Dark Reading

Many enterprise applications are built outside of IT, but we still treat the platforms they're built with as point solutions.

Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack.

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.

Protecting against risk is a shared responsibility that only gets more complex as you mix the different approaches of common cloud services.

Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.

Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.

Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.

.

Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.

Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.

.

The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector.