Dark Reading

New Vulnerability Database Catalogs Cloud Security Issues

06/28/2022
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.

NIST Finalizes macOS Security Guidance

06/27/2022
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.

Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud

06/27/2022
Balancing public service with fraud prevention requires rule revisions and public trust.

LockBit 3.0 Debuts With Ransomware Bug Bounty Program

06/27/2022
LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.

Shadow IT Spurs 1 in 3 Cyberattacks

06/27/2022
Cerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview.

Thrive Acquires DSM

06/27/2022
DSM is now the third acquisition by Thrive in Florida in the past six months.

It's a Race to Secure the Software Supply Chain — Have You Already Stumbled?

06/27/2022
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.

Threat Intelligence Services Are Universally Valued by IT Staff

06/24/2022
Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.

Why We're Getting Vulnerability Management Wrong

06/24/2022
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.

APT Groups Swarming on VMware Servers with Log4Shell

06/24/2022
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say

06/24/2022
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?

7 Steps to Stronger SaaS Security

06/24/2022
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.

The Cybersecurity Talent Shortage Is a Myth

06/24/2022
We have a tech innovation problem, not a staff retention (or recruitment) problem.

Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks

06/24/2022
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft

06/23/2022
Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.

Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings

06/23/2022
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.

ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities

06/23/2022
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."

Pair of Brand-New Cybersecurity Bills Become Law

06/23/2022
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.

The Rise, Fall, and Rebirth of the Presumption of Compromise

06/23/2022
The concept might make us sharp and realistic, but it's not enough on its own.

Reinventing How Farming Equipment Is Remotely Controlled and Tracked

06/23/2022
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.