Dark Reading

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia.

Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.

Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.

Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.

Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.

It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.

The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.

Cloud provider hosting "certain" IT systems attacked, company says.

The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.

How two traditionally disparate security disciplines can be united.

The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.

Crimes netted him $19 million overall.

Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.

And the winner of our December cartoon caption contest is ...

The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security.

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.

Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.

CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.