Dark Reading

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

04/19/2022
Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises

04/19/2022
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.

RF Code Announces Sentry, a New Edge Solution for Remote Locations

04/19/2022
Provides autonomous and uninterrupted monitoring of unmanned IT locations at scale.

New Kiteworks Report Reveals Significant Risk Maturity Gap

04/19/2022
Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

How to Interpret the EU's Guidance on DNS Abuse Worldwide

04/19/2022
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.

Adversaries Look for "Attackability" When Selecting Targets

04/19/2022
A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.

Verica Launches Prowler Pro to Make AWS Security Simpler for Customers

04/19/2022
The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.

76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year

04/18/2022
Study shows that more than 35% have suffered seven or more successful attacks.

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

04/18/2022
Swimlane’s Asia-Pacific presence grows 173%, highlighting rising demand for low-code security automation.

Security-as-Code Gains More Support, but Still Nascent

04/18/2022
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

Security Lessons From a Payment Fraud Attack

04/18/2022
Companies need to detect and counteract brute-force and enumeration attacks before fraudsters run away with their customers' funds.

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps

04/18/2022
IT departments must account for the business impact and security risks such applications introduce.

Name That Toon: Helping Hands

04/18/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now

04/18/2022
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.

Upgrades for Spring Framework Have Stalled

04/15/2022
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December

Google Emergency Update Fixes Chrome Zero-Day

04/15/2022
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.

Cloud Cost, Reliability Raise IT Concerns

04/15/2022
IT professionals worry most about cloud security, but other questions arise about training, functionality, and performance.

Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans

04/15/2022
Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past.

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks

04/15/2022
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.