Dark Reading

Backward-Compatible Post-Quantum Communications Is a Matter of National Security

04/20/2022
When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive.

From Passive Recovery to Active Readiness

04/20/2022
This is the shift that companies need to make after a cyberattack.

Fortress Tackles Supply Chain Security, One Asset at a Time

04/19/2022
Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information.

Microsoft Launches Purview Platform to Govern, Protect, and Manage Sensitive Data

04/19/2022
The rebranded Microsoft Purview platform integrates Microsoft 365 Compliance and Azure Purview, and adds new capabilities and products to help manage data no matter where it resides.

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

04/19/2022
Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises

04/19/2022
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.

RF Code Announces Sentry, a New Edge Solution for Remote Locations

04/19/2022
Provides autonomous and uninterrupted monitoring of unmanned IT locations at scale.

New Kiteworks Report Reveals Significant Risk Maturity Gap

04/19/2022
Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

How to Interpret the EU's Guidance on DNS Abuse Worldwide

04/19/2022
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.

Adversaries Look for "Attackability" When Selecting Targets

04/19/2022
A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.

Verica Launches Prowler Pro to Make AWS Security Simpler for Customers

04/19/2022
The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.

76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year

04/18/2022
Study shows that more than 35% have suffered seven or more successful attacks.

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

04/18/2022
Swimlane’s Asia-Pacific presence grows 173%, highlighting rising demand for low-code security automation.

Security-as-Code Gains More Support, but Still Nascent

04/18/2022
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

Security Lessons From a Payment Fraud Attack

04/18/2022
Companies need to detect and counteract brute-force and enumeration attacks before fraudsters run away with their customers' funds.

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps

04/18/2022
IT departments must account for the business impact and security risks such applications introduce.

Name That Toon: Helping Hands

04/18/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now

04/18/2022
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.

Upgrades for Spring Framework Have Stalled

04/15/2022
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December