Dark Reading

Attackers Compromised Code-Checking Vendor's Tool for Two Months

04/20/2021
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

04/20/2021
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.

2020 Changed Identity Forever; What's Next?

04/20/2021
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.

7 Old IT Things Every New InfoSec Pro Should Know

04/20/2021
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.

Beware the Bug Bounty

04/20/2021
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

White House Scales Back Response to SolarWinds & Exchange Server Attacks

04/19/2021
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.

Attackers Test Weak Passwords in Purple Fox Malware Attacks

04/19/2021
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.

Lazarus Group Uses New Tactic to Evade Detection

04/19/2021
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.

SolarWinds: A Catalyst for Change & a Cry for Collaboration

04/19/2021
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Pandemic Drives Greater Need for Endpoint Security

04/16/2021
Endpoint security has changed. Can your security plan keep up?

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

04/16/2021
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Security Gaps in IoT Access Control Threaten Devices and Users

04/16/2021
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

How the Biden Administration Can Make Digital Identity a Reality

04/16/2021
A digital identity framework is the answer to the US government's cybersecurity dilemma.

Software Developer Arrested in Computer Sabotage Case

04/15/2021
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.

Google Brings 37 Security Fixes to Chrome 90

04/15/2021
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

04/15/2021
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.

Pandemic Pushes Bot Operators to Redirect Efforts

04/15/2021
As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.

6 Tips for Managing Operational Risk in a Downturn

04/15/2021
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

04/15/2021
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

04/15/2021
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.