Dark Reading

Window Snyder Launches Startup to Fill IoT Security Gaps

04/23/2021
Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.

Password Manager Suffers 'Supply Chain' Attack

04/23/2021
A software update to Click Studios' Passwordstate password manager contained malware.

Insider Data Leaks: A Growing Enterprise Threat

04/23/2021
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features

04/23/2021
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.

SOC 2 Attestation Tips for SaaS Companies

04/23/2021
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.

Tell Us the Truth: Why Do You LOVE Passwords?

04/23/2021
There must be something you appreciate about the humble password, right? Tell us what you think.

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

04/22/2021
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.

The Edge Pro Tip: Brush Up on Web Shells

04/22/2021
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.

Edge Poll: Passwordless Plans

04/22/2021
How long do you think it will be before your organization gets rid of passwords?

New CISA Advisories Warn of ICS Vulnerabilities

04/22/2021
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.

Prometei Botnet Adds New Twist to Exchange Server Attacks

04/22/2021
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.

Improving the Vulnerability Reporting Process With 5 Steps

04/22/2021
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

04/22/2021
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.

Name That Toon: Greetings, Earthlings

04/22/2021
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.

Looking for Greater Security Culture? Ask an 8-Bit Plumber

04/22/2021
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.

10 Free Security Tools at Black Hat Asia 2021

04/22/2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

04/22/2021
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.

Who's Your Login?

04/22/2021
If only Abbott and Costello were around today.

Rapid7 Acquires Velociraptor Open Source Project

04/21/2021
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.

Justice Dept. Creates Task Force to Stop Ransomware Spread

04/21/2021
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.