Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Researchers Uncover Unsophisticated – But Creative – Watering-Hole Attack
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
Why Third-Party Risk Management Has Never Been More Important
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
Latest Security News & Commentary about COVID-19
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
The data was breached through the credentials of two franchisee employees.
Patching Poses Security Problems with Move to More Remote Work
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
Palo Alto Networks to Buy CloudGenix for $420M
Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.
Does the 2020 Online Census Account for Security Risk?
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
How Much Downtime Can Your Company Handle?
Why every business needs cyber resilience and quick recovery times.
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Microsoft Edge Will Tell You If Credentials Are Compromised
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
HackerOne Drops Mobile Voting App Vendor Voatz
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.
Untangling Third-Party Risk (and Fourth, and Fifth…)
Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Malicious USB Drive Hides Behind Gift Card Lure
Victims are being enticed to insert an unknown USB drive into their computers.
Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
The Wild, Wild West(world) of Cybersecurity
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks
Goal is to help organizations - especially healthcare entities - protect against cybercriminals trying to take advantage of the pandemic.
Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC
Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.
Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
OpenWRT is vulnerable to attacks that execute malicious code
Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
Privacy in critical care after telehealth demands jump
As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...
