Dark Reading

Spotlight on First Dan Kaminsky Fellow: Jonathan Leitschuh

03/10/2022
Human Security honors its late co-founder with a fellowship to fund smart and passionate cybersecurity advocates to do open source work for common good.

Ex-Canadian Government Employee Charged in NetWalker Ransomware Attacks

03/10/2022
Sebastien Vachon-Desjardins of Gatineau, Quebec, Canada, allegedly responsible for some $28 million in ransomware losses from victims in the US.

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

03/10/2022
While cyber insurance will continue to exist, it will cost more and cover less — and that's changing the risk your company faces.

Why You Should Be Using CISA's Catalog of Exploited Vulns

03/10/2022
It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.

Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government

03/10/2022
The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.

What Security Controls Do I Need for My Kubernetes Cluster?

03/09/2022
This Tech Tip offers some security controls to embed in your organization's CI/CD pipeline to protect Kubernetes clusters and corporate networks.

FBI Alert: Ransomware Attacks Hit Critical Infrastructure Organizations

03/09/2022
Bureau releases indicators of compromise for the RagnarLocker ransomware that has hit 10 different critical infrastructure sectors.

Bitdefender Launches New Password Manager Solution for Consumers

03/09/2022
Simplifies the creation and management of secure passwords for all online accounts across multiple platforms including mobile.

Palo Alto Networks Introduces Prisma Cloud Supply Chain Security

03/09/2022
Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities.

The Cloud-Native Opportunity for Zero Trust

03/09/2022
Cloud workload protection delivers on the promise of zero trust for virtual machines, containers, and serverless architectures across the application life cycle.

10 Signs of a Poor Security Leader

03/09/2022
Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for.

Zero Trust Can't Stop at the Federal Level

03/09/2022
The federal government must step in to help local and state governments implement zero trust.

Microsoft Patches Critical Exchange Server Flaw

03/08/2022
Remote code execution vulnerability among 71 bug fixes issued in March Patch Tuesday.

Even 'Perfect' APIs Can Be Abused

03/08/2022
Broad-scale API abuse is occurring every day as businesses make their data available to trading partners — and even the public.

TAC Security Launches ESOF Phish Infielder Tool to Help Organizations Prevent Phishing Attacks

03/08/2022
Available through TAC Security’s new ESOF® VMDR Next Generation Vulnerability and Risk Management Platform.

Dark Reading Reflects on International Women's Day

03/08/2022
A look at how far the information security industry has come — and how far it still has to go.

Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack

03/08/2022
PTC has issued patches for seven vulnerabilities — three critical — in its widely used Axeda remote management technology.

Security Industry Association Reveals the 2022 Women in Security Forum Power 100 List

03/08/2022
This new annual program showcases 100 women who are role models, leaders, innovators, and influencers in the global security industry.

Google to Buy Mandiant, Aims to Automate Security Response

03/08/2022
In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing focus on automation.

7 Essentials for More Security-Aware Design Automation

03/08/2022
Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.