The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.
The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.
Follow Dark Reading:
 March 03, 2023
LATEST SECURITY NEWS & COMMENTARY
Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security
The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.
What GoDaddy's Years-Long Breach Means for Millions of Clients
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.
Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.
Booking.com's OAuth Implementation Allows Full Account Takeover
Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts.
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise
It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises.
Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It?
Overcoming the obstacles of this security principle can mitigate the damages of an attack.
On Shaky Ground: Why Dependencies Will Be Your Downfall
There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies.
BlackLotus Bookit Found Targeting Windows 11
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
The Importance of Recession-Proofing Security Operations
Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone.

Without FIDO2, MFA Falls Short
The open authentication standard addresses existing multifactor authentication security vulnerabilities.

MORE
EDITORS' CHOICE
Cyberattackers Double Down on Bypassing MFA
As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
LATEST FROM THE EDGE

Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer
Security Pro File: The old-school hacker traces a path from young hardware tinkerer to senior cybersecurity executive.
LATEST FROM DR TECHNOLOGY

IBM Contributes Supply Chain Security Tools to OWASP
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard.
WEBINARS
  • SecDevOps: The Smart Way to Shift Left

    DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ...

  • Ten Emerging Vulnerabilities Every Enterprise Should Know

    Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Axis Security Acquisition Strengthens Aruba's SASE Solutions With Integrated Cloud Security and SD-WAN
Octillo Launches Women's Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education
DoControl's 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets
Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us