A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
The latest startup to enter the attack surface management space also has a free scanning service to audit the contents of any website.
Cybrary Unveils Next-Generation Interactive, Hands-On Training Experience to Upskill Cybersecurity Professionals
New SOC Analyst Assessment delivers threat-informed training in a live lab environment to help cybersecurity professionals defend their organizations against the latest adversarial tactics and techniques.
The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices.
Upcoming Black Hat USA presentation will examine the implications of Kerberos weaknesses for security on the local machine.
The success of Domino's Flex IoT project can be attributed in large part to the security best practices it followed.
Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss.
Study offers a cyber "state of the industry" analysis from a hacker's perspective to help companies anticipate attacks.
Netscout Arbor Insight Leverages Patented ASI Technology to Enhance Security and Operational Awareness for Network Operators of Any Scale
Extends all aspects of the Arbor Sightline solution with unique, real-time multidimensional DDoS and traffic analytics capabilities.
Lacework Updates Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale
New time series model and enhanced alerting experience make it easy for organizations to address more threats in the cloud while enabling faster investigations.
Given the lack of reporting requirements, the findings are more like assumptions. Here's what organizations can do to minimize exposure.
Machine-learning algorithms alone may miss signs of a successful attack on your organization.
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks.
LIVE: Dark Reading News Desk at Black Hat USA 2022
A rising tide of threats — from API exploits to deepfakes to extortionary ransomware attacks — is threatening to overwhelm IT security teams.
HYAS Confront provides total visibility into your production environment, giving you insight into potential issues like cyber threats before they become problems.
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation.
A new workout leads to five smart lessons about the importance of converging security and fraud into a unified risk function.
Pipeline Operators Are Headed in the Right Direction, With or Without TSA's Updated Security Directives
A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better.