Dark Reading

Impersonation Becomes Top Phishing Technique

06/30/2021
A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails.

MyBook Investigation Reveals Attackers Exploited Legacy, Zero-Day Vulnerabilities

06/30/2021
A previously unknown flaw in Western Digital's older network-attached storage systems allowed unauthenticated commands to trigger a factory reset, formatting the hard drives, says the company after its preliminary investigation.

Attackers Already Unleashing Malware for Apple macOS M1 Chip

06/30/2021
Apple security expert Patrick Wardle found that some macOS malware written for the new M1 processor can bypass anti-malware tools.

Intl. Law Enforcement Operation Takes Down DoubleVPN

06/30/2021
The VPN service allegedly provided a means for cybercriminals to target their victims, Europol officials report.

3 Things Every CISO Wishes You Understood

06/30/2021
Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers.

7 Skills the Transportation Sector Needs to Fuel Its Security Teams

06/30/2021
Without a top-notch team to stop attackers, our favorite modes of transportation could come to a screeching halt.

9 Hot Trends in Cybersecurity Mergers & Acquisitions

06/30/2021
Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.

Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?

06/30/2021
Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.

Google Updates Vulnerability Data Format to Support Automation

06/29/2021
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.

Ransomware Losses Drive Up Cyber-Insurance Costs

06/29/2021
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.

CISA Publishes Catalog of Poor Security Practices

06/29/2021
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.

Survey Data Reveals Gap in Americans' Security Awareness

06/29/2021
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.

Technology's Complexity and Opacity Threaten Critical Infrastructure Security

06/29/2021
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.

3 Ways Cybercriminals Are Undermining MFA

06/29/2021
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.

Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

06/28/2021
Rogue driver was distributed within gaming community in China, company says.

Attacks Erase Western Digital Network-Attached Storage Drives

06/28/2021
The company suspects a remote code execution vulnerability affecting My Book Live and My Book Live Duo devices and recommends that business and individual users turn off the drives to protect their data.

New House Bill Aims to Drive Americans' Security Awareness

06/28/2021
The legislation requires the National Telecommunications and Information Administration to establish a cybersecurity literacy campaign.

Microsoft Tracks Attack Campaign Against Customer Support Agents

06/28/2021
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.

An Interesting Approach to Cyber Insurance

06/28/2021
What if insurers were to offer companies an incentive -- say, a discount -- for better protecting themselves? You know, the way car insurance companies offer lower premiums to customers who take a driver's ed course.

The Danger of Action Bias: Is It Always Better to Act Quickly?

06/28/2021
Experts discuss the meaning of action bias and how it presents a threat to IT security leaders, practitioners, and users.