The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say.
Follow Dark Reading:
 November 17, 2022
LATEST SECURITY NEWS & COMMENTARY
MITRE Engenuity Launches Evaluations for Security Service Providers
The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say.
Thousands of Amazon RDS Snapshots Are Leaking Corporate PII
A service that allows organizations to back up data in the cloud can accidentally leak sensitive data to the public Internet, paving the way for abuse by threat actors.
Misconfigurations, Vulnerabilities Found in 95% of Applications
Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests.
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon'
An in-depth analysis of system-destroying malware families presented at Black Hat Middle East & Africa shows a growing nuance in terms of how they're deployed.
Cookies for MFA Bypass Gain Traction Among Cyberattackers
Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.
Twitter's CISO Takes Off, Leaving Security an Open Question
Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action.
Amazon, Microsoft Cloud Leaks Highlight Lingering Misconfiguration Issues
Cloud storage databases, often deployed as "rogue servers" without the blessing of the IT department, continue to put companies and their sensitive data at risk.
Quantum Cryptography Apocalypse: A Timeline and Action Plan
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.
Why CVE Management as a Primary Strategy Doesn't Work
With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.
How to Close Kubernetes' Network Security Gap
StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit.
Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War
President Zelensky offers hard-won Ukrainian cybersecurity expertise to other countries that want to protect citizen populations.
5 Easy Steps to Bypass Google Pixel Lock Screens
PIN-locked SIM card? No problem. It's easy for an attacker to bypass the Google Pixel lock screen on unpatched devices.
Google Forks Over $391.5M in Record-Setting US Consumer Privacy Settlement
A misleading location-tracking practice ensnared the search-engine giant in massive privacy case spanning 40 states.
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Cybersecurity Best Practice Is Critical for Winning the New Space Race
The race is actually a relay — one that requires collaboration to win.

New Ransomware Data Is In: What's Happening and How to Fight Back
Be proactive about data defense. Start with the right data, leverage domain expertise, and create models that help you target the most critical vulnerabilities.

How Routine Pen Testing Can Reveal the Unseen Flaws in Your Cybersecurity Posture
Testing is an ongoing mission, not a one-and-done fix.

MORE
EDITORS' CHOICE
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.
LATEST FROM THE EDGE

Modern CISO: More Than a Security Officer
YL Ventures CISO-in-residence Frank Kim weighs in on the top security concerns facing CISOs in a Dark Reading interview.
LATEST FROM DR TECHNOLOGY

Where Can Third-Party Governance and Risk Management Take Us?
Part 2 in our series addressing the top 10 unanswered questions in security: How will TPGRM evolve?
WEBINARS
  • Seeing Your Attack Surface Through the Eyes of an Adversary

    The best way to manage exposure, reduce risk, and improve your security posture is to understand your attack surface through the eyes of an attacker. Cortex Xpanse provides automated Attack Surface Management with an agentless implementation. Xpanse scans the entirety ...

  • Developing and Testing an Effective Breach Response Plan

    When cyber attackers hit your network and your databases have been breached, do you know what you have to do and who to call? What do you tell your customers, employees, and other stakeholders, and when do you tell them? ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
BitSight Enhances Its Third-Party Risk Management Platform to Help Organizations Respond to Major Vulnerabilities
More Than 1,000 New Cybersecurity Apprentices Joined Workforce in Past 12 Months
Palo Alto Networks Announces PAN-OS 11.0 Nova to Help Keep Organizations One Step Ahead of Zero-Day Threats
Cymulate Survey Finds Consolidation Is Happening, but Only 20% Cite Cost As the Reason
Viakoo Announces Strategic Alliance With Nozomi Networks to Deliver Agentless, End-to-End IoT Security at Scale
Yakima Neighborhood Health Services Notice of Data Security Incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Avatier Achieves ISO 27001 Certification for its Information Security Management System
Red Canary Provides First-Ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Creating an Effective Incident Response Plan
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us