The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say.
| LATEST SECURITY NEWS & COMMENTARY | MITRE Engenuity Launches Evaluations for Security Service Providers The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say. Thousands of Amazon RDS Snapshots Are Leaking Corporate PII A service that allows organizations to back up data in the cloud can accidentally leak sensitive data to the public Internet, paving the way for abuse by threat actors. Misconfigurations, Vulnerabilities Found in 95% of Applications Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests. Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' An in-depth analysis of system-destroying malware families presented at Black Hat Middle East & Africa shows a growing nuance in terms of how they're deployed. Cookies for MFA Bypass Gain Traction Among Cyberattackers Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security. Twitter's CISO Takes Off, Leaving Security an Open Question Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action. Amazon, Microsoft Cloud Leaks Highlight Lingering Misconfiguration Issues Cloud storage databases, often deployed as "rogue servers" without the blessing of the IT department, continue to put companies and their sensitive data at risk. Quantum Cryptography Apocalypse: A Timeline and Action Plan Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive. Why CVE Management as a Primary Strategy Doesn't Work With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time. How to Close Kubernetes' Network Security Gap StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit. Ukraine's 'IT Army' Stops 1,300 Cyberattacks in 8 Months of War President Zelensky offers hard-won Ukrainian cybersecurity expertise to other countries that want to protect citizen populations. 5 Easy Steps to Bypass Google Pixel Lock Screens PIN-locked SIM card? No problem. It's easy for an attacker to bypass the Google Pixel lock screen on unpatched devices. Google Forks Over $391.5M in Record-Setting US Consumer Privacy Settlement A misleading location-tracking practice ensnared the search-engine giant in massive privacy case spanning 40 states. Unpatched Zimbra Platforms Are Probably Compromised, CISA Says Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says. MORE NEWS / MORE COMMENTARY | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|