Dark Reading

Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022

12/20/2021
Half of security decision makers also say the cyber skills gap will significantly impact their 2022 strategy, according to new research from Neustar.

Zero Trust Shouldn’t Mean Zero Trust in Employees

12/20/2021
Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.

Lights Out: Cyberattacks Shut Down Building Automation Systems

12/20/2021
Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.

How Risky Is the Log4J Vulnerability?

12/17/2021
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?

Meta Acts Against 7 Entities Found Spying on 50,000 Users

12/17/2021
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.

Executive Partnerships Are Critical for Cybersecurity Success

12/17/2021
One leader alone can't protect an organization from cyber threats, C-suite leaders agree.

Timely Questions for Log4j Response Now — And for the Future

12/17/2021
EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs).

PseudoManuscrypt Malware Targeted Government & ICS Systems in 2021

12/17/2021
The "PseudoManuscrypt" operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry.

Time to Reset the Idea of Zero Trust

12/17/2021
CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge.

CISA Issues Emergency Directive on Log4j

12/17/2021
The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.

Is Data Security Worthless if the Data Life Cycle Lacks Clarity?

12/17/2021
If you cannot track, access, or audit data at every stage of the process, then you can't claim your data is secure.

Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API

12/16/2021
The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic.

Why Log4j Mitigation Is Fraught With Challenges

12/16/2021
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems.

Phorpiex Botnet Variant Spread Across 96 Countries

12/16/2021
A new variant dubbed "Twizt" has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.

Log4Shell: The Big Picture

12/16/2021
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.

Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation

12/16/2021
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?

Rise in API-Based Attacks Underscore Investments in New Tools

12/15/2021
Noname Security's Series C fundraising tips the startup to over $1 billion in valuation -- a sign that organizations are beginning to look for API security tools and investors are looking for innovation in the space.

Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft

12/15/2021
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.

Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft

12/15/2021
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.

Dept. of Homeland Security Launches 'Hack DHS' Program

12/15/2021
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department's security posture.