Dark Reading

In the Fight Against Cybercrime, Takedowns Are Only Temporary

Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy.

Why Cyber Due Diligence Is Essential to the M&A Process

That announcement may feel good, but if your prospective acquisition's cybersecurity levels are substandard, it might be best to hold off.

7 Steps for Navigating a Zero-Trust Journey

Don't think of zero trust as a product. Think of it as "how you actually practice security."

How Do I Reduce the Risk of An Insider Threat?

The principle of least level of access gives employees just the privileges they need to do their jobs. Limiting what an employee can do is a core tenet of Zero Trust.

The CISO as Sustaining Force: Helping Infosec Staff Beat Burnout

To protect their staffers, leaders should focus on identifying and alleviating root causes of burnout.

6 Security-Tech Innovations We're Excited to See in 2022

The details on cybersecurity technologies that we expect to advance rapidly in the coming year.

Log4j: A CISO's Practical Advice

Working together is going to make getting through this problem a lot easier.

The Future of Work Has Changed, and Your Security Mindset Needs to Follow

VPNs have become a vulnerability that puts organizations at risk of cyberattacks.

7 of the Most Impactful Cybersecurity Incidents of 2021

There was a lot to learn from breaches, vulnerabilities, and attacks this year.

Microsoft Customer Source Code Exposed via Azure App Service Bug

Researchers found an insecure default behavior in Azure App Service exposing source code of some customer applications deployed using "Local Git."

Nearly 50% of People Will Abandon Sites Prohibiting Password Reuse

A new study investigating consumer password use found 25% of online shoppers would abandon their carts of $100 if prompted to reset a password at checkout.

CISA's New Log4j Scanner Aims to Find Vulnerable Apps

The open-sourced scanner was derived from scanners built by members across the open source community, CISA reports.

Log4j Reveals Cybersecurity's Dirty Little Secret

Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.

Why We Need to Consolidate Digital Identity Management Before Zero Trust

Zero trust may be one of the hottest trends in cybersecurity, but just eliminating trust from networks isn’t enough to prevent successful organizational data breaches, says Wes Wright, CTO of Imprivata.

Future of Identity-Based Security: All-in-One Platforms or Do-It-Yourself Solutions?

The functionality of all-in-one platforms is being deconstructed into a smorgasbord of services that can be used to develop bespoke end-user security procedures for specific work groups, lines of businesses, or customer communities.

UK Security Agency Shares 225M Passwords With 'Have I Been Pwned'

The UK's NCA and NCCU have shared 225 million stolen emails and passwords with HIBP, which tracks stolen credentials.

Meta Files Federal Lawsuit Against Phishing Operators

The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials.

93% of Tested Networks Vulnerable to Breach, Pen Testers Find

Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers.

How Modern Log Management Strengthens Enterprises’ Security Posture

If security teams are not logging everything, they are increasing security risk and making it more difficult to investigate and recover from a data breach. Modern log management goes beyond just a SIEM.

Preemptive Strategies to Stop Log4j and Its Variants

Zero trust is key to not falling victim to the next big vulnerability.