Dark Reading

Should Hacking Have a Code of Conduct?

09/26/2022
For white hats who play by the rules, here are several ethical tenets to consider.

How Quantum Physics Leads to Decrypting Common Algorithms

09/26/2022
YouTuber minutephysics explains how Shor's algorithm builds on existing formulae like Euclid's algorithm and Fourier transforms to leverage quantum superpositioning and break encryption.

We're Thinking About SaaS the Wrong Way

09/26/2022
Many enterprise applications are built outside of IT, but we still treat the platforms they're built with as point solutions.

App Developers Increasingly Targeted via Slack, DevOps Tools

09/23/2022
Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

09/23/2022
The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

09/23/2022
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

09/23/2022
Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

How Europe Is Using Regulations to Harden Medical Devices Against Attack

09/23/2022
Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack.

Neglecting Open Source Developers Puts the Internet at Risk

09/23/2022
From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

09/23/2022
With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.

Mitigating Risk and Communicating Value in Multicloud Environments

09/23/2022
Protecting against risk is a shared responsibility that only gets more complex as you mix the different approaches of common cloud services.

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group

09/22/2022
Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.

Developer Leaks LockBit 3.0 Ransomware-Builder Code

09/22/2022
Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.

CircleCI, GitHub Users Targeted in Phishing Campaign

09/22/2022
Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

09/22/2022
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

09/22/2022
NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.

Malicious npm Package Poses as Tailwind Tool

09/22/2022
Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses

09/22/2022
Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

09/22/2022
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.