Dark Reading

Mitigate Ransomware Risks With Modern Log Management

02/09/2022
Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

02/08/2022
One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

Google Cuts User Account Compromises in Half With Simple Change

02/08/2022
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

02/08/2022
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks

02/08/2022
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.

Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws

02/08/2022
Companies are scanning more applications for vulnerabilities — and more often.

Cyber Terrorism Is a Growing Threat & Governments Must Take Action

02/08/2022
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

Qualys Launches Context XDR

02/08/2022
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.

InterVision Unveils Ransomware Protection as a Service

02/08/2022
InterVision RPaaS solution provides protection, response, and recovery in one managed service.

Salesforce DevOps Needs Guardrails

02/08/2022
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

DeepSurface Security Secures $4.5M for Business Expansion

02/08/2022
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.

Prioritizing the Right Vulnerabilities to Reduce Risk

02/08/2022
Prioritization needs to be part of vulnerability management if security teams are to keep up and mitigate issues in a timely manner.

Russian APT Steps Up Malicious Cyber Activity in Ukraine

02/07/2022
Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.

FBI Publishes Indicators of Compromise for LockBit 2.0 Ransomware

02/07/2022
Flash bulletin alert includes mitigation strategies for defending against the ransomware.

A Prophylactic Approach for Today's Vulnerable Websites and Web Apps

02/07/2022
Take a proactive approach to client-side security: Why monitoring your JavaScript programming language is so important to your overall security posture.

SecurityScorecard Acquires LIFARS

02/07/2022
SecurityScorecard adds digital forensics and incident response to strengthen its products.

When Multifactor Authentication Is Compromised: Fighting Back With AI

02/07/2022
Now that attackers can bypass preventative controls, we need to find and stop the attackers when they're already inside.

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

02/07/2022
This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.

Name That Edge Toon: Head of the Table

02/07/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

The 3 Most Common Causes of Data Breaches in 2021

02/04/2022
Phishing, smishing, and business email compromise continue to do their dirty work.