Dark Reading

CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day

11/01/2021
CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.

Zscaler’s 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats

11/01/2021
Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust security

New 'Trojan Source' Method Lets Attackers Hide Vulns in Source Code

11/01/2021
Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.

CrowdStrike to Buy Zero-Trust SaaS Provider

11/01/2021
SecureCircle provides data-level zero-trust control to endpoints.

SonicWall: 'The Year of Ransomware' Continues with Unprecedented Late-Summer Surge

11/01/2021
2021 will be the most costly and dangerous year on record.

Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks

11/01/2021
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.

Understanding the Human Communications Attack Surface

11/01/2021
Companies should recognize that collaboration platforms aren't isolated, secure channels where traditional threats don't exist.

Enterprises Allocating More IT Dollars on Cybersecurity

10/29/2021
Enterprises are allocating more IT dollars towards implementing a multilayered approach to securing data and applications against new threats, data shows.

Snyk Agrees to Acquire CloudSkiff, Creators of driftctl

10/29/2021
New capabilities allow Snyk Infrastructure as Code customers to more effectively detect infrastructure drift.

APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm

10/29/2021
A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.

Russian National Accused of Role in Trickbot Is Extradited to US

10/29/2021
Court documents say Vladimir Dunaev is alleged to have been a malware developer for the Trickbot Group.

Cybercriminals Take Aim at Connected Car Infrastructure

10/29/2021
While car makers are paying more attention to cybersecurity, the evolution of automobiles into "software platforms on wheels" and the quick adoption of new features has put connected cars in the crosshairs.

What Exactly Is Secure Access Service Edge (SASE)?

10/29/2021
Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.

A Treehouse of Security Horrors

10/29/2021
True-life horrors from conversations with software engineers and developers. D'oh!

Finding the Right Approach to Cloud Security Posture Management (CSPM)

10/29/2021
Cloud security is maturing — it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal's CTO, reviews one of the latest: CSPM.

6 Ways to Rewrite the Impossible Job Description

10/28/2021
It's hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates.

SEO Poisoning Used to Distribute Ransomware

10/28/2021
This tactic — used to distribute REvil ransomware and the SolarMarker backdoor — is part of a broader increase in such attacks in recent months, researchers say.

Top Hardware Weaknesses List Debuts

10/28/2021
CWE list aimed at designers and programmers to avoid key hardware weaknesses early in product development.

ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round

10/28/2021
The $200M Series D represents the company's largest funding round to date.

Ordr Unveils Cybersecurity Innovations and Ransom-Aware Rapid Assessment Service to Expand Its Leadership In Connected D

10/28/2021
Enhanced ransomware detection, visualization of ransomware communications, and risk customization helps organizations respond to cyberattacks in minutes.