Dark Reading

Fighting Back Against Pegasus, Other Advanced Mobile Malware

01/13/2022
Detecting infection traces from Pegasus and other APTs can be tricky, complicated by iOS and Android security features.

How to Protect Your Phone from Pegasus and Other APTs

01/13/2022
The good news is that you can take steps to avoid advanced persistent threats. The bad news is that it might cost you iMessage. And FaceTime.

New Vulnerabilities Highlight Risks of Trust in Public Cloud

01/13/2022
Major cloud providers are vulnerable to exploitation because a single flaw can be turned into a global attack using trusted core services.

How Cybercriminals Are Cashing in on the Culture of 'Yes'

01/13/2022
The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.

Redefining the CISO-CIO Relationship

01/13/2022
While these roles have different needs, drivers, and objectives, they should complement each other rather than compete with one another.

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking

01/13/2022
The vulnerability was patched this week in Microsoft's set of security updates for January 2022.

Check If You Have to Worry About the Latest HTTP Protocol Stack Flaw

01/12/2022
In this Tech Tip, SANS Institute’s Johannes Ullrich suggests using PowerShell to identify Windows systems affected by the newly disclosed vulnerability in http.sys.

Oxeye Introduce Open Source Payload Deobfuscation Tool

01/12/2022
Ox4Shell exposes hidden payloads thatare actively being used to confuse security protection tools and security teams.

New Research Reveals Public-Sector IAM Weaknesses and Priorities

01/12/2022
Auth0 Public Sector Index shows that governments are struggling to provide trustworthy online citizen services.

New Cyberattack Campaign Uses Public Cloud Infrastructure to Spread RATs

01/12/2022
An attack campaign detected in October delivers variants of Nanocore, Netwire, and AsyncRATs to target user data.

Why Is Cyber Assessment So Important in Security?

01/12/2022
All the pen testing and tabletop exercises in the world won't help unless an organization has a complete and accurate understanding of its assets.

Flashpoint Acquires Risk Based Security

01/12/2022
Flashpoint plans to integrate Risk Based Security data and technology into its platform to boost threat intelligence and vulnerability management.

Critical Infrastructure Security and a Case for Optimism in 2022

01/12/2022
The new US infrastructure law will fund new action to improve cybersecurity across rail, public transportation, the electric grid, and manufacturing.

Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals

01/12/2022
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.

Let's Play! Raising the Stakes for Threat Modeling With Card Games

01/11/2022
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.

Kiteworks Acquires Email Encryption Leader totemo

01/11/2022
Further closes intelligence gap inhibiting companies from tracking and controlling private content communications.

Microsoft Kicks Off 2022 With 96 Security Patches

01/11/2022
Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.

Cloud Apps Replace Web as Source for Most Malware Downloads

01/11/2022
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

Honeywell Adds Deception Tech to Building Automation Systems Security

01/11/2022
New OT security platform directs attackers toward phony assets to deflect threats.

Enterprise Security at CES 2022 Marked by IoT, Biometrics, and PC Chips

01/11/2022
Amid the onslaught of mostly consumer-oriented announcements in Las Vegas, a few key items pertaining to enterprise security emerged.