Dark Reading
Proposed HTTPA Protocol Uses TEEs to Secure the Web
Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost web security.
Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students
$10,000 to be awarded annually for four years each by Optiv’s Black Employee Network.
Microsoft-Signed Rootkit Targets Gaming Environments in China
FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process.
Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges
Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.
MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services
Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.
CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations
Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.
Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme
Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.
Google: Phishing Campaign Targets YouTube Creators
The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.
Removing Friction for the Enterprise With Trusted Access
Our work lives are supposed to be simpler and easier because of technology. At least that’s the promise.
Passwordless Is the Future … but What About the Present£
Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits — and drawbacks — to users.
The Ransomware Payment Dilemma: Should Victims Pay or Not£
It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.
JavaScript Packing Found in More Than 25% of Malicious Sites
Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.
Deepfake Audio Scores $35M in Corporate Heist
A combination of business email compromise and deepfake audio led a branch manager to transfer millions to scammers, in a case that serves as a warning to organizations.
Penetration Testing in the Cloud Demands a Different Approach
Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.
Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign
LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.
Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises
Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
Enterprise Cybersecurity Strategies Are Getting More Attention
Data in Dark Reading's "2021 Strategic Security Survey" report suggest organizations are taking the security challenge seriously.
Query.ai Closes $15M Series A for Security Investigations Tool
The funding will support product development for Query.AI's browser-based security investigations tool.
Keysight Technologies Acquires SCALABLE Network Technologies
Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio.
2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored
Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.
CrowdStrike Invests in Microsoft AD Competitor JumpCloud
Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.
Candy Corn Maker Hit With Ransomware
Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.
Name That Toon: Bone Dry
Feeling creative£ Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Privacy Management for Microsoft 365 Now Generally Available
The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.
Winners Announced for 2021 Infosec Inspire Security Awareness Awards
Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.
Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors
Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.
Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster
Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.
Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency
Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.
The Simmering Cybersecurity Risk of Employee Burnout
Why understanding human behavior is essential to building resilient security systems.
Damages Escalate Rapidly in Multiparty Data Breaches
Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage.
7 Cross-Industry Technology Trends That Will Disrupt the World
Recent McKinsey analysis examines which technologies will have the most momentum in the next 10 years. These are the trends security teams need to know to protect their organizations effectively.
FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream
New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies.
Group With Potential Links to Iranian Threat Actor Resurfaces
The Lyceum group has previously been linked to attacks on targets in the Middle East.
Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud
As retailers roll out more fulfillment options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.
NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware
Ransomware has become a "national security issue," NSA director said.
(ISC)² Plans Entry-Level Certification for Aspiring Security Pros
The certification aims to help new entrants to the security field with professional development and career paths early on.
Sinclair Broadcast Group Confirms Ransomware Attack
The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.
In Cyberwar, Attribution Can Be Impossible — and That's OK
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
10 Hot Red Team Tools Set to Hit Black Hat Europe
The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros.
China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
How Attackers Hack Humans
Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.
'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks
Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.
Evolution Equity Partners Close $400M for Cybersecurity Investments
The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
Why a passion for helping people is key to delivering effective cybersecurity solutions.
How AI Can Stop Zero-Day Ransomware
Ransomware attacks are unpredictable. AI is better at figuring out what looks malicious and abnormal than humans will ever be.
Enterprise Data Storage Environments Riddled With Vulnerabilities
Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.
Increased Security Spending to Support Distributed Workforce
Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.
Deepfence Announces Open Source Availability of ThreatMapper
Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.
US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn
CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks.
Praetorian Launches Snowcat Tool for Istio
Snowcat is the world's first static analysis tool dedicated to Istio.
Digging Deep Into the Top Security Certifications
When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing£
Open Source Security Foundation Raises $10M
Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden's executive order and commit to a more secure future for software.
The Human Element Is the Weakest Link
While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours.
How Security Teams Can Reinforce End-User Awareness
Training programs provide the information, but security teams can reinforce these for better end-user education.
6 Lessons From the Expiration of the Let's Encrypt Root Certificate
Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say.
Fugue Adds Kubernetes Security Checks to Secure Infrastructure-as-Code
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.
SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks
Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.
What Does a Chief Product Security Officer Do£
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.
VirusTotal Shares Data on Ransomware Activity
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.
Are You Ready for the Privacy Laws Tsunami£
Think PCI, HIPAA, and GDPR compliance is tough£ There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.
Corelight Unveils Corelight Labs, a Hub for Research and Innovation
Company expands its research expertise with addition of AI and security operations experts from its PatternEx acquisition to the Labs team.
Worried Over Antitrust Debate, Apple Talks Sideloading Dangers
Apple argues in a position paper that sideloading apps poses a major security threat to its users, as many lawmakers and technologists criticize its App Store as a monopoly.
A Close Look at Russia's Ghostwriter Campaign
The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics.
Microsoft Fixes Zero-Day Flaw in Win32 Driver
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.
New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted
Encryption startup Vaultree aims to give companies the ability to work with fully encrypted data in the cloud.
Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified
Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs.
High-Profile Breaches Are Shifting Enterprise Security Strategy
Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.
New CrowdXDR Alliance Defines Data Exchange Standard for XDR
Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight have joined the coalition.
Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems
Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found.
Why Choke-Point Analysis Is Essential in Active Directory Security
Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths.
Google Launches Security Advisory Service, Security to Workspaces
Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft.
Palo Alto Networks to Transfer Stock Exchange Listing to Nasdaq
Palo Alto Networks anticipates meeting the requirements for inclusion in the NASDAQ-100 index when it rebalances in December.
Oracle Cloud Joins ONUG Collaborative
ONUG Collaborative welcomes new members including Oracle Cloud, Sysdig, Wiz, Intuit, Adobe, Qualys, and F5.
Kaspersky Updates Industrial Cybersecurity Service
Kaspersky Industrial CyberSecurity unlocks centralized management and visibility across entire OT infrastructure.
RealDefense Completes Fourth Cyber Security Acquisition; Adds STOPzilla to Its Portfolio
RealDefense holding company seeks to acquire additional security companies and brands through partnership with Corbel Capital Partners.
Not Hitting Your Security KPIs£ Get the Whole Business Involved
CISOs can deliver better outcomes and get the support they need by linking security processes to business results.
Overly Complex IT Infrastructures Pose Security Risk
Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds.
7 Smart Ways a Security Team Can Win Stakeholder Trust
By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.
Wiz Reaches $6B Valuation
Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth.
Handling Threat Intelligence Across Billions of Data Points
Graph databases can play a role in threat intelligence and unraveling sprawling data.
Forcepoint to Acquire Bitglass
Deal will merge Bitglass's security service edge technology with Forcepoint’s SASE architecture.
IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities
Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.
The 5 Phases of Zero-Trust Adoption
Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data.
Applying Behavioral Psychology to Strengthen Your Incident Response Team
A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.
Continuous Authentication Tech Looms Large in Deployment Plans
Security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities.
North American Orgs Hit With an Average of 497 Cyberattacks per Week
A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.
'FontOnLake' Malware Family Targets Linux Systems
Researchers report that the location of its C2 server and the countries where samples were uploaded may indicate targets include Southeast Asia.
71% of Security Pros Find Patching to be Complex and Time Consuming, Ivanti Study Confirms
Challenges with lack of time and vulnerability and patching prioritization are putting organizations at increased risk of cyberattacks.
Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks
CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.
Hardware Bolsters Medical Device Security
New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices.
Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service
Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications.
HP Extends Security Features to Work-from-Home Devices
HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers.
Microsoft: 58% of Nation-State Cyberattacks Come From Russia
A wealth of Microsoft data highlights trends in nation-state activity, hybrid workforce security, disinformation, and supply chain, IoT, and OT security.
What Are Some Red Flags in a Vendor Security Assessment£
The last thing you want is a vendor that lies to you about its security practices.
CyberArk Leads the PAM Omdia Universe
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
Rapid RYUK Ransomware Attack Group Christened as FIN12
Prolific ransomware cybercrime group's approach underscores a complicated, layered model of cybercrime.
Former Google Employees Launch Supply Chain Security Startup
Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise.
New Kaspersky Service Delivers Cyberthreat Insights on Request
Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues.
New Regulations Are Coming — Get a Handle on Your App Portfolio
With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape.
Feed Fetched by RSS Dog.