Dark Reading

Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation

12/16/2021
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?

Rise in API-Based Attacks Underscore Investments in New Tools

12/15/2021
Noname Security's Series C fundraising tips the startup to over $1 billion in valuation -- a sign that organizations are beginning to look for API security tools and investors are looking for innovation in the space.

Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft

12/15/2021
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.

Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft

12/15/2021
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.

Dept. of Homeland Security Launches 'Hack DHS' Program

12/15/2021
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department's security posture.

Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory

12/15/2021
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support.

Meta Expands Bug-Bounty Program to Include Data Scraping

12/15/2021
Scraping bugs and scraped databases are two new areas of research for the company's bug-bounty and data-bounty programs.

Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace

12/15/2021
Cloud-native platform automates prevention, detection, and response to cyberattacks.

Kroll Acquires Security Compass Advisory

12/15/2021
Combined capabilities will help clients address the growing complexity of securing public, private and hybrid cloud, 5G, IoT, and industrial control systems

Privacy and Safety Issues With Facebook's New 'Metaventure'

12/15/2021
With access to a user's 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees.

What Are the Pros and Cons of a SASE Architecture?

12/15/2021
SASE is a promising and burgeoning networking architecture approach, but it's not without some challenges.

Why We Need "Developer-First" Application Security

12/15/2021
The way to improve the security of the modern software development life cycle and reduce the number of application-based breaches is to re-center app security around the needs of developers.

Why Cloud Storage Isn't Immune to Ransomware

12/15/2021
Cloud security is a shared responsibility. which sometimes leads to security gaps and complexity in risk management.

Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices

12/15/2021
Kryptowire’s end-to-end cybersecurity engine identified vulnerabilities granting system user-level privileges for arbitrary shell script execution.

Cisco's Ash Devata on Securing the Hybrid Workforce With Zero Trust

12/14/2021
Hybrid work is here to stay, and organizations can apply zero trust's three core principles to ensure a secure workforce, Devata says.

Tufin Introduces Security Policy Builder (SPB) App to Marketplace

12/14/2021
Automates security policy design to ensure compliance and reduce likelihood of breach announcing significant updates to other marketplace apps.

Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws

12/14/2021
Google Survey of 1,000 U.S. consumers uncovers data privacy disconnect, a call to action for businesses.

Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors

12/14/2021
Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say.

Propane Gas Distributor Hit With Ransomware

12/14/2021
North America-based Superior Plus "temporarily disabled" some of its systems in the wake of the attack.

Ransomware Hits Virginia Legislative Agencies

12/14/2021
The attack forced a shutdown of computer systems and websites for Virginia legislative agencies and commissions, reports state.