Dark Reading

It's Time to Rethink Identity and Authentication

10/01/2021
The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.

Enterprises Planning SecOps Technology Deployments

10/01/2021
With the easing of pandemic-related restrictions, enterprise defenders report they are investigating security operations technology to manage new risks that emerged over the past year.

Shades of SolarWinds Attack Malware Found in New 'Tomiris' Backdoor

09/29/2021
Malware contains similarities that suggest a possible link to malware that Russia's DarkHalo group used in its massive supply chain attack, researchers say.

Startup Beyond Identity Now Offers Passwordless Multifactor Authentication for Consumers

09/29/2021
The announcement comes two weeks after Microsoft gave users the option to fully remove passwords from their accounts.

Startup Beyond Identity Now Offers Passwordless Multifactor Authentication for Consumers

09/29/2021
The announcement comes two weeks after Microsoft gave users the option to fully remove passwords from their accounts.

50% of Servers Have Weak Security Long After Patches Are Released

09/29/2021
Many servers remain vulnerable to high-severity flaws in Microsoft Exchange Server, VMware vCenter, Oracle WebLogic, and other popular products and services.

Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data

09/29/2021
New threat research from the Salt Labs Security research team details Elastic Stack injection exploit that can result in DoS attacks and cascading API threats

Dell Technologies Addresses Modern Support and Security

09/29/2021
Services and security updates deliver customized IT support and secure PC experiences for work-from-anywhere employees.

1Password and Fastmail Partner to Boost Online Privacy

09/29/2021
Allows users to securely generate unique email aliases, adding an extra layer of online privacy.

Cyberspace, Cybergames, and Cyberspies

09/29/2021
How cyberspace has become a global cybergames stage, where all of us are actors.

Russian Officials Arrest Group-IB CEO, Accuse Him of Treason

09/29/2021
Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months.

Why Should I Care About HTTP Request Smuggling?

09/29/2021
HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.

DAST to the Future: Shifting the Modern AppSec Paradigm

09/29/2021
NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen — in production.

3 Security Initiatives AWS's New CEO Should Prioritize

09/29/2021
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.

Sneaky Android Trojan Siphons Millions Using Premium SMS

09/29/2021
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.

75K Email Inboxes Hit in New Credential Phishing Campaign

09/28/2021
Attacker used a legitimate — but likely deprecated — domain to sneak malicious emails past security filters, vendor says.

Outsourced Software Pose Greater Risks to Enterprise Application Security

09/28/2021
In the wake of SolarWinds and other third-party attacks, security teams worry that outsourced applications pose risks to the organization's application security, according to Dark Reading's recent "How Enterprises Are Developing Secure Applications" report.

NSA, CISA Issue Guidelines for Selecting and Securing VPNs

09/28/2021
Joint document includes configuration recommendations for hardening VPNs, and recommendations on how to select the most secure ones.

Most Large Enterprises Fail to Protect Their Domain Names

09/28/2021
Of the largest 2,000 companies in the world, 81% fail to take simple security measures, such as locking their domain with the registrar, leaving them open to domain shenanigans.

US Extradites CardPlanet Operator Back to Russia

09/28/2021
Russian national Aleksi Burkov was sentenced to nine years in prison for his operation of two websites facilitating payment card fraud.