darkreading

The weaknesses gave attackers an avenue to take over millions of photovoltaic devices connected to Solarman and Deye's cloud-hosted management systems.

In a panel at Black Hat 2024, journalists and investigators explain their differing goals when a victim organization is breached.

As attack surfaces increase, partner networks widen, and security teams remain stretched, vulnerabilities and errors continue to be a daunting challenge.

The Dark Reading team spent two days on the Dark Reading News Desk interviewing the world's top cybersecurity experts.

Spectre and Meltdown exposed just how easy a target computer memory was for attackers. Several efforts are underway to protect memory.

Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, Delta Airlines. Will software liability follow?

At Black Hat USA, security researcher Michael Bargury released a "LOLCopilot" ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling.

Microsoft execs detailed the company's reaction to the CrowdStrike incident and emphasized the value of a collective identity.

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.

Black Hat presentation reveals adversaries don't need to complete all seven stages of a traditional kill chain to achieve their objectives.

Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.

Invisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.

The number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize.

The security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows computers worldwide last month.