darkreading

Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.

The company comes out of stealth with a tool that integrates directly into the developer's IDE to find flaws, offer remediation advice, and training materials to write secure code.

Attackers are triggering victims' deep-seated fear of getting in trouble in order to spread the sophisticated stealer across continents.

Campaigns like Silver Fox and Void Arachne are deploying the framework, using social media and messaging platforms to lure in victims.

Google Cloud will take a phased approach to make multifactor authentication mandatory for all users.

The draft amendment also includes prison time for those who access systems to maliciously spy or intercept data.

SANS's "2024 State of ICS.OT Cybersecurity report" highlights the most common types of attack vectors used against ICT/OT networks.

Interpol disrupts 22,000 malicious IP addresses, 59 servers, 43 electronic devices, and arrests 41 suspected cybercriminals.

Omdia Principal Analyst Hollie Hennessy says that until a promising new set of regulations around the world comes online, connected device security entails a shared responsibility among consumers, enterprises, and manufacturers.

The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.

In a time of increasingly sophisticated cross-domain attacks, relying solely on automated solutions isn't enough.

When it comes to landing a job in cybersecurity, what does it take to stand out from the pack? Try playing games.

The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.

The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.

Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.

Government and industry want to jump-start the conversation around "human-centric cybersecurity" to boost the usability and effectiveness of security products and services.

Zero trust is a mature approach that will improve your organization's security.

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.