Dark Reading

Survey Data Reveals Gap in Americans' Security Awareness

06/29/2021
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.

Technology's Complexity and Opacity Threaten Critical Infrastructure Security

06/29/2021
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.

3 Ways Cybercriminals Are Undermining MFA

06/29/2021
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

06/28/2021
Rogue driver was distributed within gaming community in China, company says.

Attacks Erase Western Digital Network-Attached Storage Drives

06/28/2021
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.

New House Bill Aims to Drive Americans' Security Awareness

06/28/2021
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.

Microsoft Tracks Attack Campaign Against Customer Support Agents

06/28/2021
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.

An Interesting Approach to Cyber Insurance

06/28/2021
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.

The Danger of Action Bias: Is It Always Better to Act Quickly?

06/28/2021
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.

The Role of Encryption in Protecting LGBTQ+ Community Members

06/28/2021
The Internet is a vital tool that helps LGBTQ+ community members communicate without fear of persecution -- and strong encryption is a critical part of this equation.

New CPU Baseline for Windows 11 Will Ensure Better Security, Microsoft Says

06/25/2021
Redmond's latest OS will run only on systems with TPM 2.0 chips.

Amazon Acquires Secure Messaging Platform Wickr

06/25/2021
AWS CISO Stephen Schmidt says the acquisition is strategic amid the proliferation of remote work.

Data Privacy Is in 23andMe CSO's DNA

06/25/2021
How serious is the company about safeguarding its customers and their genetic information? "We're hiding data even from ourselves," says the biotech and genetic testing company's head of security.

School's Out for Summer, but Don't Close the Book on Cybersecurity Training

06/25/2021
Strengthening their security posture should be at the top of school IT departments' summer to-do list.

High-Level FIN7 Member Sentenced to 7 Years in Prison

06/25/2021
Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.

7 Unconventional Pieces of Password Wisdom

06/25/2021
Challenging common beliefs about best practices in password hygiene.

74% of Q1 Malware Was Undetectable Via Signature-Based Tools

06/24/2021
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.

D3FEND Framework Seeks to Lay Foundation for Cyber Defense

06/24/2021
The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.

Tulsa Officials Warn Ransomware Attackers Leaked City Files

06/24/2021
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

06/24/2021
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.