Dark Reading

FBI Attributes Abuse of Its Email Account to Software 'Misconfiguration'

11/15/2021
A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.

Name That Toon: Cubicle for Four

11/15/2021
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

How to Negotiate With Ransomware Attackers

11/15/2021
Security researchers investigate the ransom negotiation process to create strategies businesses can use if they face an attack.

JupiterOne and Cisco Announce Launch of Secure Cloud Insights

11/15/2021
The partnership is designed to provide businesses with a range of cybersecurity services.

How Visibility Became the Lifeblood of SecOps and Business Success

11/15/2021
The best way to succeed in long-term cybersecurity is to invest in visibility because you can't protect or defend against what you can't see.

MSPAlliance Leadership Council Forms Vendor Council to Address Managed Services Supply Chain Risk

11/12/2021
MSP supply chain threats will be mitigated through transparency, education, business continuity planning, and managed services channel certification.

BT to Deploy 'Epidemiological AI' Based on the Spread of Viruses in Humans to Combat Cyberattacks

11/12/2021
Using the spread of viruses in human populations as a model to inform its AI, Inflame is a key component in BT’s recently-announced Eagle-i platform.

Ankura Launches Brooklyn Cyber Center

11/12/2021
New initiative addresses shortage of professionals and lack of diversity in cybersecurity by recruiting, training and retaining diverse talent from underrepresented backgrounds.

Emerging Security Tools Tackle GraphQL Security

11/12/2021
New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.

Open Source Project Aims to Detect Living-Off-the-Land Attacks

11/12/2021
The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts.

Follow the Leaders: A Blueprint for Software Security Success

11/12/2021
Organizations can study software security leaders and emulate their habits and initiatives in order to build a successful software security program of their own.

How to Hire — and Retain — Effective Threat Hunters

11/12/2021
Key characteristics that should be evaluated include curiosity, disposition, and fit with the culture.

In Appreciation: Alan Paller

11/12/2021
Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.

'Lyceum' Threat Group Broadens Focus to ISPs

11/11/2021
New report suggests attacker is targeting trusted supply chain companies in order to compromise large numbers of downstream customers.

Google Open Sources ClusterFuzzLite

11/11/2021
ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.

How Do I Know It's Time to Consider a SASE Migration?

11/11/2021
The rapid shift to a hybrid workplace and accelerated adoption of new technologies means it's time to rethink networking security approaches.

SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike

11/10/2021
Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.

SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks

11/10/2021
Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven't been patched for a remote code execution vulnerability fixed this summer.

Defining the Hierarchy of Value in Cyber Intelligence

11/10/2021
One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.

CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery

11/10/2021
The exercise included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making; roles and responsibilities during investigations; communication with first responders; and public messaging before and following an incident.