trust to Servers Too

11/19/2021
The path out of the ransomware crisis is full inspection and protection of all traffic flows. That means zero trust everywhere — even between servers.

Zero Trust: An Answer to the Ransomware Menace?

11/19/2021
Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

US Indicts Iranian Nationals for Cyber-Enabled Election Interference

11/19/2021
Among other things, the pair pretended to be Proud Boys volunteers and sent in a fake video and emails to Republican lawmakers purporting to show Democratic Party attempts to subvert the 2020 presidential elections.

Search CT Logs for Misconfigured SSL Certificates

11/18/2021
Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.

Cloud Security Startup Lacework Gets a Boost With New $1.3B Funding

11/18/2021
Lacework's will use its $1.3 billion Series D to expand go-to-market strategies and its data-focused cloud security platform.

Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

11/18/2021
Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.

Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 US Pre

11/18/2021
An indictment was unsealed charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 US presidential election.

North Korean Hacking Group Targets Diplomats, Forgoes Malware

11/18/2021
The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware.

California Pizza Kitchen Suffers Data Breach

11/18/2021
Personal data, including Social Security numbers, of more than 100K employees exposed.

Addressing the Low-Code Security Elephant in the Room

11/18/2021
The danger of anyone being able to spin up new applications is that few are thinking about security. Here's why everyone is responsible for the security of low-code/no-code applications.

Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security

11/18/2021
Based on the reaction of a single insect in a swarm, messages are passed along peer to peer, and an entire environment can respond without a central leader processing data and giving orders.

'PerSwaysion' Phishing Campaign Still Ongoing, and Pervasive

11/18/2021
Research shows that multiple attack groups have been using the Microsoft file-sharing service - leveraging phishing kit for much longer than previously thought.

Artificial Intelligence and Machine Learning, Cloud Computing, and 5G Will Be the Most Important Technologies in 2022, S

11/18/2021
Chief information officers, chief technology officers, and technology leaders globally surveyed on key technology trends, priorities, and predictions for 2022 and beyond.

GBG Announces It Has Agreed to Acquire Acuant

11/18/2021
GBG announces it has agreed to acquire Acuant, bringing together two leaders in the global digital identity market with combined revenue of c.£265 million.

CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies

11/17/2021
Effort part of President Biden’s executive order to improve the nation’s sybersecurity.