Dark Reading

Identifying a Vulnerability in the SAP Software Supply Chain

04/13/2022
Make sure you're using the patch to block this supply chain attack.

Intertrust Adds Security for IoT Devices in Zero-Trust Architectures to Intertrust Platform

04/12/2022
New features provide for end-to-end security and interoperability between data operations and multivendor IoT devices.

Datto to be Acquired by Kaseya for $6.2 Billion

04/12/2022
Funding led by Insight Partners.

Criminal IP Cybersecurity Search Engine Launches First Beta Test

04/12/2022
Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals.

United States Leads Seizure of One of the World’s Largest Hacker Forums and Arrests Administrator

04/12/2022
Court records unsealed Tuesday indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website.

Microsoft Plans Windows Auto-Update Service for Enterprises

04/12/2022
Starting in July, the Windows Autopatch service will automatically patch all software bugs, including security updates, for Windows 10/11 Enterprise E3 customers, Microsoft says.

Microsoft Patches Windows Flaw Under Attack and Reported by NSA

04/12/2022
"Go patch your systems before" the exploit spreads more widely, ZDI warns.

Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid

04/12/2022
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.

How Do I Conduct a Resilience Review?

04/12/2022
As the first step, make sure that all business-critical data across your organization is protected.

80% of Software Codebases Contain at Least One Vulnerability

04/12/2022
Open source code continues its steady takeover of codebases, and organizations have made slight gains in eliminating out-of-date and vulnerable components.

Building a Cybersecurity Mesh Architecture in the Real World

04/12/2022
Like zero trust, the cybersecurity mesh re-envisions the perimeter at the identity layer and centers upon unifying disparate security tools into a single, interoperable ecosystem.

Google, GitHub Collaboration Focuses on Securing Code Build Processes

04/11/2022
The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a "tamper-proof" record describing where, when, and how the software is produced.

Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme

04/11/2022
Former DHS employees targeted confidential, proprietary software and personally identifying information (PII) for hundreds of thousands of federal employees.

In Appreciation: Mike Murray

04/11/2022
Security industry expert who spearheaded healthcare cybersecurity efforts passes away at age 46.

Imprivata Acquires SecureLink to Deliver a Single-Vendor Platform to Manage and Secure All Enterprise and Third-Party Di

04/11/2022
Imprivata will unlock further value for customers by unifying, integrating, and automating digital identity to enable autonomous identity systems.

10 Signs of a Good Security Leader

04/11/2022
Strong leadership can lead to motivated and loyal employees. Here's what that looks like.

Creating a Security Culture Where People Can Admit Mistakes

04/11/2022
In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.

Going Passwordless? Here Are 6 Steps to Get Started

04/11/2022
High costs and user reluctance have stood in the way of passwordless adoption, but conversion can be simplified if you take it in more gradual steps.

Google Removes Dangerous Banking Malware From Play Store

04/08/2022
SharkBot was hidden in apps masquerading as antivirus tools.

Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine

04/08/2022
The operation aimed to disrupt cyber espionage activity a Russian GRU group was using for the Ukraine war.