Dark Reading

Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs

05/28/2021
Security vendor says it has observed threat groups using a set of 16 tools specifically designed to attack Pulse Secure devices since April 2020.

Chart: Cloud Concerns

05/28/2021
As more organizations make their way to the cloud, their eyes are wide open to the associated cybersecurity risks that tag along for the ride.

Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report

05/28/2021
A new study examines the tools and technologies driving investment and activities for security operations centers.

SolarWinds Attackers Impersonate USAID in Advanced Email Campaign

05/28/2021
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.

A Wrench and a Screwdriver: Critical Infrastructure's Last, Best Lines of Defense?

05/28/2021
Critical infrastructure's cybersecurity problems are complex, deep-rooted, and daunting. Addressing them won't be easy...but it isn't impossible.

Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection

05/28/2021
Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.

Plug-ins for Code Editors Pose Developer-Security Threat

05/28/2021
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.

Most Mobile Apps Can Be Compromised in 15 Minutes or Less

05/28/2021
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.

'Have I Been Pwned' Code Base Now Open Source

05/27/2021
Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.

BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims

05/27/2021
The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.

Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues

05/27/2021
SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wuest, VP of cyber protection research for Acronis.

Let's Stop Blaming Employees for Our Data Breaches

05/27/2021
Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.

DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture

05/27/2021
On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.

How Menlo Uses Isolation to Secure Mobile Devices in the Cloud

05/27/2021
SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.

Prevention Is the Only Cure: The Dangers of Legacy Systems

05/27/2021
Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.

ExtraHop Explains How Advanced Threats Dominate Threat Landscape

05/27/2021
SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

05/26/2021
New study shows sharp increase in number of endpoint devices with sensitive data on them.

Google Discovers New Rowhammer Attack Technique

05/26/2021
Researchers publish the details of a new Rowhammer vulnerability called "Half-Double" that exploits increasingly smaller DRAM chips.

Zscaler Buys Deception Technology Startup

05/26/2021
ZScaler's CEO says Smokescreen Technologies' capabilities will be integrated with Zscaler's ZIA and ZPA products.

Cisco: Reduced Complexity in the SOC Improves Enterprise Security

05/26/2021
SPONSORED: WATCH NOW -- All it took was a global pandemic and a shift to working from home to expose security operations centers' open secret: Too much software, systems, and data to filter. Dug Song, chief strategy officer of Cisco Secure, makes a strong case for why reducing that complexity is the only tenable way forward for security professionals.