Dark Reading

Former White House CIO Shares Enduring Security Strategies

11/20/2019
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.

Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments

11/20/2019
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.

Why Multifactor Authentication Is Now a Hacker Target

11/20/2019
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.

Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones

11/20/2019
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.

I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned

11/19/2019
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.

Magecart Hits Macy's: Retailer Discloses Data Breach

11/19/2019
The retail giant discovered malicious code designed to capture customer data planted on its payment page.

If You Never Cared About Security ...

11/19/2019
Oh, I used to feel that way. (Until a BEC attack.)

A Security Strategy That Centers on Humans, Not Bugs

11/19/2019
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.

Facebook Discloses WhatsApp MP4 Video Vulnerability

11/18/2019
A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.

Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI

11/18/2019
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.

13 Security Pros Share Their Most Valuable Experiences

11/18/2019
From serving as an artillery Marine to working a help desk, a baker's dozen of security pros share experiences that had the greatest influence on their careers.

New: Everything You Always Wanted to Know About Security at the Edge But Were Afraid to Ask

11/18/2019
The secure perimeter as we know it is dissolving. So how do you protect your crown jewels when the castle has no walls?

Attackers' Costs Increasing as Businesses Focus on Security

11/15/2019
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.

DevSecOps: The Answer to the Cloud Security Skills Gap

11/15/2019
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.

US-CERT Warns of Remotely Exploitable Bugs in Medical Devices

11/14/2019
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.

8 Backup & Recovery Questions to Ask Yourself

11/14/2019
Don't wait until after a disaster, DDoS, or ransomware attack to learn just how good your backups really are.

How Does Your Cyber Resilience Measure Up?

11/14/2019
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.

Cardplanet Operator Extradited for Facilitating Credit Card Fraud

11/13/2019
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.

Unreasonable Security Best Practices vs. Good Risk Management

11/13/2019
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.

Report: Cross-Site Scripting Still Number One Web Attack

06/01/2018
SQL injection is the second most common technique, with IT and finance companies the major targets.