CI Fuzz CLI Brings Fuzz Testing to Java Applications

CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.

Nvidia GPU Driver Bugs Threaten Device Takeover & More

If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.

Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.

How Banks Can Upgrade Security Without Affecting Client Service

New protective measures work behind the scenes, with little impact on the customer experience.

Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE

Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.

CyberRatings.org Revives NSS Labs Research

The NSS Labs archive, available with free registration, consists of over 800 test reports, analyst briefs, and research published by NSS Labs from 2013 — 2020.

Is MFA the Vegetable of Cybersecurity?

Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.

Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw

The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.

The Metaverse Could Become a Top Avenue for Cyberattacks in 2023

Expect to see attackers expand their use of current consumer-targeting tactics while exploring new ways to target Internet users — with implications for businesses.

Why the Culture Shift on Privacy and Security Means Today's Data Looks Different

A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.

CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%

.

Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions

Nok Nok’s S3 Suite brings next-level MFA to UberEther’s IAM Advantage Platform to protect the US federal government and its suppliers.

CISA's Strategic Plan Is Ushering in a New Cybersecurity Era

Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.

Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign

More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.

Global Cyber-Enforcement Op Nets $130M, Says Interpol

A worldwide operation aimed at curtailing fraud has led to the arrest of 975 suspects and the seizure of nearly $130 million, as Interpol expands its efforts and brings new tools to its investigations.

Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign

The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.

$275M Fine for Meta After Facebook Data Scrape

Meta has been found in violation of Europe's GDPR rules requiring the social media giant to protect user data by "design and default."

KnowBe4 Launches New Mobile Learner App for Cybersecurity Learning

KnowBe4 empowers end users by introducing security awareness and compliance training on the go at no additional cost.

NanoLock Brings Built-In Meter-Level Cybersecurity to Renesas Customers

The DLMS-compatible, zero-trust meter-level security is built into the Renesas smart meter solutions, enabling smart meter manufacturers to get to market faster with built-in advanced security solutions.

Bring Your Own Key — A Placebo?

BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.

Slippery RansomExx Malware Moves to Rust, Evading VirusTotal

A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.

For Gaming Companies, Cybersecurity Has Become a Major Value Proposition

New users and monetization methods are increasingly profitable for gaming industry, but many companies find they have to stem growth in cheats, hacks, and other fraud to keep customers loyal.

Why Africa's Telecoms Must Actively Collaborate to Combat Fraud

Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.

'Patch Lag' Leaves Millions of Android Devices Vulnerable

Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.

Where Are We Heading With Data Privacy Regulations?

New laws have made the current US privacy landscape increasingly complex.

Adversarial AI Attacks Highlight Fundamental Security Issues

An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.

Ducktail Cyberattackers Add WhatsApp to Facebook Business Attack Chain

The Vietnam-based financial cybercrime operation's primary goal is to push out fraudulent ads via compromised business accounts.

DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma

Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up.

Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations

To get the full picture, companies need to look into the cybersecurity history and practices of the business they're acquiring.

How Work From Home Shaped the Road to SASE for Enterprises

As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small.

How Tech Companies Can Slow Down Spike in Breaches

Cybercrime continues to evolve — and shows no signs of slowing down.

Two Estonian Citizens Arrested in $575 Million Cryptocurrency Fraud and Money Laundering Scheme

.

Identity Security Needs Humans and AI Working Hand in Hand

In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.

Investors Are Pouring Cash Into These 10 Cybersecurity Startups

Following the dollars reveals pen-test and intrusion-detection startups are the most attractive to investors right now, collectively getting more than $3 billion in funding.

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.

MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles

Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.

Better Together: Why It's Time for Ops and Security to Converge

Threat actors are becoming only more sophisticated and determined.

New Startup OpsHelm Tackles Cloud Misconfigurations

The company emerges from stealth with an automated security remediation product identifies and remediates cloud misconfigurations.

Charting the Path to Zero Trust: Where to Begin

Your journey to zero trust can be perilous if you are using legacy equipment that wasn’t designed for it. Begin the transformation where it makes the most sense for your organization.

Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns

How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage?

Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War

As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organizations should read their cyber insurance policies carefully to see what is still covered.

Palo Alto Networks Focuses on Secure Coding with $195M Cider Deal

PAN plans to add Cider's CI/CD security platform to its Prisma Cloud suite of AppSec tools.

Secure Offboarding in the Spotlight as Tech Layoffs Mount

A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access.

The Next Generation of Supply Chain Attacks Is Here to Stay

With the proliferation of interconnected third-party applications, new strategies are needed to close the security gap.

County of Tehama, Calif., Identifies and Addresses Data Security Incident

The county reports unauthorized access to files in its Department of Social Services' systems between Nov. 18, 2021, and April 9. It has added enhanced alert and monitoring software and is offering complimentary credit monitoring and identity theft protection services to those whose personal information may have been compromised in the breach.

Analysts Welcome NSA's Advice for Developers to Adopt Memory-Safe Languages

Languages such as C and C++ rely too heavily on the programmer not making simple memory-related security errors.

Iranian APT Actors Breached a US Government Network

CISA says Federal Civilian Executive Branch systems were compromised through a Log4Shell vulnerability in an unpatched VMware Horizon server.

Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

Researchers find current data protections strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defense initiatives.

Revelstoke Upgrades SOAR Platform With Augmented Automation, Case Management, and User Interface Capabilities

Unified data layer enables continuous platform updates.

MITRE Engenuity Launches Evaluations for Security Service Providers

The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say.

The Future of Cybersecurity Recruiting: Lessons on What Employers Want and What Students Need

The cybersecurity industry is facing a challenge to find qualified candidates. Here’s what recruiters, educators, and employers can do to fill the talent gap.

BoostSecurity Emerges From Stealth With SaaS DevSecOps Platform

Fresh startup BoostSecurity has an SaaS platform for developers and security teams that provides automated tools to shore up cybersecurity within the software supply chain.

New Ransomware Data Is In: What's Happening and How to Fight Back

Be proactive about data defense. Start with the right data, leverage domain expertise, and create models that help you target the most critical vulnerabilities.

Thousands of Amazon RDS Snapshots Are Leaking Corporate PII

A service that allows organizations to back up data in the cloud can accidentally leak sensitive data to the public Internet, paving the way for abuse by threat actors.

Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon'

An in-depth analysis of system-destroying malware families presented at Black Hat Middle East & Africa shows a growing nuance in terms of how they're deployed.

Where Can Third-Party Governance and Risk Management Take Us?

Part 2 in our series addressing the top 10 unanswered questions in security: How will TPGRM evolve?

Misconfigurations, Vulnerabilities Found in 95% of Applications

Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests.

How Routine Pen Testing Can Reveal the Unseen Flaws in Your Cybersecurity Posture

Testing is an ongoing mission, not a one-and-done fix.

Google Forks Over $391.5M in Record-Setting US Consumer Privacy Settlement

A misleading location-tracking practice ensnared the search-engine giant in massive privacy case spanning 40 states.

Yakima Neighborhood Health Services Notice of Data Security Incident

.

Swimlane Introduces Low-Code, Automation Approach to OT Security

Automating security for OT infrastructure can help organizations combat a rising volume of cyber threats in an era when security professionals are in short supply.

Researchers Sound Alarm on Dangerous BatLoader Malware Dropper

BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.

Australia Declares War on Cybercrime Syndicates

An international counter-ransomware task force has been announced by Australian authorities following the recent Optus and Medibank data breaches.

Unpatched Zimbra Platforms Are Probably Compromised, CISA Says

Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.

Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs

Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing device

How APIs and Applications Can Live Happily Ever After

Solutions that allow businesses to reduce complexity, develop and deploy applications and APIs, and protect those applications and APIs are no fairy tale.

Why Cybersecurity Should Highlight Veteran-Hiring Programs

Military veterans tend to have the kind of skills that would make them effective cybersecurity professionals, but making the transition is not that easy.

Cybersecurity 'Nutrition' Labels Still a Work in Progress

Pretty much every aspect of the effort to create easy-to-understand labels for Internet-of-Things (IoT) products is up in the air, according to participants in the process.

Cookies for MFA Bypass Gain Traction Among Cyberattackers

Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.

Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors

The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.

Uyghurs Targeted With Spyware, Courtesy of PRC

Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.

5 Easy Steps to Bypass Google Pixel Lock Screens

PIN-locked SIM card? No problem. It's easy for an attacker to bypass the Google Pixel lock screen on unpatched devices.

Twitter's CISO Takes Off, Leaving Security an Open Question

Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action.

LockBit Bigwig Arrested for Ransomware Crimes

A dual Russian-Canadian citizen is being extradited to the US to face charges related to LockBit ransomware activities.

Managing and Mitigating Risk From Unknown Unknowns

Five practical steps to up-level attack surface management programs and gain greater visibility and risk mitigation around the extended ecosystem.

Understanding the Rise of Risk-Based Vulnerability Management

Risk-based vulnerability management solutions foster the convergence of risk management and vulnerability management. Andrew Braunberg explains what’s driving the emergence of RBVM.

How to Close Kubernetes' Network Security Gap

StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit.

Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery

Cyber attackers like IPFS because it is resilient to content blocking and takedown efforts.

How US Businesses Suffer From the Lack of Personal Data Privacy Laws

The stalling of federal legislation and the continued expansion of data brokers are fueling a phishing epidemic.

Long Island Midterm Votes Delayed Due to Cyberattack Aftereffects

Suffolk County had to hand deliver voting databases with ballot results to the county election headquarters.

Experian, T-Mobile Pay Up in Multimillion-Dollar Data Breach Settlements

Massachusetts Attorney General announced settlements across multiple states for damages from Experian's 2012 and 2015 breaches that violated consumer protection and notification laws.

A Better Way to Resist Identity-Based Cyber Threats

New approaches to identity access management are indispensable.

Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says

The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.

The CIS Benchmarks Community Consensus Process

The CIS Benchmarks are unique for many reasons. None compare to the community consensus process that forms their hardening guidance. Learn how to get involved.

Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday

Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

Instagram Star Gets 11 Years for Cybercrimes Used to Fund His Lavish Lifestyle

Prolific online scammer and social media influencer 'Hushpuppi' sentenced for bank cyber heists, BEC campaigns, money laundering, and more.

It's Time to See Cybersecurity Regulation as a Friend, Not a Foe

There's real value in having a better perspective around future regulation and compliance requirements.

Cyber.org Range Offers Cybersecurity Job Paths for K-12 Students

The classroom-based curriculum addresses the cybersecurity workforce gap with free training labs and virtual cyberattack environments to hone the skills of the next generation of talent.

Bugcrowd Names David Gerry Chief Executive Officer

AppSec and Cybersecurity veteran will leverage his strong institutional experience as demand for crowdsourced cybersecurity solutions grows.

How Does DNS Telemetry Help Detect and Stop Threats?

Administrators and security teams who have lost visibility into their own networks can use DNS telemetry to home in on anomalous traffic.

SolarWinds Faces Potential SEC Enforcement Act Over Orion Breach

In the nearly two years since the company discovered the cyber intrusion, SolarWinds has fundamentally rearchitected its development environment to make it much harder to compromise, CISO Tim Brown tells Dark Reading.

National Guard Cyber Forces 'Surging' to Help States Protect Midterm Elections

Fourteen states, including Arizona, Iowa, and Pennsylvania, have called in the Guard to help with election network risk assessments and threat mitigation.

Unencrypted Traffic, Weak E-Mail Passwords Still Undermining Wi-Fi Security

An analysis by RSA Conference's security operations center found 20% of data over its network was unencrypted and more than 55,000 passwords were sent in the clear.

Cybercrime Group OPERA1ER Stole $11M From 16 African Businesses

One attack used 400 mule accounts to steal money by making fraudulent withdrawals, researchers say.

Beyond the Pen Test: How to Protect Against Sophisticated Cybercriminals

Why are we still doing perfunctory penetration testing when we can be emulating realistic threats and stress-testing the systems most at risk?

Human Security Tackles Malvertising With Clean.io Buy

Dark Reading's analysis suggests that Human Security's acquisition of clean.io will significantly expand the company's fraud prevention and anti-malvertising portfolio.

RomCom Malware Woos Victims With 'Wrapped' SolarWinds, KeePass Software

An analysis of the RomCom APT shows the group is expanding its efforts beyond the Ukrainian military into the UK and other English-speaking countries.

Cyberattackers Focus In on State-of-the-Art ALMA Observatory

Operations at the world's most expensive ground-based telescope, high in the Atacama Desert, remain disrupted.

Detecting Malicious User Behavior Within and Across Applications

The solution lies in analyzing sequences of activities as user journeys, instead of analyzing each activity on its own.

Simplilearn and the University of California, Irvine Division of Continuing Education Partner for a Cybersecurity Boot Camp

The boot camp is for aspiring security analysts, network consultants, and penetration testers.

Build Security Around Users: A Human-First Approach to Cyber Resilience

Security is more like a seat belt than a technical challenge. It's time for developers to shift away from a product-first mentality and craft defenses that are built around user behaviors.

Why Third-Party Risk Should be Manufacturing's Top Priority

Manufacturing relies on complex interconnected networks and technologies, but with more vendors comes risk that needs to be secured.

NCSC Implements Vulnerability Scanning Program Across UK

The cybersecurity agency announced it intends to scan all Internet-connected devices hosted in the UK for known vulnerabilities.

FIN7 Cybercrime Group Likely Behind Black Basta Ransomware Campaign

Several artifacts from recent attacks strongly suggest a connection between the two operations, researchers say.

DDoS Cyberscore: US Treasury: 1, Killnet: 0

An official just revealed the US Department of Treasury was able to fend off a Killnet DDoS attack last month.

Economic Uncertainty Isn't Stopping Cybercrime Recruitment — It's Fueling It

Confused economies and rising unemployment rates foster a rich opportunity for cybercrime recruitment.

Certificate-Based Authentication With YubiKeys for Microsoft, Third-Party, and Web Applications Now Available on iOS and Android

.

Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers

An attack campaign using phishing attacks gives threat actors access to internal Dropbox code repositories, the latest in a series of attacks targeting developers through their GitHub accounts.

Chinese Mob Has 100K Slaves Working in Cambodian Cybercrime Mills

Vulnerable people are lured by Facebook ads promising high-paying jobs, but instead they're held captive and put to work in Cambodia running cyber scams.

Vitali Kremez Found Dead After Apparent Scuba Diving Accident

The renowned security researcher, ethical hacker, and cybersecurity phenom was found Wednesday by the US Coast Guard.

How to Narrow the Talent Gap in Cybersecurity

We can bridge that gap by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field.

Musk's Twitter-Verification Payment Tease Spurs Cyberattackers

A proposed plan to charge users for the platform's coveted blue check mark has, unsurprisingly, inspired attackers to try to dupe people into giving up their credentials.

How AI Can Deliver the Next Phase of Scalability

AI will help enterprises scale cybersecurity defenses to handle the growing complexity of modern networks and increased number of cyberthreats.

Critical Vulnerability in Microsoft Azure Cosmos DB Opens Up Jupyter Notebooks

The now-patched RCE flaw in Cosmos DB's Jupyter Notebook feature highlights some of the weaknesses that can arise from emerging tech in the cloud-native and machine learning worlds.

Bed Bath & Beyond Discloses Data Breach to SEC

The retailer reported that an employee fell for a phishing scam, allowing malicious actors to access shared drives.

Now That EDR Is Obvious, What Comes Next?

First in our series addressing the top 10 unanswered questions in security: What's going to replace EDR?

FTC Gives Chegg an 'F' for Careless Cybersecurity Impacting 40M Students

Ed-tech company Chegg is ordered by FTC to secure its systems after repeated breaches that exposed tens of millions of users' personal data.