Dark Reading

Mitigate Ransomware Risks With Modern Log Management

Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

Google Cuts User Account Compromises in Half With Simple Change

The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks

Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.

Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws

Companies are scanning more applications for vulnerabilities — and more often.

Cyber Terrorism Is a Growing Threat & Governments Must Take Action

With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

Qualys Launches Context XDR

Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.

InterVision Unveils Ransomware Protection as a Service

InterVision RPaaS solution provides protection, response, and recovery in one managed service.

Salesforce DevOps Needs Guardrails

Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

DeepSurface Security Secures $4.5M for Business Expansion

Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.

Prioritizing the Right Vulnerabilities to Reduce Risk

Prioritization needs to be part of vulnerability management if security teams are to keep up and mitigate issues in a timely manner.

Russian APT Steps Up Malicious Cyber Activity in Ukraine

Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.

FBI Publishes Indicators of Compromise for LockBit 2.0 Ransomware

Flash bulletin alert includes mitigation strategies for defending against the ransomware.

A Prophylactic Approach for Today's Vulnerable Websites and Web Apps

Take a proactive approach to client-side security: Why monitoring your JavaScript programming language is so important to your overall security posture.

SecurityScorecard Acquires LIFARS

SecurityScorecard adds digital forensics and incident response to strengthen its products.

When Multifactor Authentication Is Compromised: Fighting Back With AI

Now that attackers can bypass preventative controls, we need to find and stop the attackers when they're already inside.

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.

Name That Edge Toon: Head of the Table

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

The 3 Most Common Causes of Data Breaches in 2021

Phishing, smishing, and business email compromise continue to do their dirty work.