Dark Reading

Researchers Explore Active Directory Attack Vectors

05/03/2021
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.

Name That Edge Toon: Magical May

05/03/2021
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Imperva to Buy API Security Firm CloudVector

05/03/2021
The deal is intended to expand Imperva's API security portfolio, officials say.

Buer Malware Variant Rewritten in Rust Programming Language

05/03/2021
Researchers suggest a few reasons why operators rewrote Buer in an entirely new language

Researchers Find Bugs Using Single-Codebase Inconsistencies

05/03/2021
A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.

Dark Reading Celebrates 15th Anniversary

05/03/2021
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.

Stopping the Next SolarWinds Requires Doing Something Different

05/03/2021
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?

The Edge Pro Tip: Protect IoT Devices

05/03/2021
As Internet-connected devices become more prevalent in organizations, security issues increase as well.

Ransomware Task Force Publishes Framework to Fight Global Threat

04/30/2021
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.

MITRE Adds MacOS, More Data Types to ATT&CK Framework

04/30/2021
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.

MITRE Adds MacOS, Linux, More Data Types to ATT&CK Framework

04/30/2021
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.

Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds

04/30/2021
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.

Ghost Town Security: What Threats Lurk in Abandoned Offices?

04/30/2021
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?

7 Modern-Day Cybersecurity Realities

04/30/2021
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.

The Ticking Time Bomb in Every Company's Code

04/30/2021
Developers must weigh the benefits and risks of using third-party code in Web apps.

XDR Pushing Endpoint Detection and Response Technologies to Extinction

04/29/2021
Ironically, EDR's success has spawn demand for technology that extends beyond it.

Researchers Connect Complex Specs to Software Vulnerabilities

04/29/2021
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.

'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft

04/29/2021
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.

Your Digital Identity's Evil Shadow

04/29/2021
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.

The Challenge of Securing Non-People Identities

04/29/2021
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.