Dark Reading

The Cybersecurity Industry Doesn't Have a Stress Problem — It Has a Leadership Problem

Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.

Third Annual Global CISO Report Identifies Significant Shifts in Hiring and Retaining Security Talent

Research from Marlin Hawk also shows a 15% increase in CISOs holding STEM-related degrees year-over-year, diversifying the succession talent pool.

Uber Breached, Again, After Attackers Compromise Third-Party Cloud

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Metaparasites & the Dark Web: Scammers Turn on Their Own

Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.

Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response

More than 10 days after a ransomware attack, affected Rackspace customers are being told the incident had a "limited impact," and have been invited to a webinar for additional details.

Shopify Plus Stores Can Easily Add Passwordless Login With Passkeys Support

Shopify Plus stores can now easily implement passwordless login with Passkeys support to help reduce drop rate and increase conversion using the free OwnID plug-in.

What We Can't See Can Hurt Us

Visibility into every environment, including cloud, enables businesses to mitigate operating risks.

Popular WAFs Subverted by JSON Bypass

Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.

When Companies Compensate the Hackers, We All Foot the Bill

Ensuring stronger in-house defenses is integral to retaining customer loyalty.

Palo Alto Networks Xpanse Active Attack Surface Management Automatically Remediates Cyber Risks Before They Lead to Cybe

New Cortex Xpanse features give organizations visibility and control of their attack surfaces to discover, evaluate, and address cyber risks.

Nearly 4,500 Pulse Connect Secure VPNs Left Unpatched and Vulnerable

Pulse Connect VPN server software received several updates over the years, and thousands of hosts haven't patched.

Trilio Raises $17M, Appoints Massood Zarrabian as CEO

Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.

TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?

Texas and Maryland this week joined three other states in prohibiting accessing the popular social media app from state-owned devices.

Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool

MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.

7 Ways Gaming Companies Can Battle Cybercrime on Their Platforms

Balancing gameplay and security can drive down risks and improve gamers' trust and loyalty.

43 Trillion Security Data Points Illuminate Our Most Pressing Threats

A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.

Iranian APT Targets US With Drokbk Spyware via GitHub

The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.

How Naming Can Change the Game in Software Supply Chain Security

A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.

Google: Use SLSA Framework for Better Software Security

Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.

3 Ways Attackers Bypass Cloud Security

At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.