Author Archives: Kelly Sheridan Staff Editor, Dark Reading

Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs

Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.

Surviving Alert Fatigue: 7 Tools and Techniques

Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.

In A Crowded Endpoint Security Market, Consolidation Is Underway

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.

Phishing Campaign Targets Stripe Credentials, Financial Data

Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.

Sodinokibi Ransomware: Where Attackers’ Money Goes

Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.

Sophos for Sale: Thoma Bravo Offers $3.9B

Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.

iTunes Zero-Day Exploited to Deliver BitPaymer

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.

Magecart Attack on Volusion Highlights Supply Chain Dangers

Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.

Microsoft Issues 9 Critical Security Patches

None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.

Lack of Role Models, Burnout & Pay Disparity Hold Women Back

New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.

8 Ways Businesses Unknowingly Help Hackers

From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.

Researchers Link Magecart Group 4 to Cobalt Group

Their findings demonstrate how Group 4 is likely conducting server-side skimming in addition to client-side activity.

New Silent Starling Attack Group Puts Spin on BEC

The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'

Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls

The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.

Cloud Vulnerability Could Let One Server Compromise Thousands

A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.

Cloud-Native Applications: Shift to Serverless is Underway

A new report explores changes in cloud-native applications and complexities involved with securing them.

When Compliance Isn’t Enough: A Case for Integrated Risk Management

Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.

How to Define & Prioritize Risk Management Goals

As risk management programs differ from business to business, these factors remain constant.

Rethinking Risk Management

Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.

Ransomware Strikes 49 School Districts & Colleges in 2019

The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.

BSIMM10 Emphasizes DevOps’ Role in Software Security

The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.

How Cybercriminals Exploit Simple Human Mistakes

A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.

MITRE Releases 2019 List of Top 25 Software Weaknesses

The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.

Oracle Expands Cloud Security Services at OpenWorld 2019

The company broadens its portfolio with new services developed to centralize and automate cloud security.

Data Leak Affects Most of Ecuador’s Population

An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.

Malware Linked to Ryuk Targets Financial & Military Data

A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.

Instagram Bug Put User Account Details, Phone Numbers at Risk

The vulnerability, now patched, is the latest in a series of bad news for Facebook.

Security Leaders Share Tips for Boardroom Chats

Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.

281 Arrested in International BEC Takedown

Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.

M	T	W	T	F	S	S
« Sep
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

A Box in Space

Contents from some of my favorite Websites