Dark Reading

80% of Firms Suffered Identity-Related Breaches in Last 12 Months

06/22/2022
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.

Risk Disconnect in the Cloud

06/22/2022
New Cloud Security Alliance (CSA) and Google Cloud study shows many enterprises struggle to measure and manage risk in their cloud workloads.

Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Nativ

06/21/2022
Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks.

7 Ways to Avoid Worst-Case Cyber Scenarios

06/21/2022
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.

VPNs Persist Despite Zero-Trust Fervor

06/21/2022
Most organizations still rely on virtual private networks for secure remote access.

China-Linked ToddyCat APT Pioneers Novel Spyware

06/21/2022
ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says.

RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex

06/21/2022
After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.

Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead

06/21/2022
Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties.

Why Financial Institutions Must Double Down on Open Source Investments

06/21/2022
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.

Evolving Beyond the Password: It's Time to Up the Ante

06/21/2022
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2)

BRATA Android Malware Evolves Into an APT

06/21/2022
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities.

Reducing Risk With Zero Trust

06/21/2022
Zero trust isn’t just about authentication. Organizations can combine identity data with business awareness to address issues such as insider threat.

56 Vulnerabilities Discovered in OT Products From 10 Different Vendors

06/21/2022
Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness.

AI Is Not a Security Silver Bullet

06/21/2022
AI can help companies more effectively identify and respond to threats, as well as harden applications.

Open Source Software Security Begins to Mature

06/21/2022
Only about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks, but those that do exhibit better security.

Capital One Attacker Exploited Misconfigured AWS Databases

06/20/2022
After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty.

Feds Take Down Russian 'RSOCKS' Botnet

06/20/2022
RSOCKS commandeered millions of devices in order to offer proxy services used to mask malicious traffic.

Name That Toon: Cuter Than a June Bug

06/20/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

DDoS Attacks Delay Putin Speech at Russian Economic Forum

06/20/2022
A Kremlin spokesman said that the St. Petersburg International Economic Forum accreditation and admissions systems were shut down by a DDoS attack.

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

06/20/2022
Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.