Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days

The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.

The Edge Pro Tip: Proceed With Caution

Security pros offer up their post-SolarWinds patch-management advice.

Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project

Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.

Microsoft Exchange Server Attack Escalation Prompts Patching Panic

US government officials weigh in on the attacks and malicious activity, which researchers believe may be the work of multiple groups.

McAfee to Sell Enterprise Business to Equity Firm STG for $4B

The planned move is unlikely to do much for enterprise customers or for security vendor's consumer business, analysts say.

KnowBe4 Buys Competitor MediaPRO

Known for its phishing simulation platform, KnowBe4 says deal will help it expand in privacy and compliance training market.

Look to Banking as a Model for Stopping Crime-as-a-Service

The first step toward prevention is understanding the six most common CaaS services.

Microsoft Pushes Patches for Older Versions of Exchange Server

Additional patches arrive as CISA issues an alert urging all organizations to immediately patch the Microsoft Exchange vulnerabilities.

Leaked Development Secrets a Major Issue for Repositories

Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.

COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns

The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.

48% of Security Pros Prohibited From Intelligence-Sharing

Some do so anyway, according to new Kaspersky research.

Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire

And the winner of Dark Reading's February cartoon caption contest is ...

Linux Foundation Debuts Sigstore Project for Software Signing

Sigstore aims to improve the open source software supply chain by simplifying the process of cryptographic software signing.

Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day

The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.

Call Recorder iPhone App Flaw Uncovered

Researcher finds thousands of recorded calls easily accessible to others.

Digitally Transforming Trusted Transactions Through Biometrics, ML & AI

The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.

How to Protect Vulnerable Seniors From Cybercrime

According to the FBI, people over the age of 60 lose more money to cybercrime than any other age group. The good news: Safety is only three main tips away.

Black Hat USA

Mandalay Bay Convention Center Las Vegas

Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT

Three steps to fight this increasingly vexing problem.

Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches

Researchers have spotted multiple groups exploiting the zero-day Exchange server vulnerabilities.

'Thousands' of Verkada Cameras Affected by Hacking Breach

Thousands of Verkada cameras have been affected by a breach from a group of hackers, who have reportedly gained access to surveillance systems inside several high-profile companies, police departments, hospitals, prisons and schools.

US Schools Faced Record Number of Security Incidents in 2020

The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online.

Malware Operator Employs New Trick to Upload Its Dropper into Google Play

Check Point researchers recently discovered the Clast82 dropper hidden in nine legitimate Android utility apps.

5 Steps for Investigating Phishing Attacks

Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.

Actionable Tips for Engaging the Board on Cybersecurity

Up your game with your company's board of directors to help them understand your cybersecurity priorities.

Microsoft Exchange Server Exploit Code Posted to GitHub

The proof-of-concept tool, which contained exploits for two Exchange Server vulnerabilities, was quickly removed from GitHub.

Does XDR Mark the Spot? 6 Questions to Ask

Extended detection and response technology goes well beyond endpoint management to provide visibility into networks, servers, cloud, and applications. Could it be the answer to your security challenges?

Molson Coors Beer Operations Halted by Hack

No details yet disclosed on the cyberattack.

Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020

An analysis of 50 vulnerabilities finds a spectrum of risk, from widespread vulnerabilities exploited by a variety of attackers to serious issues that will likely be exploited in 2021.

F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech

F5 BIG-IP and BIG-IQ have multiple critical vulnerabilities that enable attackers to completely compromise systems.

Microsoft Reports 'DearCry' Ransomware Targeting Exchange Servers

Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits.

Power Equipment: A New Cybersecurity Frontier

Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.

Can a Programming Language Reduce Vulnerabilities?

Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity.

Contemplating the Coffee Supply Chain: A Horror Story

On the bean-to-cup journey, dangers await around every corner. Here, well-caffeinated security experts warn the coffee industry about the threats.

Microsoft Exchange Server Attacks: 9 Lessons for Defenders

Experts share their guidance for organizations running on-premise Exchange servers in the wake of rapidly spreading attacks.

Verkada Breach Demonstrates Danger of Overprivileged Users

In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.

How to Choose the Right Cybersecurity Framework

Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.

Name That Toon: Something Seems Afoul

Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.

Lookout Acquires SASE Cloud Provider CipherCloud

Deal signals a focus on the cloud for mobile security firm.

CISA Updates Microsoft Exchange Advisory to Include China Chopper

US officials warn organizations of China Chopper Web shells as new data sheds light on how the Exchange Server exploits have grown.

Buffalo Public Schools Cancel Classes Due to Ransomware

The FBI is investigating the March 12 attack that disrupted the school system's phased reopening this week.

DDoS's Evolution Doesn't Require a Security Evolution

They may have grown in sophistication, with more widespread consequences, yet today's distributed denial-of-service attacks can still be fought with conventional tools.

Metasploit Creator HD Moore's New Startup Raises $5M

Startup Rumble enters major new phase with venture capital investment led by Cisco-backed fund as well as big-name security entrepreneurs.

Combating Call Center Fraud in the Age of COVID

With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.

Software Development Security Firm Argon Announces Launch

Check Point founder Shlomo Kramer is one of the firm's investors.

Best Practices for Securing Service Accounts

While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.

Microsoft Releases Mitigation Tool for On-Premises Exchange Servers

The tool, developed for organizations without dedicated IT and security teams, is meant to be used as temporary mitigation.

IronNet Cybersecurity to Go Public in Merger

Company intends for the deal to drive adoption of its Collective Defense Platform.

Chinese APT Targets Telcos in 5G-Related Cyber-Espionage Campaign

Telemetry suggests that threat actor behind Operation Dianxun is Mustang Panda, McAfee says.

7 Tips to Secure the Enterprise Against Tax Scams

Tax season is yet another opportunity for fraudsters to target your company. Here's how to keep everyone in the organization on their toes.

Enterprises Wrestle With Executive Social Media Risk Management

Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.

COVID, Healthcare Data & the Dark Web: A Toxic Stew

The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.

Teen Behind Twitter Hack Agrees to Three Years in Prison

Graham Ivan Clark was 17 when accused of the attack that targeted several high-profile Twitter accounts.

CISA Issues Advisory on TrickBot Campaigns

US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.

RDP Attacks Persist Near Record Levels in 2021

A wave of attacks targeting Remote Desktop Protocol has continued throughout the pandemic as more employees continue to work from home.

Mimecast Says SolarWinds Attackers Accessed Its Source Code Repositories

But the amount of code downloaded is too little to be of any use, the email security vendor says in its latest update.

Ransom Payments Have Nearly Tripled

In 2020, ransomware targeted the manufacturing sector, healthcare organizations, and construction companies, with the average ransom reaching $312,000, a report finds.

Edge Poll: XDR Plans

How likely is your organization to adopt XDR technology?

What CISOs Can Learn From Big Breaches: Focus on the Root Causes

Address these six technical root causes of breaches in order to keep your company safer.

Beware the Package Typosquatting Supply Chain Attack

Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.