Dark Reading

Shift Left: From Concept to Practice

By moving security into development, your team can find and fix vulnerabilities before they become expensive, difficult, and publicly embarrassing problems.

Window Snyder Launches Startup to Fill IoT Security Gaps

Thistle Technologies aims to help connected device manufacturers securely deliver updates to their products.

Password Manager Suffers 'Supply Chain' Attack

A software update to Click Studios' Passwordstate password manager contained malware.

Insider Data Leaks: A Growing Enterprise Threat

Report finds 85% of employees are more likely to leak sensitive files now than before the COVID-19 pandemic.

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features

Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.

SOC 2 Attestation Tips for SaaS Companies

Attestation helps SaaS vendors demonstrate that digital security is a primary focus.

Tell Us the Truth: Why Do You LOVE Passwords?

There must be something you appreciate about the humble password, right? Tell us what you think.

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.

The Edge Pro Tip: Brush Up on Web Shells

While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.

Edge Poll: Passwordless Plans

How long do you think it will be before your organization gets rid of passwords?

New CISA Advisories Warn of ICS Vulnerabilities

The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.

Prometei Botnet Adds New Twist to Exchange Server Attacks

Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.

Improving the Vulnerability Reporting Process With 5 Steps

Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.

Name That Toon: Greetings, Earthlings

Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.

Looking for Greater Security Culture? Ask an 8-Bit Plumber

After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.

10 Free Security Tools at Black Hat Asia 2021

Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.

Who's Your Login?

If only Abbott and Costello were around today.

Rapid7 Acquires Velociraptor Open Source Project

The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.