Search
12.07.2021 | 10'' read
10 things you’ll be bombarded with at RSA 2022
Zero-trust, SBOM, supply chain challenges will highlight the sessions at next year's RSA Conference. Plus, an assortment of must-read essays, including a piece by Andy Ellis on the hidden costs associated with endpoint agents.
Read12.07.2021 | 7'' read
On the passing of Dark Reading’s Tim Wilson
A few thoughts on the passing of Tim Wilson, the well-respected security journalism pioneer who co-founded and nurtured Dark Reading into a cybersecurity industry fixture it is today. Plus, news on the Israel/Iran cyberwar, Apple's NSO/Pegasus lawsuit and a slew of research discoveries.
Read10.12.2021 | 5'' read
Beware of shady VPN corporate ownership
For years, security pros (myself included) have urged the use of VPNs as a data and privacy protection utility. Today, this is slowly becoming bad advice and there are new signs that the entire cottage industry of consumer VPN software needs to be killed off as a matter of urgency.
Read10.01.2021 | 4'' read
Information brokerage and cyber storytelling
High-end APT research is big business. This means that the traditional malware researcher is now an "intelligence broker" operating in an oft-misunderstood space with geopolitical weight and consequences. Do we truly understand the implications?
Read09.21.2021 | 6'' read
Stop legitimizing parasite 0day companies
It's not too late to stop legitimizing these private sector offensive actors supplying zero-days to apex predators. These aren't cybersecurity companies helping to solve security problems. These are parasites cashing in on an unregulated space, making things worse for the rest of us.
Read09.07.2021 | 6'' read
The fake labor shortage in cyber
Musings on the so-called cybersecurity skills shortage, the 'great resignation' and what amounts to borderline abuse of researchers by bug bounty platforms. Plus, a reminder that Apple's iOS 'FORCEDENTRY' zero-day is still unpatched.
Read08.24.2021 | 5'' read
Should I worry about iOS zero-click exploits?
Some thoughts on Apple's impossible challenge to stop apex threat actors from hacking iOS devices. Plus, people movements and a movie-style hack of Iran's prison systems network.
Read08.17.2021 | 6'' read
Corellium dunks on Apple
Less than a week after prevailing in a legal case filed by Apple, Corellium pounced on the controversy surrounding Cupertino's new CSAM child-safety system to kick sand in Apple's eyes. Plus, a new generation of cybersecurity students head to college.
Read08.10.2021 | 5'' read
Patch Tuesdays will never end
The discovery -- and public discussion -- of new attack surfaces signal a world of hurt coming down the pike for Microsoft Exchange Server. Plus, Apple's new approach to tackling child porn has run into major criticisms.
Read06.16.2021 | 5'' read
WebKit and the soft underbelly of iOS security
A little known fact: When you use Chrome on iOS, you aren't really using Google Chrome. You're using a Chrome UI/shell around WebKit/Safari because Apple forbids any third party rendering engine. This is a major soft spot in the iOS security model and the surge in zero-day attacks is reason for major concern.
Read05.03.2021 | 6'' read
Security vendor ‘awards’ are meaningless
We complain a lot about FUD and snake-oil ruining this industry but so many reputable security vendors are getting sucked into this pay-for-an-award-logo that turns you in a bit of a laughing stock among educated buyers. Stop buying these fake awards. You're doing yourself and your company a disservice.
Read03.01.2021 | 5'' read
A peek inside Apple’s security garden
This week's newsletter looks at anti-malware scanning and zero-click attack roadblocks added to the latest Apple's platform security guide (updated Feb 2021), a wave of CISO movements, and some recommendations on reports you should already have read.
Read