Dark Reading

Shift Left: From Concept to Practice

04/26/2021
By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.

Window Snyder Launches Startup to Fill IoT Security Gaps

04/23/2021
Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.

Password Manager Suffers 'Supply Chain' Attack

04/23/2021
A software update to Click Studios' Passwordstate password manager contained malware.

Insider Data Leaks: A Growing Enterprise Threat

04/23/2021
Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features

04/23/2021
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.

SOC 2 Attestation Tips for SaaS Companies

04/23/2021
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.

Tell Us the Truth: Why Do You LOVE Passwords?

04/23/2021
There must be something you appreciate about the humble password, right? Tell us what you think.

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

04/22/2021
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.

The Edge Pro Tip: Brush Up on Web Shells

04/22/2021
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.

Edge Poll: Passwordless Plans

04/22/2021
How long do you think it will be before your organization gets rid of passwords?

New CISA Advisories Warn of ICS Vulnerabilities

04/22/2021
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.

Prometei Botnet Adds New Twist to Exchange Server Attacks

04/22/2021
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.

Improving the Vulnerability Reporting Process With 5 Steps

04/22/2021
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

04/22/2021
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.

Name That Toon: Greetings, Earthlings

04/22/2021
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.

Looking for Greater Security Culture? Ask an 8-Bit Plumber

04/22/2021
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.

10 Free Security Tools at Black Hat Asia 2021

04/22/2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

04/22/2021
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.

Who's Your Login?

04/22/2021
If only Abbott and Costello were around today.

Rapid7 Acquires Velociraptor Open Source Project

04/21/2021
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.