Dark Reading

What We Can Learn From Lapsus$ Techniques

04/05/2022
The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.

FIN7 Morphs into a Broader, More Dangerous Cybercrime Group

04/05/2022
Mandiant has now tied the group to at least eight unattributed clusters of activity targeting organizations across various industries and regions.

How to Prepare for Cyber Threats During the Russian Invasion of Ukraine

04/05/2022
Remain calm, maintain control, and triage responses appropriately to ensure that the organization can remain resilient against threats during this crisis and through others to come.

State Department Announces Bureau of Cyberspace and Digital Policy

04/04/2022
The newly created bureau will help shape norms of responsible government behavior in cyberspace and help US allies bolster their own cybersecurity programs.

Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents

04/04/2022
EDR solution provides comprehensive threat detection and reduces the risk of compromise with vulnerability management and patching all from a single agent.

Citrix® Modernizes Security to Accommodate Hybrid Work

04/04/2022
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.

Apple Gift Card Scammers Sentenced for Role in $1.5M Fraud

04/04/2022
Criminal conspiracy included theft of Apple point-of-sale devices.

Millions of Installations Potentially Vulnerable to Spring Framework Flaw

04/04/2022
Internet scan indicates hundreds of thousands of vulnerable installations, while data from the major Java repository suggests millions, firms say.

How Do I Decide Whether to Buy or Build in Security?

04/04/2022
To build or buy — that is the question. Security teams have to consider maintenance costs and compliance questions when they go down the build-it-yourself path.

Beware of These 5 Tax Scams

04/04/2022
Fraudsters are out in full force as Tax Day approaches. Use this list to keep your company’s employees informed on what to watch out for this year.

Cybersecurity Mesh: IT's Answer to Cloud Security

04/04/2022
With a properly functioning cybersecurity mesh architecture, one can guarantee safe, authorized access to data from any access point.

A Comprehensive Backup Strategy Includes SaaS Data, Source Code

04/01/2022
Backups aren't just limited to hard drives, databases and servers. This Tech Tip describes how organizations should expand their backup strategies.

Apple's Zero-Day Woes Continue

04/01/2022
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.

NSA Employee Indicted for Sending Classified Data Outside the Agency

04/01/2022
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.

What You Need to Know About PCI DSS 4.0's New Requirements

04/01/2022
The updated security payment standard's goal is to “address emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says.

More Than Ever, Security Matters

04/01/2022
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.

Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks

03/31/2022
CISA urges organizations using affected technologies to implement recommended mitigation measures.

Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot

03/31/2022
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.

Ransomware: Should Companies Ever Pay Up?

03/31/2022
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?

Companies Going to Greater Lengths to Hire Cybersecurity Staff

03/31/2022
The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break some hiring rules.