Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 03 Nov 2025
Browser detection and response fills gaps in security programs

BDR is the latest tool to address detection and response as more and more communication occurs over Edge, Chrome and their counterparts. But does your organization really need it? Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 29 Oct 2025
Set up MFA in Microsoft 365 to safeguard data

Learn how to set up multifactor authentication in Microsoft 365 to enhance security, prevent unauthorized access and protect critical business data across the organization. Continue Reading
By
- Helen Searle-Jones, Tritech Group

News 12 Mar 2024
LockBit attacks continue via ConnectWise ScreenConnect flaws

Coalition is latest company to confirm LockBit activity against vulnerable ScreenConnect instances. But the insurer found significant differences between previous LockBit attacks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 11 Mar 2024
5 PaaS security best practices to safeguard the app layer

Underlying APIs, language choice and cybersecurity features can vary widely across PaaS providers. These five security best practices can help in almost any PaaS scenario. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 08 Mar 2024
How to create a local admin account with Microsoft Intune

Local admin accounts can cause problems for Windows administrators due to their lack of oversight and privileged account status. Learn how IT can manage these accounts with Intune. Continue Reading
By
- Brien Posey
Feature 08 Mar 2024
GenAI risks, rewards arise for DevOps and platform engineers

From chatbots that alleviate pressure on IT help desks to full-fledged LLMOps, DevOps and platform teams are at the forefront of enterprise generative AI adoption. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 06 Mar 2024
Apple discloses 2 iOS zero-day vulnerabilities

CVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed and patched this year. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 28 Feb 2024
New Nvidia, GitHub AI coding assistants expand devs' options

GitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants. But caution, especially with security, is still warranted. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws

Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 23 Feb 2024
GitHub Copilot replicating vulnerabilities, insecure code

Research from Snyk shows that AI assistants such as GitHub Copilot, which offer code completion suggestions, often amplify existing bugs and security issues in a user's codebase. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 22 Feb 2024
ConnectWise ScreenConnect flaws under attack, patch now

Huntress said in a blog post this week that the ConnectWise ScreenConnect flaws, which have come under attack, were 'trivial and embarrassingly easy' for a threat actor to exploit. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage

Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 15 Feb 2024
firewall as a service (FWaaS)

Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By
- Paul Kirvan
- Mike Chapple, University of Notre Dame
News 15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues

In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 13 Feb 2024
February Patch Tuesday corrects two Windows zero-days

Administrators should focus on quickly deploying a critical vulnerability in Microsoft Outlook and exercising caution when applying an Exchange Server 2019 cumulative update. Continue Reading
By
- Tom Walat, Site Editor
Definition 12 Feb 2024
crisis management plan (CMP)

A crisis management plan (CMP) outlines how an organization should respond to a critical situation that if left unaddressed, could negatively affect its profitability, reputation or ability to operate. Continue Reading
By
- Rahul Awati
- Nick Barney, Technology Writer
- Paul Crocetti, Editorial Director
News 07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years

A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021

After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023

During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 17 Jan 2024
New zero-days in Citrix NetScaler ADC, Gateway under attack

The new vulnerabilities come four months after a variety of threat actors exploited the 'Citrix Bleed' zero-day flaw in NetScaler ADC and Gateway products. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation

Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack

Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 09 Jan 2024
Microsoft starts year with a subdued January Patch Tuesday

For the second month in a row, Microsoft had no zero-days and relatively few vulnerabilities for administrators to address. Continue Reading
By
- Tom Walat, Site Editor
Definition 09 Jan 2024
sandbox

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
By
- TechTarget Contributor
News 27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild

On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 21 Dec 2023
Cisco Security Cloud adds Isovalent for multi-cloud networks

The commercial backer of open source networking and security projects Cilium and Tetragon comes under Cisco's control for cloud-native network security. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 21 Dec 2023
Web fuzzing: Everything you need to know

Web fuzzing provides automated web application testing, which enables security teams to discover vulnerabilities within web apps before attackers do. Continue Reading
By
- Rob Shapland
Definition 21 Dec 2023
Zoombombing

Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online meetings on the Zoom video conference app. Continue Reading
By
- Corinne Bernstein
News 18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 15 Dec 2023
business logic

In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. Continue Reading
By
- Robert Sheldon
- Ivy Wigmore
News 12 Dec 2023
Microsoft delivers light December Patch Tuesday for admins

IT operations teams should prioritize deploying the Windows cumulative update to dispatch a critical MSHTML bug affecting Microsoft Outlook. Continue Reading
By
- Tom Walat, Site Editor
Opinion 12 Dec 2023
Application security consolidation remains nuanced

As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
By
- John Grady, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
News 05 Dec 2023
Exposed Hugging Face API tokens jeopardized GenAI models

Lasso Security discovered more than 1,600 exposed Hugging Face API tokens provided access to generative AI and large-language models contained in hundreds of repositories. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw

Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites

Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 29 Nov 2023
Okta: Support system breach affected all customers

Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Opinion 20 Nov 2023
Security continues to lag behind cloud app dev cycles

Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
News 14 Nov 2023
Microsoft halts 3 zero-days on November Patch Tuesday

Microsoft addresses 67 vulnerabilities, including six critical, and shuts down four bugs in the Exchange Server email platform this month. Continue Reading
By
- Tom Walat, Site Editor
News 14 Nov 2023
Cryptocurrency wallets might be vulnerable to 'Randstorm' flaw

Cryptocurrency recovery company Unciphered discovered a vulnerability in a JavaScript Bitcoin library that could jeopardize private keys. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 09 Nov 2023
Generative AI brings changes to cloud-native platforms

Generative AI took over tech in 2023, and cloud-native platforms are no exception. The need to support LLMs is already affecting CNCF projects, including Kubernetes. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability

SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 08 Nov 2023
Atlassian Confluence vulnerability under widespread attack

Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 08 Nov 2023
Intel exec affixes OpenSSF, CNCF open source security efforts

Intel's Arun Gupta, now governing board chair of both the CNCF and OpenSSF, discusses his plans to bring all three organizations together to improve open source security. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 07 Nov 2023
Microsoft, ZDI disagree over Exchange zero-day flaws

Microsoft said it had previously fixed one of the flaws and that the others did not require a patch. Trend Micro's Zero Day Initiative, however, disagreed with the software giant. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 06 Nov 2023
multisig (multisignature)

Multisig, also called multisignature, is the requirement for a transaction to have two or more signatures before it can be executed. Continue Reading
By
- Rahul Awati
- Mary K. Pratt
News 02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security

In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 02 Nov 2023
Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type

Microsoft published patches to address all 117 Microsoft 365 Apps flaws disclosed Tuesday, and the tech giant has disabled support for SketchUp, or SKP, 3D model files. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 01 Nov 2023
authentication

Authentication is the process of determining whether someone or something is who or what they say they are. Continue Reading
By
- Nick Barney, Technology Writer
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 31 Oct 2023
No patches yet for Apple iLeakage side-channel attack

Apple said it is working on more complete fixes for the iLeakage side-channel attack technique, but only one partial mitigation is currently available to macOS customers. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 31 Oct 2023
virtualization-based security (VBS)

Virtualization-based security (VBS) is a technology that abstracts computer processes from the underlying operating system (OS) and, in some cases, hardware. Continue Reading
By
- Rahul Awati
Definition 30 Oct 2023
supercookie

A supercookie is a type of tracking cookie inserted into an HTTP header to collect data about a user's internet browsing history and habits. Continue Reading
By
- Rahul Awati
- Madelyn Bacon, TechTarget
Tip 30 Oct 2023
What an email security policy is and how to build one

Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 24 Oct 2023
1Password stops attack linked to Okta breach

1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 23 Oct 2023
Okta customer support system breached via stolen credentials

During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability

While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 18 Oct 2023
Prisma Cloud analytics, automation boost DevSecOps speed

Prisma Cloud's Darwin update looks to address DevSecOps communication and velocity lags with centralized analytics and by ditching tickets for automated pull requests. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 17 Oct 2023
Secure Sockets Layer certificate (SSL certificate)

A Secure Sockets Layer certificate (SSL certificate) is a small data file installed on a web server that allows for a secure, encrypted connection between the server and a web browser. Continue Reading
By
- Rahul Awati
Tip 17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges

Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 10 Oct 2023
Microsoft tackles three zero-days for October Patch Tuesday

The company releases fixes for several products affected by the HTTP/2 "Rapid Reset" vulnerability to help curb widespread Distributed Denial-of-Service attacks. Continue Reading
By
- Tom Walat, Site Editor
News 04 Oct 2023
Critical Atlassian Confluence zero-day flaw under attack

Collaboration software vendor Atlassian urged customers with affected versions of Confluence Data Center and Server to apply patches for CVE-2023-22515 immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 04 Oct 2023
Docker Scout GA leads 'local plus cloud' push

Docker Scout replaces open source Docker Scan with an event-driven vulnerability management system in a bid to boost the vendor's value beyond developers' local laptops. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 03 Oct 2023
Spyware vendor exploiting kernel flaw in Arm Mali GPU drivers

Arm Mali GPUs affected by CVE-2023-4211, which was discovered by Google researchers, include a wide range of Android phones as well as ChromeOS devices such as Chromebooks. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 03 Oct 2023
security posture

Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Linda Rosencrance
News 02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws

The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 29 Sep 2023
How to use Wireshark to sniff and scan network traffic

Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
By
- Ed Moyle, SecurityCurve
News 26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations

According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs

Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Opinion 18 Sep 2023
What to consider when creating a SaaS security strategy

Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
By
- John Grady, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
News 14 Sep 2023
CloudBees scales its Jenkins CI, previews SaaS platform

About a year after acquiring ReleaseIQ, CloudBees prepares the fruits of its integration for launch and adds long-awaited scale-out to its commercial version of Jenkins. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 14 Sep 2023
Developer platform Retool breached in vishing attack

A successful vishing attack against a Retool employee led to account takeovers of 27 cloud customers, but the company is pointing the finger at Google. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 14 Sep 2023
Generative AI emerges for DevSecOps, with some qualms

New and developing tools use natural language processing to assist DevSecOps workflows, but concerns linger among developers about security risks as well. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 12 Sep 2023
Microsoft solves two zero-days for September Patch Tuesday

Microsoft addresses 62 vulnerabilities this month, including a Microsoft Word flaw and a Windows bug that have both been exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
Podcast 12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks

Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 12 Sep 2023
Cisco Full-Stack Observability draws on channel clout

Cisco's latest tie-in between app security and observability doesn't break new ground, but the vendor can use its network security cachet and partners to woo enterprise buyers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft

Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 06 Sep 2023
Okta: 4 customers compromised in social engineering attacks

Okta said a threat actor convinced IT personnel at several customers to reset MFA factors for highly privileged users, though it's unclear how they accomplished that task. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
- Rob Wright, Senior News Director, Dark Reading
Podcast 30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms

Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 29 Aug 2023
Microsoft Teams attack exposes collab platform security gaps

Criminal and state-sponsored hackers are ramping up cyberattacks on instant messaging platforms and other workplace collaboration tools. Meanwhile, enterprises' readiness lags. Continue Reading
By
- Shaun Sutner, Senior News Director
News 29 Aug 2023
Mandiant reveals new backdoors used in Barracuda ESG attacks

Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 25 Aug 2023
Better API security needed as companies modernize apps

As developers build more complex applications, the widespread use of APIs is creating significant security challenges for organizations, according to a new survey from ESG. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
News 24 Aug 2023
FBI: Suspected Chinese actors continue Barracuda ESG attacks

The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 23 Aug 2023
BYOI (bring your own identity)

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party. BYOI is increasingly being used for website authentication. Continue Reading
By
- Robert Sheldon
- Sharon Shea, Executive Editor
News 22 Aug 2023
Ivanti issues fix for third zero-day flaw exploited in the wild

CVE-2023-38035 is the latest Ivanti zero-day vulnerability to be exploited in the wild. The vendor has released a series of remediation recommendations. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 21 Aug 2023
Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 18 Aug 2023
Electronic Discovery Reference Model (EDRM)

The Electronic Discovery Reference Model (EDRM) is a conceptual framework that outlines activities for the recovery and discovery of digital data. Continue Reading
By
- Rahul Awati
News 17 Aug 2023
CISA, vendors warn Citrix ShareFile flaw under attack

A vulnerability in the managed file transfer product that enterprises use is being actively exploited two months after Citrix released a fix. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 10 Aug 2023
Palo Alto: SugarCRM zero-day reveals growing cloud threats

Recent incident response investigations reveal that attackers are becoming more advanced when it comes to the cloud, but there are steps enterprises can take to mitigate risks. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 09 Aug 2023
Onapsis researchers detail new SAP security threats

At Black Hat 2023, Onapsis researchers demonstrated how attackers could chain a series of SAP vulnerabilities impacting the P4 protocol to gain root access to a target network. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 09 Aug 2023
Several Exchange Server flaws fixed on August Patch Tuesday

Microsoft addresses 74 vulnerabilities this month with the on-premises email server platform returning to the spotlight with corrections to close six security holes. Continue Reading
By
- Tom Walat, Site Editor
News 09 Aug 2023
Tenable launches LLM-powered ExposureAI product

ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 09 Aug 2023
crisis management

Crisis management is the application of strategies designed to help an organization deal with a sudden and significant negative event, while maintaining business continuity. Continue Reading
By
- Nick Barney, Technology Writer
- Brien Posey
Tip 08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices

IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By
- Michael Goad, CDW
Definition 08 Aug 2023
Google Play Protect

Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services. Continue Reading
By
- TechTarget Contributor
Definition 01 Aug 2023
Computer Fraud and Abuse Act (CFAA)

The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that imposes criminal penalties on individuals who intentionally access a protected computer without proper authorization or whose access exceeds their authorization. Continue Reading
By
- Robert Sheldon
- Ben Cole, Executive Editor
Definition 28 Jul 2023
national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
By
- Katie Terrell Hanna
Opinion 26 Jul 2023
Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Tip 26 Jul 2023
How to avoid LinkedIn phishing attacks in the enterprise

Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B

With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 25 Jul 2023
5 steps to approach BYOD compliance policies

It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By
- Will Kelly
- Mike Chapple, University of Notre Dame
News 24 Jul 2023
Mandiant: JumpCloud breach led to supply chain attack

Mandiant researchers attribute the supply chain attack to a North Korean threat actor that abused JumpCloud's commands framework to gain access to a downstream customer. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading