Dark Reading

Is XDR Right for My Organization?

03/11/2022
Well ... it depends on what you're trying to accomplish, at least for now. The good news is that many modern SIEMs are starting to adopt XDR-like capabilities.

Identity Attacks Threaten Workloads, Not Just Humans

03/11/2022
Companies have embraced the cloud and accelerated adoption, but with insider access to infrastructure even more available, can businesses defend their expanded attack surface?

Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others

03/11/2022
He's the fifth member of the REvil ransomware gang to get busted in the past year.

How to Combat the No. 1 Cause of Security Breaches: Complexity

03/11/2022
The scaling of hardware, software and people has created an ever-growing complexity problem.

Over 40% of Log4j Downloads Are Vulnerable Versions of the Software

03/10/2022
The data point is a reminder of why fixing the widespread vulnerability will take a long time.

Security Teams Prep Too Slowly for Cyberattacks

03/10/2022
Training and crisis scenarios find that defenders take months, not days, to learn about the latest attack techniques, exposing organizations to risk.

Spotlight on First Dan Kaminsky Fellow: Jonathan Leitschuh

03/10/2022
Human Security honors its late co-founder with a fellowship to fund smart and passionate cybersecurity advocates to do open source work for common good.

Ex-Canadian Government Employee Charged in NetWalker Ransomware Attacks

03/10/2022
Sebastien Vachon-Desjardins of Gatineau, Quebec, Canada, allegedly responsible for some $28 million in ransomware losses from victims in the US.

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

03/10/2022
While cyber insurance will continue to exist, it will cost more and cover less — and that's changing the risk your company faces.

Why You Should Be Using CISA's Catalog of Exploited Vulns

03/10/2022
It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.

Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government

03/10/2022
The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.

What Security Controls Do I Need for My Kubernetes Cluster?

03/09/2022
This Tech Tip offers some security controls to embed in your organization's CI/CD pipeline to protect Kubernetes clusters and corporate networks.

FBI Alert: Ransomware Attacks Hit Critical Infrastructure Organizations

03/09/2022
Bureau releases indicators of compromise for the RagnarLocker ransomware that has hit 10 different critical infrastructure sectors.

Bitdefender Launches New Password Manager Solution for Consumers

03/09/2022
Simplifies the creation and management of secure passwords for all online accounts across multiple platforms including mobile.

Palo Alto Networks Introduces Prisma Cloud Supply Chain Security

03/09/2022
Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities.

The Cloud-Native Opportunity for Zero Trust

03/09/2022
Cloud workload protection delivers on the promise of zero trust for virtual machines, containers, and serverless architectures across the application life cycle.

10 Signs of a Poor Security Leader

03/09/2022
Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for.

Zero Trust Can't Stop at the Federal Level

03/09/2022
The federal government must step in to help local and state governments implement zero trust.

Microsoft Patches Critical Exchange Server Flaw

03/08/2022
Remote code execution vulnerability among 71 bug fixes issued in March Patch Tuesday.

Even 'Perfect' APIs Can Be Abused

03/08/2022
Broad-scale API abuse is occurring every day as businesses make their data available to trading partners — and even the public.