Dark Reading

Log4j: A CISO's Practical Advice

12/24/2021
Working together is going to make getting through this problem a lot easier.

The Future of Work Has Changed, and Your Security Mindset Needs to Follow

12/23/2021
VPNs have become a vulnerability that puts organizations at risk of cyberattacks.

7 of the Most Impactful Cybersecurity Incidents of 2021

12/23/2021
There was a lot to learn from breaches, vulnerabilities, and attacks this year.

Microsoft Customer Source Code Exposed via Azure App Service Bug

12/22/2021
Researchers found an insecure default behavior in Azure App Service exposing source code of some customer applications deployed using "Local Git."

Nearly 50% of People Will Abandon Sites Prohibiting Password Reuse

12/22/2021
A new study investigating consumer password use found 25% of online shoppers would abandon their carts of $100 if prompted to reset a password at checkout.

CISA's New Log4j Scanner Aims to Find Vulnerable Apps

12/22/2021
The open-sourced scanner was derived from scanners built by members across the open source community, CISA reports.

Log4j Reveals Cybersecurity's Dirty Little Secret

12/22/2021
Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.

Why We Need to Consolidate Digital Identity Management Before Zero Trust

12/22/2021
Zero trust may be one of the hottest trends in cybersecurity, but just eliminating trust from networks isn’t enough to prevent successful organizational data breaches, says Wes Wright, CTO of Imprivata.

Future of Identity-Based Security: All-in-One Platforms or Do-It-Yourself Solutions?

12/22/2021
The functionality of all-in-one platforms is being deconstructed into a smorgasbord of services that can be used to develop bespoke end-user security procedures for specific work groups, lines of businesses, or customer communities.

UK Security Agency Shares 225M Passwords With 'Have I Been Pwned'

12/21/2021
The UK's NCA and NCCU have shared 225 million stolen emails and passwords with HIBP, which tracks stolen credentials.

Meta Files Federal Lawsuit Against Phishing Operators

12/21/2021
The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials.

93% of Tested Networks Vulnerable to Breach, Pen Testers Find

12/21/2021
Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers.

How Modern Log Management Strengthens Enterprises’ Security Posture

12/21/2021
If security teams are not logging everything, they are increasing security risk and making it more difficult to investigate and recover from a data breach. Modern log management goes beyond just a SIEM.

Preemptive Strategies to Stop Log4j and Its Variants

12/21/2021
Zero trust is key to not falling victim to the next big vulnerability.

The Future of Ransomware

12/21/2021
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.

How Is Zero Trust Evolving to Be More Continuous in Verifying Trust?

12/21/2021
For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.

Russian National Extradited for Illegal Hacking & Trading

12/20/2021
Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks.

New Log4j Attack Vector Discovered

12/20/2021
Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.

Brillio Acquires Cedrus Digital to Strengthen Their Digital Transformation Service Capabilities

12/20/2021
The acquisition of Cedrus Digital, with its consulting-led model and over 150 cloud, data and product engineers, primarily in the United States, will further augment Brillio’s nearshore digital transformation capabilities offered for Fortune 500 clients.

NetSPI Adds IoT Penetration Testing to its Suite of Offensive Security Services

12/20/2021
Led by IoT security expert Larry Trowell, the IoT pen-testing services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.