Dark Reading

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

11/01/2022
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

Bed Bath & Beyond Discloses Data Breach to SEC

11/01/2022
The retailer reported that an employee fell for a phishing scam, allowing malicious actors to access shared drives.

Now That EDR Is Obvious, What Comes Next?

11/01/2022
First in our series addressing the top 10 unanswered questions in security: What's going to replace EDR?

Layoffs Mount as Cybersecurity Vendors Hunker Down

11/01/2022
With the vast majority of business leaders expecting a recession in 2023, cybersecurity firms are bolstering their operations and cash flow by laying off workers.

How Retailers Can Stay Protected During the Most Wonderful Time of the Year

11/01/2022
Retailers' new holiday jingle must hit cybersecurity high points to help survive the season. Forget Dasher and Dancer — add SAST and DAST to app testing; manage third-party risks; and use MFA along with training and proper authentication to secure credentials.

FTC Gives Chegg an 'F' for Careless Cybersecurity Impacting 40M Students

11/01/2022
Ed-tech company Chegg is ordered by FTC to secure its systems after repeated breaches that exposed tens of millions of users' personal data.

Name That Edge Toon: Talk Turkey

11/01/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Network Perception and Check Point Software Technologies Partner to Tighten the Security of OT Firewall Environments

11/01/2022
Integrated OT solution streamlines the auditing of firewalls for misconfigurations and conflicting rules.

China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor

11/01/2022
The sophisticated and ever-evolving threat known as LodeInfo is being deployed against media, diplomatic, government, public sector, and think-tank targets.

Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit

10/25/2022
A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who discovered the flaws.

LinkedIn Phishing Spoof Bypasses Google Workspace Security

10/25/2022
A credential-stealing attack that spoofed LinkedIn and targeted a national travel organization skates past DMARC and other email protections.

Threat Groups Repurpose Banking Trojans into Backdoors

10/25/2022
Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.

HR Departments Play a Key Role in Cybersecurity

10/25/2022
A more secure organization starts with stronger alignment between HR and the IT operation.

Equifax's Lessons Are Still Relevant, 5 Years Later

10/25/2022
Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise.

Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments

10/25/2022
Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.

MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Pr

10/25/2022
New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.

Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents

10/25/2022
The Marsh McLennan Cyber Risk Analytics Center conducted independent analysis of BitSight's Security Rating and risk vectors and cybersecurity incident data.

Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection

10/25/2022
Identity fraud has increased at 84% of dealerships, with 60% losing three or more vehicles in the last year.