Follow Dark Reading:
 April 22, 2021
LATEST SECURITY NEWS & COMMENTARY
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
Attackers Heavily Targeting VPN Vulnerabilities
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
White House Scales Back Response to SolarWinds & Exchange Server Attacks
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
Lazarus Group Uses New Tactic to Evade Detection
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
Name That Toon: Greeting, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE NEWS & COMMENTARY
HOT TOPICS
Attackers Compromised Code-Checking Vendor's Tool for Two Months
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

SolarWinds: A Catalyst for Change & a Cry for Collaboration
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

MORE
EDITORS' CHOICE

10 Free Security Tools at Black Hat Asia 2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
LATEST FROM THE EDGE

7 Old IT Things Every New InfoSec Pro Should Know
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Making XDR Work in Your Enterprise - Dark Reading

    In this Dark Reading webinar, experts discuss the real-life implementation issues surrounding emerging detection and response technologies. You'll learn how these emerging technologies can be integrated with your existing cybersecurity tools, and how XDR technology might affect your cybersecurity operations ...

  • Keys to Better Cyber Risk Assessment

    At this Dark Reading webinar, learn about the costs associated with today's threats and data breaches, how to measure current threats, and how to quantify the risks to your organization, so that you can implement the tools and processes to ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

2021 Top Enterprise IT Trends
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Netacea Releases "Buying Bad Bots Wholesale: The Genesis Market" Report
Mandiant Advantage Expands SaaS platform with New Mandiant Automated Defense Module
Former Google Security Execs Join Red Canary
Cynet Activates Competitive Replacement Program for Customers Migrating to Cynet 360 XDR Platform
Sift Streamlines Digital Trust & Safety Suite to Protect Merchants Against the Fraud Economy
MITRE Engenuity Announces Results from Evaluating Enterprise Security Products Against Cybercrime Threats
Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities
Zscaler Advances Zero Trust Security for the Digital Business
MORE PRODUCTS & RELEASES
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2021  |   Informa Tech  |  Privacy Statement  |   Terms & Conditions  |  Contact Us