Dark Reading

Why Windows Print Spooler Remains a Big Attack Target

10/01/2021
Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.

4.6M Neiman Marcus Online Customers Alerted to Data Breach

10/01/2021
The breach occurred in May 2020.

CISA and Girls Who Code Partner to Create Career Pathways for Young Women

10/01/2021
Through this partnership, CISA and Girls Who Code will establish collaborative opportunities to provide awareness, training, and pathways into cybersecurity careers for girls, women, and those who identify as nonbinary.

It's Time to Rethink Identity and Authentication

10/01/2021
The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.

Enterprises Planning SecOps Technology Deployments

10/01/2021
With the easing of pandemic-related restrictions, enterprise defenders report they are investigating security operations technology to manage new risks that emerged over the past year.

Shades of SolarWinds Attack Malware Found in New 'Tomiris' Backdoor

09/29/2021
Malware contains similarities that suggest a possible link to malware that Russia's DarkHalo group used in its massive supply chain attack, researchers say.

Startup Beyond Identity Now Offers Passwordless Multifactor Authentication for Consumers

09/29/2021
The announcement comes two weeks after Microsoft gave users the option to fully remove passwords from their accounts.

Startup Beyond Identity Now Offers Passwordless Multifactor Authentication for Consumers

09/29/2021
The announcement comes two weeks after Microsoft gave users the option to fully remove passwords from their accounts.

50% of Servers Have Weak Security Long After Patches Are Released

09/29/2021
Many servers remain vulnerable to high-severity flaws in Microsoft Exchange Server, VMware vCenter, Oracle WebLogic, and other popular products and services.

Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

09/29/2021
New threat research from the Salt Labs Security research team details Elastic Stack injection exploit that can result in DoS attacks and cascading API threats

Dell Technologies Addresses Modern Support and Security

09/29/2021
Services and security updates deliver customized IT support and secure PC experiences for work-from-anywhere employees.

1Password and Fastmail Partner to Boost Online Privacy

09/29/2021
Allows users to securely generate unique email aliases, adding an extra layer of online privacy.

Cyberspace, Cybergames, and Cyberspies

09/29/2021
How cyberspace has become a global cybergames stage, where all of us are actors.

Russian Officials Arrest Group-IB CEO, Accuse Him of Treason

09/29/2021
Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months.

Why Should I Care About HTTP Request Smuggling?

09/29/2021
HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.

DAST to the Future: Shifting the Modern AppSec Paradigm

09/29/2021
NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen — in production.

3 Security Initiatives AWS's New CEO Should Prioritize

09/29/2021
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.

Sneaky Android Trojan Siphons Millions Using Premium SMS

09/29/2021
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.

75K Email Inboxes Hit in New Credential Phishing Campaign

09/28/2021
Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.

Outsourced Software Pose Greater Risks to Enterprise Application Security

09/28/2021
In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to the organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.