Dark Reading

Google Updates on Campaign Targeting Security Researchers

03/31/2021
Attackers linked to North Korea began to target security researchers on social media earlier this year.

What's So Great About XDR?

03/31/2021
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.

83% of Businesses Hit With a Firmware Attack in Past Two Years

03/31/2021
A new Microsoft-commissioned report finds less than 30% of organizations allocate security budget toward preventing firmware attacks.

College Students Targeted in Newest IRS Scam

03/31/2021
The Internal Revenue Service warns of fraudulent emails sent to .edu addresses.

Advice From Security Experts: How to Approach Security in the New Normal

03/31/2021
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.

3 Ways Vendors Can Inspire Customer Trust Amid Breaches

03/31/2021
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.

Weakness in EDR Tools Lets Attackers Push Malware Past Them

03/31/2021
A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows.

Security on a Shoestring? More Budget Means More Detection

03/30/2021
Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.

Publicly Available Data Enables Enterprise Cyberattacks

03/30/2021
Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.

What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack

03/30/2021
A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.

White Ops Renames Company 'Human'

03/30/2021
The company first confirmed plans to change its name in October 2020.

What You Need to Know -- or Remember -- About Web Shells

03/30/2021
What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.

Watch Out for These Cyber-Risks

03/30/2021
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.

Ghost Users Haunt Healthcare Firms

03/30/2021
Data security hygiene severely lacking among healthcare firms, new research shows.

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

03/30/2021
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.

In the Rush to Embrace Hybrid Cloud, Don't Forget About Security

03/30/2021
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.

Manufacturing Firms Learn Cybersecurity the Hard Way

03/29/2021
Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.

Attackers Target PHP Git Server to Backdoor Source Code

03/29/2021
The PHP maintainers have decided to make GitHub the official source for PHP repositories going forward.

SolarWinds Hackers Accessed DHS Chief's Email

03/29/2021
Several high-level government accounts were also breached in the attack.

4 Open Source Tools to Add to Your Security Arsenal

03/29/2021
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.