Dark Reading

CDN Cache Poisoning Allows DoS Attacks Against Cloud Apps

01/06/2022
A Romanian researcher discovers more than 70 vulnerabilities in how applications and their content delivery networks handle cache misses that open the doors to denial-of-service attacks.

Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession

01/06/2022
The prevailing mindset is that security practitioners are professionals, and thus, require a college degree. But there are some flaws in that logic.

New Mac Malware Samples Underscore Growing Threat

01/06/2022
A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.

Hybrid Multicloud Strategies Are Keeping the Public Sector at the Forefront of Threat Mitigation

01/06/2022
Zero trust, DevSecOps, and agile methodologies are critical in bridging the power of commercial multicloud environments and the security of private data centers.

New Attack Campaign Exploits Microsoft Signature Verification

01/05/2022
The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims.

NY AG: 1.1M Online Consumer Accounts Found Compromised in Credential-Stuffing Attacks

01/05/2022
Stolen credentials tied to cyberattack incidents at 17 "well-known" online retailers, restaurant chains, food delivery services.

FTC: Companies Could Face Legal Action for Failing to Patch Log4j

01/05/2022
The FTC will pursue companies that fail to take steps to protect consumer data from exposure due to Log4j, officials report.

Which Cloud Strategy Is Right For My Organization's Security Needs?

01/05/2022
The massive Amazon Web Services outage in December had many security leaders asking whether they should be going multicloud or multiregion for their cloud environments.

Why We Need To Reframe the False-Positive Problem

01/05/2022
Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don't have.

Putting Ransomware Gangs Out of Business With AI

01/05/2022
Organizations need to take matters into their own hands with a new approach.

The World Is Increasingly Controlled and Transformed by Algorithms

01/05/2022
Our digital interactions are being analyzed, predicted, and protected by algorithms and serve as a strategic, digital arsenal in defending against cyberattacks.

CrowdStrike Incorporates Intel CPU Telemetry into Falcon Sensor

01/04/2022
The Falcon sensor uses Intel PT telemetry to identify suspicious operations associated with hard-to-detect exploit techniques.

McMenamins Breach Affected 23 Years of Employee Data

01/04/2022
The Oregon-based hospitality and dining business reports the data was compromised in a Dec. 12 ransomware attack.

Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells

01/04/2022
Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework.

Google Buys Siemplify to Get Ahead in Cloud Security

01/04/2022
Google says the deal will bring security orchestration, automation, and response to its Google Cloud security portfolio and expand its Chronicle platform.

Mobile Application Security: 2021's Breaches

01/04/2022
Many of last year's largest app breaches could have been prevented with testing, training, and the will to take app security seriously.

Vinnie Liu Has a Mission: Keeping People Safe Online and Offline

01/04/2022
Security Pro File: The years at the National Security Agency shaped Vinnie Liu's views on security. "We're missionaries, not mercenaries," he says.

Why CIOs Should Report to CISOs

01/04/2022
If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure.

Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise

01/04/2022
The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the Log4j vulnerability from hundreds of downstream dependent packages of Log4j.

Palo Alto Networks Appoints Helmut Reisinger to Leadership Team

01/04/2022
Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.