Dark Reading

Appdome Launches Build-to-Test, Automated Testing Option for Protected Mobile Apps

New capability streamlines automated testing of cybersecurity and anti-fraud features in android and iOS apps in virtual and cloud testing suites.

Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations

Attackers primarily target on-premises IT infrastructures.

Threat Actors Compromise Barracuda Email Security Appliances

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.

How Universities Can Bridge Cybersecurity's Gender Gap

It's time to invest in initiatives that engage young women in cybersecurity early and often.

Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks

Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.

How AI Can Help Organizations Adapt and Recover From Cyberattacks

Incident response playbooks and frameworks are leaving defenders ill-equipped to recover from the increasing number of successful cyberattacks. Developments in AI offer a new way for stretched teams to manage security incidents and heal swiftly.

Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans

Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.

Improving Cybersecurity Requires Building Better Public-Private Cooperation

Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations

The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.

IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area

The purchase gives IBM access to a new category of products called "data security posture management" for security data in cloud and SaaS repositories.

Apple Patches 3 Zero-Days Possibly Already Exploited

In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.

Data Siloes: Overcoming the Greatest Challenge in SecOps

It's not lack of data that's the problem, but the inability to piece it together to truly understand and reduce risk.

3 Common Initial Attack Vectors Account for Most Ransomware Campaigns

The data shows how most cyberattacks start, so basic steps can help organizations avoid becoming the latest statistic.

Keep Your Friends Close and Your Identity Closer

As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.

Google Debuts Quality Ratings for Security Bug Disclosures

New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.

AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap

85% of AppSec pros say ability to differentiate between real risks and noise is critical, yet only 38% can do so today; mature DevOps organizations cite widespread impact due to lack of cloud-native tools

Enterprises Rely on Multicloud Security to Protect Cloud Workloads

As enterprises adopt multicloud, the security picture has gotten foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.