Dark Reading

Retailers' Offboarding Procedures Leave Potential Risks

02/10/2022
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.

Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021

02/10/2022
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.

Apple Releases Security Update for Webkit Flaw

02/10/2022
A Webkit use-after-free vulnerability in iOS, iPadOS, Monterey, and Safari may already have been exploited, Apple said in a security advisory issued today.

Defense Contractors Need to Check Their Six

02/10/2022
Companies overall met government standards, but poor credential management left vulnerabilities.

Dynatrace Adds Real-Time Attack Detection and Blocking, Advancing Cloud Application Security

02/10/2022
Application Security Module unifies multicloud observability and advanced AIOps with real-time vulnerability management and defense.

Dynatrace Launches DevSecOps Automation Alliance Partner Program

02/10/2022
Program enables alliance and solution partners to extend the capabilities of their DevSecOps offerings through seamless integrations with the Dynatrace platform.

Orca Security Adds Expanded CIEM Capabilities and Multi-Cloud Security Score to Cloud Platform

02/10/2022
Expands cloud infrastructure entitlement management capabilities, adds cloud security benchmarking, and support for Kubernetes compliance frameworks.

Allure Security Raises $6.8 Million Seed Funding Round

02/10/2022
Funding led by Gutbrain Ventures.

Titaniam Secures $6 Million in Seed Funding

02/10/2022
Funding round led by Refinery Ventures, with participation from Fusion Fund and Shasta Ventures.

Data Transparency Hasn't Made Us Safer Yet. Can It Uncover Breach Causality?

02/10/2022
Advanced machine learning models within an XDR framework could uncover what actually causes breaches, but first we need better data transparency.

Bot Marketplaces as a Source of Future Data Breaches

02/10/2022
Of the four bot marketplaces Cognyte analyzed, the Russian Market is the most dominant, but the others are all active, updated daily, and well-known, too.

Putting AI to Practical Use in Cybersecurity

02/09/2022
Almost every cybersecurity product has an AI component. Here is where it's working in the real world.

Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention

02/09/2022
Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.

Linux Malware on the Rise

02/09/2022
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.

Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover

02/09/2022
New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials.

Log4j and the Role of SBOMs in Reducing Software Security Risk

02/09/2022
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.

Mitigate Ransomware Risks With Modern Log Management

02/09/2022
Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

02/08/2022
One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

Google Cuts User Account Compromises in Half With Simple Change

02/08/2022
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

02/08/2022
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.