Dark Reading

Putting AI to Practical Use in Cybersecurity

02/09/2022
Almost every cybersecurity product has an AI component. Here is where it's working in the real world.

Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention

02/09/2022
Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.

Linux Malware on the Rise

02/09/2022
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.

Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover

02/09/2022
New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials.

Log4j and the Role of SBOMs in Reducing Software Security Risk

02/09/2022
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.

Mitigate Ransomware Risks With Modern Log Management

02/09/2022
Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

02/08/2022
One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

Google Cuts User Account Compromises in Half With Simple Change

02/08/2022
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

02/08/2022
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks

02/08/2022
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.

Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws

02/08/2022
Companies are scanning more applications for vulnerabilities — and more often.

Cyber Terrorism Is a Growing Threat & Governments Must Take Action

02/08/2022
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

Qualys Launches Context XDR

02/08/2022
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.

InterVision Unveils Ransomware Protection as a Service

02/08/2022
InterVision RPaaS solution provides protection, response, and recovery in one managed service.

Salesforce DevOps Needs Guardrails

02/08/2022
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

DeepSurface Security Secures $4.5M for Business Expansion

02/08/2022
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.

Prioritizing the Right Vulnerabilities to Reduce Risk

02/08/2022
Prioritization needs to be part of vulnerability management if security teams are to keep up and mitigate issues in a timely manner.

Russian APT Steps Up Malicious Cyber Activity in Ukraine

02/07/2022
Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.

FBI Publishes Indicators of Compromise for LockBit 2.0 Ransomware

02/07/2022
Flash bulletin alert includes mitigation strategies for defending against the ransomware.

A Prophylactic Approach for Today's Vulnerable Websites and Web Apps

02/07/2022
Take a proactive approach to client-side security: Why monitoring your JavaScript programming language is so important to your overall security posture.