Dark Reading

Beware the Bug Bounty

04/20/2021
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

White House Scales Back Response to SolarWinds & Exchange Server Attacks

04/19/2021
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.

Attackers Test Weak Passwords in Purple Fox Malware Attacks

04/19/2021
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.

Lazarus Group Uses New Tactic to Evade Detection

04/19/2021
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.

SolarWinds: A Catalyst for Change & a Cry for Collaboration

04/19/2021
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Pandemic Drives Greater Need for Endpoint Security

04/16/2021
Endpoint security has changed. Can your security plan keep up?

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

04/16/2021
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Security Gaps in IoT Access Control Threaten Devices and Users

04/16/2021
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

How the Biden Administration Can Make Digital Identity a Reality

04/16/2021
A digital identity framework is the answer to the US government's cybersecurity dilemma.

Software Developer Arrested in Computer Sabotage Case

04/15/2021
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.

Google Brings 37 Security Fixes to Chrome 90

04/15/2021
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

04/15/2021
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.

Pandemic Pushes Bot Operators to Redirect Efforts

04/15/2021
As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.

6 Tips for Managing Operational Risk in a Downturn

04/15/2021
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

04/15/2021
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

04/15/2021
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.

Thycotic & Centrify Merge to Form Cloud Identity Security Firm

04/14/2021
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

04/14/2021
The agency urges researchers to take precautions amid an ongoing targeted threat campaign.

FBI Operation Remotely Removes Web Shells From Exchange Servers

04/14/2021
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.

The CISO Life is Half as Good

04/14/2021
Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.