Dark Reading

Fortune 500 Security Shows Progress and Pitfalls

04/07/2021
Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.

Rethinking Cyberattack Response: Prevention & Preparedness

04/07/2021
The SolarWinds incident is the starkest reminder yet that complacency can exact a terrible price.

5 Ways to Transform Your Phishing Defenses Right Now

04/07/2021
By transforming how you approach phishing, you can break the phishing kill chain and meaningfully reduce your business risk.

Attackers Actively Seeking, Exploiting Vulnerable SAP Applications

04/07/2021
Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates.

Cartoon Caption Winner: Something Seems Afoul

04/07/2021
And the winner of Dark Readings's March cartoon caption contest is ...

Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021

04/06/2021
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.

Security Falls Short in Rapid COVID Cloud Migration

04/06/2021
The quick pivot to the cloud for remote support also ushered in risks.

Crime Service Gives Firms Another Reason to Purge Macros

04/06/2021
Recent Trickbot campaigns and at least three common banking Trojans all attempt to infect systems using malicious macros in Microsoft Office documents created using EtterSilent.

The Edge Pro Tip: Update Your DDoS Defense Plan

04/06/2021
The idea of monetizing distributed denial-of-service (DDoS) attacks dates back to the 1990s. But the rise of DDoS-for-hire services and cryptocurrencies has radically changed the landscape.

Ryuk's Rampage Has Lessons for the Enterprise

04/06/2021
The Ryuk ransomware epidemic is no accident. The cybercriminals responsible for its spread have systematically exploited weaknesses in enterprise defenses that must be addressed.

9 Modern-Day Best Practices for Log Management

04/06/2021
Log management is nothing new. But doing so smartly, correctly, and concisely in today's data-driven world is another story.

LinkedIn Phishing Ramps Up With More-Targeted Attacks

04/05/2021
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.

Kaspersky Uncovers New APAC Cyberespionage Campaign

04/05/2021
A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.

Data from 553 Million Facebook Accounts Leaked Online

04/05/2021
Personal information belonging to more than 533 million Facebook users was found available on a cybercrime forum.

Name That Edge Toon: Rough Patch?

04/05/2021
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

Inside the Ransomware Campaigns Targeting Exchange Servers

04/02/2021
Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month.

Hackers Demand $40M in Ransom From Florida School District

04/02/2021
District officials say they have no intention of paying the ransom

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities

04/02/2021
A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS.

US Tech Dominance Rides on Securing Intellectual Property

04/02/2021
A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

04/01/2021
Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?