| | | LATEST SECURITY NEWS & COMMENTARY | | Log4j Highlights Need for Better Handle on Software Dependencies Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials. Google Buys Siemplify to Get Ahead in Cloud Security Google says the deal will bring security orchestration, automation, and response to its Google Cloud security portfolio and expand its Chronicle platform. New Attack Campaign Exploits Microsoft Signature Verification The Malsmoke attack group is behind a campaign that has exploited the Microsoft e-signature verification tool to target 2,100 victims. Attackers Exploit Log4j Flaws in Hands-on-Keyboard Attacks to Drop Reverse Shells Microsoft says vulnerabilities present a "real and present" danger, citing high volume of scanning and attack activity targeting the widely used Apache logging framework. In the Fight Against Cybercrime, Takedowns Are Only Temporary Disrupting access to servers and infrastructure continues to interfere with cybercrime activity, but it's far from a perfect strategy. Why CIOs Should Report to CISOs If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure. Creating the Next Generation of Secure Developers Helping management prioritize developer education is a tall order, but it's one the industry must figure out. Mobile Application Security: 2021's Breaches Many of last year's largest app breaches could have been prevented with testing, training, and the will to take app security seriously. The World Is Increasingly Controlled and Transformed by Algorithms Our digital interactions are being analyzed, predicted, and protected by algorithms and serve as a strategic, digital arsenal in defending against cyberattacks. Why We Need To Reframe the False-Positive Problem Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don't have. Zero Trust and Access: Protecting the Keys to the Kingdom Zero trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges. MORE NEWS / MORE COMMENTARY | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107 | | To update your profile, change your e-mail address, or unsubscribe, click here. | | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
