Dark Reading

The Looming CISO Mental Health Crisis — and What to Do About It, Part 1

01/28/2022
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.

More Security Flaws Found in Apple's OS Technologies

01/28/2022
Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.

Navigating Nobelium: Lessons From Cloud Hopper & NotPetya

01/28/2022
Nearly every organization should assume that it is at risk, but there are ways of countering the tactics used by advanced persistent threats.

Data Privacy Day 2022: How Can AI Help in the Fight Against Ransomware?

01/28/2022
Fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, threatening data privacy

Phishing Simulation Study Shows Why These Attacks Remain Pervasive

01/27/2022
Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.

Security Service Edge: 4 Core Tenets for Your SASE Journey

01/27/2022
Historically we've held network conversations to address security problems, but that doesn't work in a cloud-based world.

IFSEC Seeks Security Pros for New Survey on Physical Access Control

01/27/2022
Take part in an IFSEC Global survey to better understand the state of access control in 2022.

With Cloud the Norm, Insiders Are Everywhere — and Pose Greater Risk

01/27/2022
After companies accelerated their adoption of cloud infrastructure, remote workers are now insiders and pose significant risks, and costs, to companies.

Barracuda Expands Email and Endpoint Protection Capabilities in MSP Security Offerings

01/27/2022
Barracuda enhances SKOUT Managed XDR offering via new integration with Barracuda Email Protection and alliance with SentinelOne for endpoint protection.

Censys Completes $35 Million Series B Funding Round Led by Intel Capital

01/27/2022
Also names Brad Brooks as new CEO.

Log4j Proved Public Disclosure Still Helps Attackers

01/27/2022
Disclosure also puts organizations in the awkward position of trying to mitigate a vulnerability without something like a vendor patch to do the job.

IT Pros May Use Cloud, But They Trust On-Prem More

01/26/2022
While opinions about the trustworthiness of the cloud are split, everyone believes that's where hackers will focus their efforts.

JFrog's New Tools Flag Malicious JavaScript Packages

01/26/2022
The three open source tools flag malicious JavaScript packages before they are downloaded and installed from the npm package manager.

Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub

01/26/2022
"BotenaGo" contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says.

ArmorCode Closes $11 Million Seed Funding Round

01/26/2022
Company will use new funds to extend its AppSecOps platform capabilities.

OMB Issues Zero-Trust Strategy for Federal Agencies

01/26/2022
Federal officials tout the strategy as a more proactive approach to securing government networks.

Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit

01/26/2022
The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.

Cybersecurity Is Broken: How We Got Here & How to Start Fixing It

01/26/2022
It's not just your imagination — malicious threats have exponentially increased organizational risk.

Why It's Time to Rethink Incident Response

01/26/2022
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.

Fighting Supply Chain Email Attacks With AI

01/26/2022
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.