Dark Reading

Open Source Software Security Begins to Mature

06/21/2022
Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security.

Capital One Attacker Exploited Misconfigured AWS Databases

06/20/2022
After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty.

Feds Take Down Russian 'RSOCKS' Botnet

06/20/2022
RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic.

Name That Toon: Cuter Than a June Bug

06/20/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

DDoS Attacks Delay Putin Speech at Russian Economic Forum

06/20/2022
A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack.

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

06/20/2022
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.

Security Lessons From Protecting Live Events

06/20/2022
Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.

The Cybersecurity Diversity Gap: Advice for Organizations Looking to Thrive

06/20/2022
Companies need to fill some of the 3.5 million empty cybersecurity seats with workers who bring different experiences, perspectives, and cultures to the table. Cut a few doors and windows into the security hiring box.

Ransomware and Phishing Remain IT's Biggest Concerns

06/17/2022
Security teams — who are already fighting off malware challenges — are also facing renewed attacks on cloud assets and remote systems.

WordPress Plug-in Ninja Forms Issues Update for Critical Bug

06/17/2022
The code injection vulnerability is being actively exploited in the wild, researchers say.

DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again

06/17/2022
The QNAP network-connected devices, used to store video surveillance footage, are a juicy target for attackers, experts warn.

Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware

06/17/2022
Most of the attacks involve the use of automated exploits, security vendor says.

Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure?

06/17/2022
The energy sector remains susceptible to both espionage between nation-states and cybercrime, and recent developments keep pointing toward more attacks.

Tackling 5 Challenges Facing Critical National Infrastructure Today

06/17/2022
The stakes are high when protecting CNI from destructive malware and other threats.

Internet Explorer Now Retired but Still an Attacker Target

06/16/2022
Though the once-popular browser is officially now history as far as Microsoft support goes, adversaries won't stop attacking it, security experts say.

BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield

06/16/2022
Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.

Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks

06/16/2022
SharePoint and OneDrive libraries can be encrypted in ransomware attack, researchers say.

What We Mean When We Talk About Cyber Insurance

06/16/2022
Cyber insurance is more than a policy for paying off ransomware gangs. It's designed to be something you transfer risk to when security controls fail.

Android Spyware 'Hermit' Discovered in Targeted Attacks

06/16/2022
The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report.

Unlocking the Cybersecurity Benefits of Digital Twins

06/16/2022
Security pros can employ the technology to evaluate vulnerabilities and system capabilities, but they need to watch for the potential risks.