Dark Reading

Enterprises Altering Their Supply Chain Defenses on Heels of Latest Breaches

07/13/2021
More than half of enterprises surveyed for Dark Reading's State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds.

Can Government Effectively Help Businesses Fight Cybercrime?

07/13/2021
From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?

The Trouble With Automated Cybersecurity Defenses

07/13/2021
While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.

Tool Sprawl & False Positives Hold Security Teams Back

07/13/2021
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.

SolarWinds Discloses Zero-Day Under Active Attack

07/12/2021
The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.

Microsoft Confirms Acquisition of RiskIQ

07/12/2021
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.

Kaseya Releases Security Patch as Companies Continue to Recover

07/12/2021
Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.

Navigating Active Directory Security: Dangers and Defenses

07/12/2021
Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.

How Dangerous Is Malware? New Report Finds It's Tough to Tell

07/09/2021
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.

CISA Analysis Reveals Successful Attack Techniques of FY 2020

07/09/2021
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.

New Framework Aims to Describe & Address Complex Social Engineering Attacks

07/09/2021
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

07/09/2021
The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.

It's in the Game (but It Shouldn't Be)

07/09/2021
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.

Morgan Stanley Discloses Data Breach

07/08/2021
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.

New WildPressure Malware Capable of Targeting Windows and MacOS

07/08/2021
The Trojan sends information back to the attackers' servers about the programming language of a target device.

Kaseya Hacked via Authentication Bypass

07/08/2021
The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.

The NSA's 'New' Mission: Get More Public With the Private Sector

07/08/2021
The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.

What Colonial Pipeline Means for Commercial Building Cybersecurity

07/08/2021
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

07/07/2021
Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.

Fake Android Apps Promise Cryptomining Services to Steal Funds

07/07/2021
Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.