Dark Reading

A Comprehensive Backup Strategy Includes SaaS Data, Source Code

04/01/2022
Backups aren't just limited to hard drives, databases and servers. This Tech Tip describes how organizations should expand their backup strategies.

Apple's Zero-Day Woes Continue

04/01/2022
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.

NSA Employee Indicted for Sending Classified Data Outside the Agency

04/01/2022
Even the NSA has a malicious insider problem. The employee used his personal emails to send classified data to unauthorized outsiders on 13 different occasions.

What You Need to Know About PCI DSS 4.0's New Requirements

04/01/2022
The updated security payment standard's goal is to “address emerging threats and technologies and enable innovative methods to combat new threats” to customer payment information, the PCI Security Standards Council says.

More Than Ever, Security Matters

04/01/2022
Public policy proposals must consider technical, practical, and real-world security effects, and make sure we avoid unintended consequences.

Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks

03/31/2022
CISA urges organizations using affected technologies to implement recommended mitigation measures.

Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot

03/31/2022
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.

Ransomware: Should Companies Ever Pay Up?

03/31/2022
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?

Companies Going to Greater Lengths to Hire Cybersecurity Staff

03/31/2022
The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break some hiring rules.

Global BEC Crackdown Nets 65 Suspects

03/31/2022
FBI and international law enforcement agencies execute "Operation Eagle Sweep."

U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network

03/31/2022
The Academic Engagement Network is designed to advance cybersecurity in four areas.

Protecting Your Organization Against a New Class of Cyber Threats: HEAT

03/31/2022
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.

Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

03/31/2022
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.

Zero-Day Vulnerability Discovered in Java Spring Framework

03/30/2022
A proof-of-concept exploit allows remote compromises of Spring Web applications.

CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices

03/30/2022
Take UPS management interfaces off the Internet "immediately," agencies say.

Smart Cities: Secure by Design? It Takes a Village

03/30/2022
Smart-city security breaches have potentially very serious consequences — they can be economically devastating and even life-threatening, if handled wrong.

Cybercriminals Fighting Over Cloud Workloads for Cryptomining

03/30/2022
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.

Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk

03/30/2022
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.

How Security Complexity Is Being Weaponized

03/30/2022
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

03/30/2022
An interactive static analyzer gives developers information on potential risks arising from user inputs while they code. This could be a game-changer.