Dark Reading

Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk

01/11/2022
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.

Businesses Suffered 50% More Cyberattack Attempts per Week in 2021

01/11/2022
The rise — partly due to Log4j — helped boost cyberattack attempts to an all-time high in Q4 2021, new data shows.

Why Security Awareness Training Should Begin in the C-Suite

01/11/2022
It's not just the rights and privileges that CXOs have on the network. They can also set an example of what good security hygiene looks like.

Kaspersky Research Uncovers Cybersecurity Budgets, Insurance, and Vendor Expectations for 2022

01/11/2022
Kaspersky commissioned a survey in October 2021 targeting 600 employees based in the US and Canada who are key decision makers for the cybersecurity sector within their company.

5 Things to Know About Next-Generation SIEM

01/11/2022
NG-SIEM is emerging as a cloud- and analytics-driven alternative to legacy SIEMs. Based on new research, Omdia highlights five important new insights for anyone considering a NG-SIEM purchase.

What Editing Crosswords Can Teach Us About Security Leadership

01/10/2022
When security leaders look for mistakes, they often find them before customers do.

No Significant Intrusions Related to Log4j Flaw Yet, CISA Says

01/10/2022
But that could change anytime, officials warn, urging organizations to prioritize patching against the critical remote code execution flaw.

Microsoft: macOS 'Powerdir' Flaw Could Enable Access to User Data

01/10/2022
The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data.

Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data

01/10/2022
The vulnerability could allow an attacker to bypass the macOS Transparency, Consent, and Control measures to access a user's protected data.

Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage

01/10/2022
Companies are more likely to rely on outside attorneys to handle cyber response in order to contain potential lawsuits. Meanwhile, cyber-insurance premiums are rising but covering less.

FBI Warns FIN7 Campaign Delivers Ransomware via BadUSB

01/10/2022
An FBI warning says the FIN7 cybercrime group has sent packages containing malicious USB drives to US companies in an effort to spread ransomware.

The Evolution of Patch Management: How and When It Got So Complicated

01/10/2022
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.

NHS Warns of Attackers Targeting Log4j Flaws in VMware Horizon

01/07/2022
An unknown threat group has been observed attacking VMware Horizon servers running versions with Log4j vulnerabilities.

MSP Thrive Acquires InCare Technologies

01/07/2022
Partnership extends Thrive's cloud and cybersecurity managed services platform to clients in the southern United States.

Cerberus Sentinel Acquires True Digital Security

01/07/2022
US cybersecurity services firm expands security services and network monitoring capabilities.

IT/OT Convergence Is More Than a Catchy Phrase

01/07/2022
The most successful strategies for protecting IT and OT from growing threats will include use of both the ISO 27000 series and ISA/IEC 62443 family of standards.

How to Proactively Limit Damage From BlackMatter Ransomware

01/07/2022
Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.

7 Predictions for Global Energy Cybersecurity in 2022

01/07/2022
Increased digitization makes strong cybersecurity more important than ever.

Enterprises Worry About Increased Data Risk in Cloud

01/06/2022
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.

Google Docs Comments Weaponized in New Phishing Campaign

01/06/2022
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.