The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.
0
‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections
Thứ Sáu, 29 tháng 12, 2023
0
Palo Alto Networks Closes Talon Cybersecurity Acquisition
The Talon acquisition extends Palo Alto Networks' best-in-class SASE solution to help protect all managed and unmanaged devices.
0
I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions
As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024.
0
UAE Banks on AI to Boost Cybersecurity
The federation has formed partnerships to aid its cybersecurity ambitions as well, but aging legacy systems and a talent gap leave the UAE vulnerable to cyber-risks.
0
In Cybersecurity and Fashion, What's Old Is New Again
Thứ Năm, 28 tháng 12, 2023
What a recent rise in DDoS attacks portends — and how to prepare for 2024.
0
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks
The innovation that ChatGPT and other LLMs demonstrate is a good thing, but safeguards and other security frameworks must keep pace.
0
Saudi Arabia Strengthens Its Cybersecurity Posture
The country is facing a skills shortage and increased attacks, but its cyber plans are rapidly developing.
0
How Cybercriminals Will Sway 2024 US Elections, Or Try To
Thứ Tư, 27 tháng 12, 2023
"Coordinated inauthentic behavior" networks are already attempting to build up audiences for their campaigns via fake news outlets, social media platforms, and other avenues.
0
AI, Supply Chain Are Fertile Areas for Cybersecurity Investment
Cybersecurity continues to be a growing sector, but a lot of investment funding is gravitating toward supply chain security and artificial intelligence (AI) for solving a range of security problems.
0
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024
Thứ Ba, 26 tháng 12, 2023
Political and economic motivations impel nation-state and independent hackers, while the European Union strives to keep its members secure and prepared.
0
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers
Unreasonable requirements, low salaries, and a lack of commitment to training leaves businesses unable to hire their perfect cybersecurity pros. So, is there really a workforce "shortage"?
0
GenAI Tools Will Permeate All Areas of the Enterprise
Many departments and groups see the benefits of using generative AI tools, which will complicate the security teams' job of protecting the enterprise from data leaks and compliance and privacy violations.
0
Security Pros Grapple With Ways to Manage GenAI Risk
Security professionals in Dark Reading's latest survey are well aware of the risks posed by generative AI in their organizations, but questions remain on what strategies to employ.
0
African Organizations Aim to Fix Cybersecurity in 2024
The continent suffers $3.5 billion in losses every year, lending momentum to efforts to train a generation of cybersecurity professionals.
0
Cisco Bets Big on Multicloud Security With Isovalent Deal
Thứ Sáu, 22 tháng 12, 2023
Cisco says Isovalent will help expand the capabilities of Security Cloud, an AI-driven, cloud-delivered, integrated security platform.
0
Google Releases Eighth Zero-Day Patch of 2023 for Chrome
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser's WebRTC component.
0
Strengthening Resilience: Navigating the Cybersecurity Landscape
The significance of cybersecurity resilience has never been higher as we grow more reliant on digital infrastructure.
0
New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
Thứ Năm, 21 tháng 12, 2023
In the first half of 2022, intercepted emails represented 10% of total correspondences, rising to almost 18% during the same period in 2023.
0
Russian Water Utility Hacked in Retaliation for Kyivstar Hit
Moscow's Rosvodokanal water-management company was ransacked by Ukraine-aligned Blackjack group, with reports that the company's IT infrastructure was "destroyed."
0
8 Strategies for Defending Against Help Desk Attacks
The help desk is under siege from AI-based and other attacks. Next-gen tactics call for in-depth cyber-defense strategies.
0
Defiant BlackCat Gang Stands Up New Site, Calls for Revenge Attacks
Ransomware group tries to claw back operations following FBI disruption, and lifts a previous ban on attacks against critical infrastructure in retaliation.
0
Physical Access Systems Open Cyber Door to IT Networks
Besides unlocking supposedly secure doors, a man-in-the-middle cyberattack on physical access controllers can enable ransomware, data theft, and more.
0
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs
Seedworm, aka MuddyWater, drops PowerShell-based malware on victims using living-off-the-land techniques.
0
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected
Thứ Ba, 19 tháng 12, 2023
A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.
0
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File
Attackers can chain the vulnerabilities to gain full remote code execution.
0
Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover
The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.
0
Why I Chose Google Bard to Help Write Security Policies
Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually.
0
Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them?
Zoom's Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?
0
Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections
Attackers can spoof millions of email addresses to create targeted phishing attacks using flaws in Microsoft, GTX, and Cisco Secure Email Gateway servers.
0
Name That Toon: Just for Kicks
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
0
Pro-Israeli Hacktivists Attack Iranian Gas Stations
Iranian officials blame a software issue for the "disruption" to gasoline pumps.
0
Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round
Thứ Sáu, 15 tháng 12, 2023
Xeol's technology secures an organization’s end-of-life software.
0
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets
Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets.
0
Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines
The multifaceted malware leverages the NKN blockchain-based peer-to-peer networking protocol, operating as both a sophisticated backdoor and a flooder launching DDoS attacks.
0
In Appreciation: ESET Founder Rudolf Hruby Passes Away
Cybersecurity pioneer and soccer fan Rudolf Hruby was a prominent business figure in post-independence Slovakia.
0
Stamus Networks Supports NATO Red Teaming Cyber Exercise for the Fifth Consecutive Year
Thứ Năm, 14 tháng 12, 2023
Twelfth annual Crossed Swords will see Stamus Networks share expertise and technology to develop and test the capabilities and practical skills of participants
0
BlackBerry Appoints John Giamatteo as CEO
Company to pursue full separation of IoT and cybersecurity business units.
0
Communicating with Impact: Tips for Discussing Cybersecurity Metrics with Boards
Metrics have a place when it comes to reporting on organizational security and risk management, but effectively communicating their relevance to the board in the context of the overall security story is more important than simply reporting on the raw numbers.
0
MITRE Debuts ICS Threat Modeling for Embedded Systems
Thứ Tư, 13 tháng 12, 2023
EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them.
0
Attackers Target Microsoft Accounts to Weaponize OAuth Apps
After compromising Azure and Outlook user accounts, threat actors are creating malicious apps with high privileges to conduct cryptomining, phishing, and password spraying.
0
Hacktivists Interrupt UAE TV Streams With a Message About Gaza
The root cause may lie in set-top boxes run by a questionable service provider.
0
Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores
There's a new way for hackers to abuse the cloud, this time with data analysts and scientists in the crosshairs.
0
Biden's AI Exec Order Is a Start, but We Must Safeguard Innovation
It's important for Congress to strengthen protections for AI and set guardrails to make sure it isn't used maliciously.
0
Libyan Government Trains Personnel in Electoral Cyber Threats
The UN is helping Ministry of Interior staff implement cybersecurity best practices, as talks continue about scheduling a parliamentary election in the coming months.
0
Cybercrime Orgs Increasingly Use Human Trafficking to Staff Scam Mills
Thứ Hai, 11 tháng 12, 2023
Interpol breaks up Southeast Asian cybercrime rings, rescuing 149 victims of human trafficking, but the agency warns the human cost of cybercrime is mounting across the globe.
0
Convincing LinkedIn 'Profiles' Target Saudi Workers for Information Leakage
Social engineering attacks in the Kingdom collect information on professionals — and offer fake profiles for sale.
0
Ghana Official to Head Africa's New Cybersecurity Authority
ANCA comprises 17 members, representing less than half of the countries in Africa.
0
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs
Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups.
0
Responsibly Implementing AI, the Unstoppable Force
Balancing the good and bad of AI/ML means being able to control what data you're feeding into AI systems and solving the privacy issues to securely enable generative AI.
0
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
0
Making Cyber Insurance Available for Small Biz, Contractors
Thứ Sáu, 8 tháng 12, 2023
Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks.
0
Municipalities Face a Constant Battle as Ransomware Snowballs
As record-breaking volumes of ransomware hit cities, towns, and counties this year, municipalities remain easy targets that pay, and there's no end of the attacks in sight.
0
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.
0
'HeadCrab' Malware Variants Commandeer Thousands of Servers
Thứ Năm, 7 tháng 12, 2023
New techniques in a second variant of the malware improved functionality and communication commands.
0
As SAT Goes Digital, Schools Must Prepare for Disruption
Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024.
0
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms
A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal.
0
US Navy Ship Builder Says No Classified Info Leaked in Cyberattack
Thứ Tư, 6 tháng 12, 2023
Austul USA, a military contractor, alerts law enforcement it quickly mitigated a recent cyberattack on its systems and that an investigation is ongoing.
0
Vulns in Android WebView, Password Managers Can Leak User Credentials
Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.
0
UK Cyber CTO: Vendors' Security Failings Are Rampant
The NCSC's Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware.
0
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover
Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.
0
SpyLoan Malicious App Downloaded 12M+ Times in Google Play
Thứ Ba, 5 tháng 12, 2023
The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.
0
Q&A: Lessons Learned From the Middle East's National Cyber Drills
Suleyman Ozarslan, co-founder of Picus Security, discusses critical-infrastructure cyber drills in the region, who runs them, and what happens to the results.
0
Hackers Claim to Breach Israeli Defense Force Medical Data
The Malek Team, which previously hit a private college in Israel, claims responsibility for a hack of Israel's Ziv Medical Center.
0
Meta AI Models Cracked Open With Exposed API Tokens
Thứ Hai, 4 tháng 12, 2023
Researchers at Lasso found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations.
0
23andMe: Data Breach Was a Credential-Stuffing Attack
The DNA testing company believes that the attack has now been contained and is notifying impacted individuals.
0
Pro-Iran Attackers Access Multiple Water Facility Controllers
Multiple agencies warn that attackers have been active since Nov. 22, targeting operational technology (OT) across the US.
0
Name That Edge Toon: On Your Mark...
Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
0
Cybersecurity is a Team Sport
Enterprise security goes beyond tech leadership, and beyond the CISO's office. Achieving cybersecurity and resilience is a team effort, and requires building a culture of security awareness.
0
Establishing New Rules for Cyber Warfare
Why we should applaud the Red Cross's efforts, even if they likely won't work.
0
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs
Thứ Sáu, 1 tháng 12, 2023
Hundreds of consumer and enterprise-grade x86 and ARM devices from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.
0
Japan's Space Program at Risk After Microsoft Active Directory Breach
The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.
0
Emirates CISOs Flag Rampant Cybersecurity Gaps
UAE security leaders warn that people, tech, and process gaps are exposing their organizations to cybercrime.
0
Law Firms & Legal Departments Singled Out for Cyberattacks
Thứ Năm, 30 tháng 11, 2023
Cybercriminals use legal search terms to ensnare unwitting victims, then launch ransomware or business email compromise attacks.
0
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets
A decade and a half after Gh0st RAT first appeared, the "SugarGh0st RAT" variant aims to make life sweeter for cybercriminals.
0
Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks
Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.
0
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.
0
Google Patches Another Chrome Zero-Day as Browser Attacks Mount
Thứ Tư, 29 tháng 11, 2023
The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.
0
Thought GDPR Compliance Was Hard? Buckle Up
The days of a one-size-fits-all consent strategy are gone. Consider a two-pronged approach and use smart consent management technology to adapt to differing regulations.
0
Why Ransomware Could Surge in the Middle East & Africa
Organizations from the Middle East and Africa have typically escaped public ransoms, but that's changing amid heightened geopolitical conflicts and digitalization initiatives.
0
Name That Toon: Slam Dunk
Thứ Ba, 28 tháng 11, 2023
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
0
Attacks Against South African ICS and IoT Systems Steadily Decrease
All African nations saw a reduced number of cyberattacks on industrial and IoT systems in the third quarter of 2023 compared with earlier this year.
0
Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack
Fawry confirms addresses, phone numbers, and dates of birth, leaked online.
0
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
Thứ Hai, 27 tháng 11, 2023
US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law.
0
Ardent Health Hospitals Disrupted After Ransomware Attack
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities.
0
General Electric, DARPA Hack Claims Raise National Security Concerns
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
0
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Gaza Cybergang is using a version of the malware rewritten in the Rust programming language.
0
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business.
0
Balancing Simplicity and Security in the Digital Experience
New data shows consumer preferences for security in digital experiences and indicates ways businesses can best protect digital identity in today's digital world.
0
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Thứ Tư, 22 tháng 11, 2023
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
0
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
0
3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
0
Idaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
0
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
Thứ Ba, 21 tháng 11, 2023
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
0
The Role of the CISO in Digital Transformation
A successful CISO should play a leading role in digital transformation and cloud migration initiatives in their organization. The CISO is responsible for making sure technical security controls are designed and implemented appropriately, and changes are properly managed, with security in mind from the very start.
0
Inside Job: Cyber Exec Admits to Hospital Hacks
Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.
0
Major Saudi University to Offer AI, Cybersecurity Studies
University of Jeddah partners with Resecurity to teach cybersecurity skills.
0
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
Thứ Hai, 20 tháng 11, 2023
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
0
CISA Launches Pilot Program to Address Critical Infrastructure Threats
CISA expects to extend this program to include up to 100 critical infrastructure entities in its first year.
0
Enterprise Generative AI Enters Its Citizen Development Era
Your business users are building Copilots and GPTs with your enterprise data. What can you do about it?
0
Saudi Arabia Arms Public Sector With Google Cloud Services
Chronicle CyberShield will be offered as a managed service with security monitoring and Mandiant incident response included.
0
How the Evolving Role of the CISO Impacts Cybersecurity Startups
CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs.
0
A Detection and Response Benchmark Designed for the Cloud
Does your security operation center's performance meet the 5/5/5 benchmark for cloud threat detection and incident response?
0
British Library Confirms Ransomware Attack Caused Outages
Thứ Sáu, 17 tháng 11, 2023
The library said that it expects many of its services to be restored in the forthcoming weeks.
0
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
0
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
0
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
0
'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation
Thứ Năm, 16 tháng 11, 2023
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
0
Consumer Software Security Assessment: Should We Follow NHTSA's Lead?
Vehicles are required to meet basic safety standards. Having similar requirements for software would give consumers greater control over their privacy and security.
0
'Randstorm' Bug: Millions of Crypto Wallets Open to Theft
The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks.
0
Unpatched Critical Vulnerabilities Open AI Models to Takeover
The security holes can allow server takeover, information theft, model poisoning, and more.
0
Rackspace Ransomware Costs Soar to Nearly $12M
Thứ Tư, 15 tháng 11, 2023
Rackspace's 2022 ransomware attack only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack.
0
'AlphaLock' Hacker Organization Launches Pen-Testing Training Group
With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services.
0
EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services
Organizations in "essential" sectors have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2).
0
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Women in Cyber Security Middle East highlight a requirement for resilience in the face of increased business and cyber challenges.
0
Google Goes After Scammers Abusing Its Bard AI Chatbot
Thứ Ba, 14 tháng 11, 2023
A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.
0
HARmor Cleans, Sanitizes, Encrypts HAR Files
Okta's breach highlighted the importance of sanitizing the data logged in HAR files before sharing them.
0
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice
While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.
0
21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.
0
Ducktail Malware Targets the Fashion Industry
Thứ Hai, 13 tháng 11, 2023
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
0
A Closer Look at State and Local Government Cybersecurity Priorities
Complexity impedes the universal and consistent application of security policy, which is an obstacle to adequately securing government environments.
0
Azerbaijan Agencies Sign Cyber-Partner Deals
The country has signed fresh deals to boost cyber intelligence and preparedness capabilities.
0
SEC Suit Ushers in New Era of Cyber Enforcement
A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.
0
Security Is a Process, Not a Tool
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
0
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Thứ Sáu, 10 tháng 11, 2023
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
0
ChatGPT: OpenAI Attributes Regular Outages to DDoS Attacks
ChatGPT and the associated APIs have been affected by regular outages, citing DDoS attacks as the reason — the Anonymous Sudan group claimed responsibility.
0
Leaky DICOM Medical Standard Exposes Millions of Patient Records
A 30-year-old, rarely updated protocol for medical devices has exposed reams of highly personal data, thanks to a lack of proper security throughout owner environments.
0
What We Can Learn from Major Cloud Cyberattacks
Thứ Năm, 9 tháng 11, 2023
Analysis of six major cloud incidents shows how some common mistakes can lead to serious consequences.
0
When Good Security Awareness Programs Go Wrong
Avoid making these mistakes when crafting a security awareness strategy at your organization.
0
How to Outsmart Malware Attacks That Can Fool Antivirus Protection
One of the main challenges for Android users is protecting themselves malicious applications that can damage devices or perform other harmful actions.
0
Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort
The Iran-linked group uses redirected websites to compromise victims and exfiltrate data in a campaign that has lasted over 2022 and 2023.
0
Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes
A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector.
0
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
Thứ Tư, 8 tháng 11, 2023
The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks.
0
Ransomware Mastermind Uncovered After Oversharing on Dark Web
Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview."
0
MGM and Caesars Attacks Highlight Social Engineering Risks
Relying on passwords to secure user accounts is a gamble that never pays off.
0
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Thứ Ba, 7 tháng 11, 2023
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
0
Crafting an AI Policy That Safeguards Data Without Stifling Productivity
Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization.
0
Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors
The attackers also use custom wipers to cover their tracks and bypass EDR.
0
US Sanctions Ryuk Ransomware’s Russian Money Launderer
Thứ Hai, 6 tháng 11, 2023
Woman is accused of assisting Russian oligarchs and ransomware affiliates with schemes to evade sanctions.
0
Middle East's 5G Acceleration May Pose Serious Security Issues
Telcos across the Middle East are rapidly rolling out 5G networks. Will this accelerated adoption lead to higher security vulnerabilities?
0
Meet Your New Cybersecurity Auditor: Your Insurer
As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses.
0
Keep Your Organization's APIs Protected This Holiday Season
Understanding API security risks isn't just a good idea — it's a business imperative. A single API breach can lead to financial losses and reputational damage.
0
Sky's the Limit, but What About API Security? Challenges in the Cloud-First Era
APIs enable cloud transformation but bring security risks, demanding robust, adaptive strategies to safeguard data and operations.
0
Ace Hardware Still Reeling From Weeklong Cyberattack
Thứ Sáu, 3 tháng 11, 2023
Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.
0
'KandyKorn' macOS Malware Lures Crypto Engineers
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.
0
Somebody Just Killed the Mozi Botnet
The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.
0
How Do We Truly Make Security 'Everyone's Responsibility'?
Thứ Năm, 2 tháng 11, 2023
When everybody is responsible for a task, sometimes nobody takes ownership. Here are three steps to distribute cybersecurity throughout your organization.
0
Upgraded Kazuar Backdoor Offers Stealthy Power
The obscure Kazuar backdoor used by Russian attack group Turla has resurfaced, and it's more dangerous than ever.
0
Saudi Aramco CEO Warns of New Threat of Generative AI
Oil executive Amin H. Nasser calls for global cooperation and international standards to combat the dark side of artificial intelligence.
0
Middle East Advances in Generative AI Hold Promise
Gulf countries are heavily invested in GenAI, but security is still a concern.
0
One Ukraine Company Shares Lessons in Prepping for Wartime Cyber Resilience
Thứ Tư, 1 tháng 11, 2023
The CTO of MacPaw provides a case study in planning for cybersecurity and uptime in the face of armed conflict.
0
3 Ways to Close the Cybersecurity Skills Gap — Now
The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.
0
Atlassian Customers Should Patch Latest Critical Vuln Immediately
Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.
0
FBI Director Warns of Increased Iranian Attacks
Christopher Wray tells the US Senate that more US infrastructure will be targeted for cyberattacks in the wake of the Gaza conflict.
0
US Leads 40-Country Alliance to Cut Off Ransomware Payments
Thứ Ba, 31 tháng 10, 2023
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.
0
'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains
Cybercriminals are upping their phishing with shortened links and showing that coveted, regulated top-level domains aren't as exclusive as you'd think.
0
Arid Viper Camouflages Malware in Knockoff Dating App
The APT group uses updates from the app to get the user to download the malware.
0
Survey: AppSec Maturity Hindered by Staffing, Budgets, Vulnerabilities
Report highlights the challenges impeding the applications industry from achieving AppSec maturity.
0
Biden's Artificial Intelligence Executive Order Covers Broad Concerns
Thứ Hai, 30 tháng 10, 2023
The executive order is ambitious and seeks to protect a variety of different groups who are most at risk from the irresponsible use of AI.
0
Boeing Breached by Ransomware, LockBit Gang Claims
LockBit gives Boeing a Nov. 2 deadline to pay the ransom, or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise.
0
UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations
A determination to be taken seriously as a cyber player sees the United Arab Emirates announce a series of collaborations.
0
What the Bionic Acquisition Can Bring to CrowdStrike
CrowdStrike is moving deeper into application security with its agreement to acquire Bionic, provider of ASPM technology that proactively scans software in production for vulnerabilities.
0
Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too
With the rapid advancement and adoption of artificial intelligence (AI) in cybersecurity, the benefits of speed and accuracy are becoming clearer every day.
0
Securing Cloud Identities to Protect Assets and Minimize Risk
Thứ Sáu, 27 tháng 10, 2023
Preventative security should be driven by data and risk assessment, not compliance.
0
Safari Side-Channel Attack Enables Browser Theft
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.
0
Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic
The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets.
0
Understand the True Cost of a UEM Before Making the Switch
When investing in a unified endpoint management solution, prioritize the needs of your network and users ahead of brand names. This Tech Tip focuses on questions to ask.
0
Rockwell's Verve Buy Enlivens Critical Infrastructure Security
Thứ Năm, 26 tháng 10, 2023
The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers.
0
Iran APT Targets the Mediterranean With Watering-Hole Attacks
Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries.
0
Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status
The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says.
0
Longer Support Periods Raise the Bar for Mobile Security
With Google's announcement of seven years of support, other smartphone makers risk falling behind.
0
As Citrix Urges Its Clients to Patch, Researchers Release an Exploit
Thứ Tư, 25 tháng 10, 2023
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
0
Virtual Alarm: VMware Issues Major Security Advisory
VMWare vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
0
Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States
The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.
0
Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior
We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.
0
Former NSA Employee Faces Life in Prison After Espionage Attempt
Thứ Ba, 24 tháng 10, 2023
The ex-employee claimed that he believed the shared information would benefit Russia and harm the US.
0
Do Small Companies Need Fractional AppSec Teams Akin to vCISOs?
Zatik takes a fractional approach to AppSec leadership to help small firms access the expertise they need to build secure-by-design software.
0
Strengthening Oman's Economic Backbone
Creating a new regulatory framework to better secure Oman's banking system against future attacks.
0
Ragnar Locker Ransomware Boss Arrested in Paris
Thứ Hai, 23 tháng 10, 2023
Cops track down ransomware developer and seize Ragnar Locker infrastructure and data-leak site, Europol says.
0
Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile
A spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.
0
Freelance Market Flooded With North Korean IT Actors
US DoJ: Beware of hiring freelance and temporary workers that could be operatives working to funnel money to North Korea's WMD program.
0
Telling Small Businesses to Buy Cyber Insurance Isn't Enough
To protect themselves from threats, companies also need proactive cybersecurity.
0
FedRAMP Rev. 5: How Cloud Service Providers Can Prepare
What cloud service providers need to know to prepare for FedRAMP Baselines Rev. 5, as documented in the new Transition Guide.
0
Cisco Finds New Zero Day Bug, Pledges Patches in Days
Thứ Sáu, 20 tháng 10, 2023
A patch for the max severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat.
0
DoD Gets Closer to Nominating Cyber Policy Chief
Though there is speculation regarding potential candidates, the Department of Defense will likely not nominate someone in the near term.
0
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
0
SIM Card Ownership Slashed in Burkina Faso
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
0
Europol Strike Wounds Ragnar Locker Ransomware Group
Thứ Năm, 19 tháng 10, 2023
Several countries in Europe as well as the United States and Japan were involved in the operation, which is aimed at defanging one of the bigger names in ransomware.
0
Tips for a Successful SecOps Game Plan
Dark Reading's special report on SecOps data analytics looks at the elements needed to set up a proper data foundation. Getting the data right when collecting, aggregating, and analyzing it is essential.
0
AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.
0
Q&A: The Outlook for Israeli Cyber Startups, As War Clouds Gather
Amid the burgeoning war, Israel's tech sector is focused on resilience. Ofer Schreiber, senior director at YL Ventures, weighs in on the conflict, funding for cybersecurity startups, overblown valuations, and what the future holds.
0
OCP Launches SAFE to Standardize Firmware Audits
Thứ Tư, 18 tháng 10, 2023
Under the Security Appraisal Framework and Enablement (SAFE) program, device manufacturers would be able to work with approved auditors to verify firmware.
0
The Most Popular IT Admin Password Is Totally Depressing
Analysis of more than 1.8 million admin portals reveals IT leaders, with the highest privileges, are just as lazy about passwords as everyone else.
0
EPA Turns Off Taps on Water Utility Cyber Regulations
Facing a potential cascade of legal challenges from industry groups and state attorneys general, the EPA has rescinded its cyber-rules. But where does that leave local water safety?
0
Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack
Thứ Ba, 17 tháng 10, 2023
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
0
UAE, US Partner to Bolster Financial Services Cybersecurity
The two countries agree to share financial services information and provide cross-border training and best practices.
0
Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.
0
‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
0
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
Thứ Hai, 16 tháng 10, 2023
No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.
0
'RomCom' Cyber Campaign Targets Women Political Leaders
A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.
0
Name That Toon: Modern Monarchy
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
0
Pro-Israeli Hacktivist Group Predatory Sparrow Reappears
It's been a year since its last communication and attack on Iran — but the conflict with Hamas appears to have reactivated the group.
0
How Data Changes the Cyber-Insurance Market Outlook
By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.
0
3 Essential Steps to Strengthen SaaS Security
SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management.
0
Security Pros Warn that EU's Vulnerability Disclosure Rule is Risky
Thứ Sáu, 13 tháng 10, 2023
The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.
0
Gaza Conflict Paves Way for Pro-Hamas Information Operations
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.
0
Brands Beware: X's New Badge System Is a Ripe Cyber-Target
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
0
Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime's Chagrin
Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming. language.
0
Simpson Manufacturing Launches Investigation After Cyberattack
The company has taken down its systems in an effort to determine the scope of the attack.
0
The Cyberwar Between the East and the West Goes Through Africa
By working cooperatively, the West and Africa can mobilize to tackle nation-state-backed cyber threats.
0
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
Thứ Tư, 11 tháng 10, 2023
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
0
Curl Bug Hype Fizzles After Patching Reveal
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.
0
Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
0
Gaza Conflict: How Israeli Cybersecurity Will Respond
The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the cyber-front.
0
Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
0
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
0
New One-Click Exploit Is a Supply Chain Risk for Linux OSes
Thứ Ba, 10 tháng 10, 2023
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.
0
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
0
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict
DDoS for hire and live attacks hit both sides as cyber campaigns continue.
0
How Keyloggers Have Evolved From the Cold War to Today
Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.
0
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.
0
Old-School Attacks Are Still a Danger, Despite Newer Techniques
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.
0
Hacktivists Enter Fray Following Hamas Strikes Against Israel
Thứ Hai, 9 tháng 10, 2023
Killnet, Anonymous Sudan, along with other groups, pick up up their Middle East activities as war breaks out.
0
'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits
Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.
0
Operation Behind Predator Mobile Spyware Is 'Industrial Scale'
The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others.
0
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet
Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.
0
Cybersecurity Talent in America: Bridging the Gap
It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.
0
The Need for Speed: When Cloud Attacks Take Only 10 Minutes
Security sensors are common in the home for both prevention and response in the event something goes wrong. But in the cloud, have you taken the same approach?
0
Google, Yahoo Push DMARC, Forcing Companies to Catch Up
Thứ Sáu, 6 tháng 10, 2023
The move means that DMARC, already in use by half of enterprises, will become table stakes for anyone using email for marketing.
0
Too Rich To Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.
0
Suspected Crime Gang Hacks Israeli President's Telegram Account
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."
0
Quash EDR/XDR Exploits With These Countermeasures
Thứ Năm, 5 tháng 10, 2023
With tools and hacker groups constantly evading defenses, expanding cybersecurity beyond endpoint security becomes crucial.
0
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
0
Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.
0
Stealthy, Thieving Python Packages Slither Onto Windows Systems
A campaign that's been active since April has already racked up nearly 75,000 downloads, stealing data and cryptocurrency in the process.
0
Critical 'ShellTorch' Flaws Light Up Open Source AI Users, Like Google
The vulnerabilities exist in the widely used TorchServe framework, used by Amazon, Google, Walmart, and many other heavy hitters.
0
Unkillable? Qakbot Infections Fly On Even After Its High-Profile Raid
A literal seven-nation (cyber) army wasn't enough to hold back the famous initial access broker (IAB) for long — it's been chugging along, spreading ransomware, despite a massive takedown in August.
0
Breaches Are the Cost of Doing Business, but NIST Is Here to Help
Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.
0
Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
0
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again
Defenders have been left scrambling after the way patches were released for six flaws in the open source mail server, which is the most popular mail transfer agent on the Internet.
0
Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
Thứ Ba, 3 tháng 10, 2023
Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.
0
USPS Anchors Snowballing Smishing Campaigns
Researchers found 164 domains connected to a single threat actor located in Tehran.
0
North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
Thứ Hai, 2 tháng 10, 2023
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
0
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
0
Addressing AI and Security Challenges With Red Teams: A Google Perspective
Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments.
0
Which DFIR Challenges Does the Middle East Face?
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?
0
Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
0
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk
The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
0
Securing AI: What You Should Know
Thứ Sáu, 29 tháng 9, 2023
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
0
DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
0
How Can Your Security Team Help Developers Shift Left?
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
0
DHS Calls Into Question Physical Security in Johnson Controls Cyberattack
An internal memo notes of DHS floor plans that could have been accessed in the breach.
0
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
Thứ Năm, 28 tháng 9, 2023
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
0
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
0
New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
0
Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
0
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
0
Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool
Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.
0
Researchers Release Details of New RCE Exploit Chain for SharePoint
One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution.
0
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance.
0
Microsoft Adds Passkeys to Windows 11
It's the latest step in the gradual shift away from traditional passwords.
0
Threat Data Feeds and Threat Intelligence Are Not the Same Thing
It's important to know the difference between the two terms. Here's why.
0
HD Moore's Discovery Journey
Thứ Ba, 26 tháng 9, 2023
Metasploit creator's shift into enterprise asset discovery and passive scanning with startup runZero is a natural evolution of his exploratory cyber career.
0
4 Pillars for Building a Responsible Cybersecurity Disclosure Program
Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community.
0
Chad Taps Huawei for Digital Modernization Project
Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant.
0
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels
A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.
0
Proactive Security: What It Means for Enterprise Security Strategy
Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.
0
Xenomorph Android Malware Targets Customers of 30 US Banks
Thứ Hai, 25 tháng 9, 2023
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
0
MOVEit Flaw Leads to 900 University Data Breaches
National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.
0
UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack
The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.
0
The Hot Seat: CISO Accountability in a New Era of SEC Regulation
Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.
0
Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks
Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.
0
Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
0
Do CISOs Have to Report Security Flaws to the SEC?
Thứ Sáu, 22 tháng 9, 2023
The new SEC rules make it seem that there is no need to report the presence of security vulnerabilities, but that doesn't quite tell the full story.
0
TikTok API Rules Stymie Analysis of US User Data, Academics Say
Terms of service for API access give TikTok publication review over findings and limit access to critical data on the platform's impact on US users, researchers say.
0
Hackers Let Loose on Voting Gear Ahead of US Election Season
Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.
0
NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
The league is working with more than 100 partners to workshop responses to a host of hypothetical cyberattacks on the upcoming Big Game in Las Vegas.
0
Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation
Thứ Năm, 21 tháng 9, 2023
0
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
0
T-Mobile Racks Up Third Consumer Data Exposure of 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
0
MGM Restores Casino Operations 10 Days After Cyberattack
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.
0
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns
A working group is rolling out in developing parts of the world, in response to concerns about the amount of technology being rolled out and across Africa by Chinese companies.
0
Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments
Thứ Tư, 20 tháng 9, 2023
0
International Criminal Court Suffers Cyberattack
The ICC did not reveal details on the cyber breach.
0
How Choosing Authentication Is a Business-Critical Decision
MFA may go a long way in improving password security, but it's not foolproof.
0
Changing Role of the CISO: A Holistic Approach Drives the Future
The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology.
0
Pro-Iranian Attackers Target Israeli Railroad Network
The group known as "Cyber Avengers" has targeted other Israeli services in the past and often publishes technical details of its hits.
0
Welcome to the Resilience Revolution, Where Defenders Act More Like Attackers
Thứ Ba, 19 tháng 9, 2023
Dark Reading News Desk interviewed Kelly Shortridge about the role of infrastructure-as-code in helping security teams get more nimble in responding to cyber threats.
0
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
0
Trend Micro Patches Zero-Day Endpoint Vulnerability
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.
0
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents
MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.
0
Qatar Cyber Chiefs Warn on Mozilla RCE Bugs
The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.
0
Name That Toon: Somewhere in Sleepy Hollow
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
0
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.
0
Security Conferences Keep Us Honest
Thứ Hai, 18 tháng 9, 2023
Conferences are where vendors and security researchers meet face to face to address problems and discuss solutions — in public.
0
LockBit Is Using RMMs to Spread Its Ransomware
The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.
0
Companies Explore Ways to Safeguard Data in the Age of LLMs
Generative AI models are forcing companies to become creative in how they keep employees from giving away sensitive data.
0
How to Get Your Board on Board With Cybersecurity
CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.
0
Dragos Raises $74M in Latest Funding Round
The funds will be used to expand its global presence beyond Europe and the US.
0
A Playbook for Bridging Africa's Cybersecurity Skills Shortage
A pledge to solve the skills and talent shortage by the US government has seen one Nigerian company join the effort and aid Africa.
0
Supporting Africa's Cybersecurity Talent Makes the World Safer
The global infosec community needs to help African nations defend against growing threats.
0
AI in Software Development: The Good, the Bad, and the Dangerous
Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.
0
Microsoft Flushes Out 'Ncurses' Gremlins
Thứ Sáu, 15 tháng 9, 2023
The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.
0
Why Shared Fate is a Better Way to Manage Cloud Risk
The shared responsibility model was good enough to cover the first years of the cloud revolution, but the model is showing its limitations. Shared fate is a more mature model for the future of cloud security.
0
Greater Manchester Police Hack Follows Third-Party Supplier Fumble
This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.
0
Microsoft Teams Hacks Are Back, As Storm-0324 Embraces TeamsPhisher
Thứ Năm, 14 tháng 9, 2023
Collaboration apps are a boost to business productivity, but also a uniquely attractive target for cyberattackers.
0
Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist
The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.
0
MGM, Caesars File SEC Disclosures on Cybersecurity Incidents
Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC.
0
Cybercriminals Use Webex Brand to Target Corporate Users
The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.
0
Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor
The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.
0
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
0
How to Transform Security Awareness Into Security Culture
Leverage the human layer as a crucial cog in building cyber resilience within the organization.
0
Professional Sports: The Next Frontier of Cybersecurity?
Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.
0
'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
The ransomware group is a collection of young adults, and also recently breached Caesars Entertainment and made a ransom score in the tens of millions range.
0
Federal Mandates on Medical-Device Cybersecurity Get Serious
In October, the US Food and Drug Administration will start rejecting medical devices that lack a secure design or a post-market cybersecurity plan.
0
Microsoft Azure HDInsight Plagued With XSS Vulnerabilities
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
0
When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'
Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.
0
Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors
The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.
0
Microsoft Patches a Pair of Actively Exploited Zero-Days
Thứ Ba, 12 tháng 9, 2023
Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now.
0
China's Winnti APT Compromises National Grid in Asia for 6 Months
Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off.
0
Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen
Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.
0
MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations
Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack.
0
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities
By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.
0
The Double-Edged Sword of Cyber Espionage
State-sponsored attacks are alarming and difficult to prevent, but they suffer from a fundamental weakness that can be leveraged by defenders.
0
'Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack
Telegram has not stated why it has suspended the group's primary account, but it is likely due to its use of bots.
0
Iran's Charming Kitten Pounces on Israeli Exchange Servers
Thứ Hai, 11 tháng 9, 2023
Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.
0
Being Flexible Can Improve Your Security Posture
Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.
0
'Steal-It' Campaign Uses OnlyFans Models as Lures
Custom PowerShell scripts are being deployed against geofenced targets in Australia, Belgium, and Poland to exfiltrate data.
0
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.
0
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security
Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users.
0
Overcoming the Rising Threat of Session Hijacking
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.
0
Microsoft, Google Take on Obsolete TLS Protocols
Thứ Sáu, 8 tháng 9, 2023
Google shortened the lifetime of Transport Layer Security (TLS) certificates, and Microsoft plans to downgrade support for older versions, giving companies more data security but also removing visibility into their own traffic.
0
3 Ways to Expand the Cyber Talent Pool From Splash Pad to Watering Hole
Why — and how — "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.
0
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
0
Software Supply Chain Strategies to Parry Dependency Confusion Attacks
Thứ Năm, 7 tháng 9, 2023
Bad actors practice to deceive package managers with a tangled web of methods. Here's how to hoist them by their own petard.
0
Security for Multicloud and Hybrid Cloud Environments
In multicloud environments, security challenges are most common at the connecting points between different clouds. Internal cloud security skill sets and cloud-native security tools are also key.
0
Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.
0
NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
Deepfake videos and audio of NFL players and phishing communications via ChatGPT-like tools are a worry, the NFL's CISO says.
0
Weaponized Windows Installers Target Graphic Designers in Crypto Heist
Attackers use legitimate Windows installer to hide malicious scripts that install a backdoor and miners that leverage victims' graphics processing power.
0
How New SEC Rules Can Benefit Cybersecurity Teams
Securities and Exchange Commission rules elevate cybersecurity to a critical strategic concern and compel businesses to prioritize cyber resilience.
0
Coding Tips to Sidestep JavaScript Vulnerabilities
Thứ Tư, 6 tháng 9, 2023
This Tech Tip focuses on best security practices to write secure JavaScript code.
0
Cybersecurity Builds Trust in Critical Infrastructure
Improving an energy company's resistance to cyberattack does more than protect vital resources — it enhances trust from customers and investors.
0
W3LL Gang Compromises Thousands of Microsoft 365 Accounts
A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents.
0
AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses
All it takes is a simple copy-paste to undo a VPN service used by millions worldwide.
0
MinIO Attack Showcases Fresh Corporate Cloud Attack Vector
The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.
0
Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility
The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.
0
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
GhostSec has made what the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.
0
Russia Undertakes Disinformation Campaign Across Africa
Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.
0
How Companies Can Cope With the Risks of Generative AI Tools
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
0
Name That Edge Toon: Prized Possessions
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
0
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
0
Realism Reigns on AI at Black Hat and DEF CON
Thứ Hai, 4 tháng 9, 2023
Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.
0
Facing Third-Party Threats With Non-Employee Risk Management
As businesses continue to grapple with third-party threats, a revamped approach to non-employee risk management can help limit their potential exposure.
0
AI for Good: Voxel AI Tech Increases Funding to $30M With Strategic Funding Round
Thứ Sáu, 1 tháng 9, 2023
0
US Government Denies Blocking Sales of AI Chips to Middle East
Nvidia and AMD do face expanded export rules for their A100 and H100 artificial intelligence (AI) chips in the Middle East, but it's not yet clear why.
0
Key Group Ransomware Foiled by New Decryptor
Researchers crack Key Group's ransomware encryption and release free tool for victim organizations to recover their data.
0
NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns
The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.
0
Insurance Costs Rise, Coverage Shrinks, But Policies Remain Essential
Thứ Năm, 31 tháng 8, 2023
The number of companies that have used their cyber insurance policies multiple times rises, but policy coverage grows more expensive and less comprehensive.
0
Cybercriminals Team Up to Upgrade 'SapphireStealer' Malware
A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features.
0
Apple iPhone 14 Pro Offered Up to the Hacking Masses
Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.
0
A Brief History of ICS-Tailored Attacks
It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers.
0
Adversaries Ride RocketMQ Bug to DreamBus Bot Resurgence
Last seen in 2021, DreamBus Monero crypto bot is back and finding new life on vulnerable RocketMQ servers.
0
Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps
Thứ Tư, 30 tháng 8, 2023
Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.
0
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware
A sophisticated threat actor managed to fly under the radar for three years, despite flexing serious muscle.
0
New York Times Spoofed to Hide Russian Disinformation Campaign
"Operation Doppelganger" has convincingly masqueraded as multiple news sites with elaborate fake stories containing real bylines of journalists, blasting them out on social media platforms.
0
4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught
Through strategic measures and a united front, the finance industry can overcome the looming threat of deepfakes.
0
Meta Cripples China's Signature 'Spamouflage' Influence Op
The social media giant is taking on Dragonbridge, the "largest known cross-platform covert influence operation in the world."
0
MOVEit Was a SQL Injection Accident Waiting to Happen
SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.
0
South African Department of Defence Denies Stolen Data Claims
Attackers leaked 1.6TB of stolen data, which government officials dismissed as "fake news."
0
Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.
0
Here's What Your Breach Response Plan Might Be Missing
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.
0
Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits
Thứ Hai, 28 tháng 8, 2023
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.
0
London Police Warned to Stay Vigilant Amid Major Data Breach
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.
0
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.
0
Authentication Outage Underscores Why 'Fail Safe' Is Key
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.
0
Legal Liability for Insecure Software Might Work, but It's Dangerous
Imposing government-regulated security requirements on software companies may go too far and create unintended consequences.
0
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research
Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure.
0
Vendors Training AI With Customer Data is an Enterprise Risk
Thứ Bảy, 26 tháng 8, 2023
While Zoom has scrapped plans to harvest customer content for use in its AI and ML models, the incident should raise concerns for enterprises and consumers a like.
0
China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns
The cyber espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.
0
Luna Grabber Malware Targets Roblox Gaming Devs
Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by “promot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.”
0
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds
Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.
0
US Space Industry More Prone to Foreign Espionage, US Agencies Warn
Foreign intelligence entities have the US space industry in their sights, posing serious threats to US national security, multiple federal agencies say.
0
Ransomware With an Identity Crisis Targets Small Businesses, Individuals
TZW is the latest version of Adhubllka, which has been active since 2019 but has gone largely unreported due to its lower ransom demands.
0
North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT
The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.
0
eSentire Labs Open Sources Project to Monitor LLMs
The eSentire LLM Gateway provides monitoring and governance of ChatGPT and other Large Language Models being used in the organization.
0
Prelude Security Tackles Continuous Security Testing in Containers
Thứ Tư, 23 tháng 8, 2023
Probes are tiny processes which run inside containers and scan applications for vulnerabilities.
0
Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts
Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.
0
FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group
The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.
0
Name That Toon: Swift as an Arrow
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
0
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
Thứ Ba, 22 tháng 8, 2023
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.
0
When Leadership Style Is a Security Risk
Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.
0
The Physical Impact of Cyberattacks on Cities
Understanding potential threats and regularly updating response plans are the best lines of defense in the new world of cyberattacks.
0
New NCUA Rule Requires Credit Unions to Report Cyberattacks Within 3 Days
The updated cybersecurity reporting rule from the National Credit Union Administration takes effect Sept. 1.
0
'Cuba' Ransomware Group Uses Every Trick in the Book
How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations.
0
Chinese APT Targets Hong Kong in Supply Chain Attack
Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.
0
Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology
Thứ Hai, 21 tháng 8, 2023
Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.
0
Energy One Investigates Cyberattack
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.
0
Generative AI Is Scraping Your Data. So, Now What?
AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.
0
DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws
Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.
0
Visibility Is Just Not Enough to Secure Operational Technology Systems
Visibility is just the first step to secure your operational technology environment against today's threats. You need a proactive, defense-in-depth approach.
0
App Security Posture Management Improves Software Security, Synopsys Says
Thứ Sáu, 18 tháng 8, 2023
In this Dark Reading News Desk segment, Jim Ivers and Natasha Gupta of Synopsys discuss application security posture management and software consolidation.
0
Time To Address What’s Undermining SaaS Security, AppOmni Says
In this Dark Reading News Desk segment, Brendan O'Connor, CEO and Co-Founder of AppOmni describes some of the biggest security challenges for securing software-as-a-service (SaaS) applications.
0
PKI Maturity Model Aims to Improve Crypto Infrastructure
Joining a growing group of cybersecurity-related "maturity models," PKIMM allows companies to measure their progress, benchmark themselves against other firms.
0
Expand Your Definition of ‘Endpoint,’ Get a Better Handle On Cloud Threats
In this Dark Reading News Desk segment, Sysdig's Anna Belak discusses how the boom in cloud services and applications expanded the definition of what constitutes an endpoint.
0
African Cybercrime Operations Shut Down in Law Enforcement Operation
Interpol- and Afripol-led crackdown disrupts cybercrime ecosystem responsible for some $40 million in losses to victims.
0
Interpres: Getting the Most Out of Threat Intelligence Resources
Thứ Năm, 17 tháng 8, 2023
In this Dark Reading News Desk segment, Interpres Security's Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings.
0
TXOne: How to Improve Your Operational Technology Security Posture
In this Dark Reading News Desk segment, Terence Liu of TXOne Networks discusses operational technology and industrial cybersecurity.
0
Normalyze: How Focusing On Data Can Improve Cloud Security
In this Dark Reading News Desk segment, Normalyze’s Ravi Ithal discusses cloud security and data security posture management (DPSM).
0
White House Orders Federal Agencies to Bolster Cyber Safeguards
A Biden administration adviser puts federal departments and agencies on notice to come into full compliance with presidential guidelines by the end of the year.
0
LinkedIn Suffers 'Significant' Wave of Account Hacks
Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.
0
Researchers Harvest, Analyze 100K Cybercrime Forum Credentials
Thứ Tư, 16 tháng 8, 2023
Researchers found that many Dark Web forums have stronger password rules than most government and military entities.
0
Insurance Data Breach Victims File Class-Action Suit Against Law Firm
This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.
0
Mirai Common Attack Methods Remain Consistent, Effective
While relatively unchanged, the notorious IoT botnet still continues to drive DDoS.
0
The Gulf's Dizzying Tech Ambitions Present Risk & Opportunity
Threats and opportunities are abound for the UAE and Gulf states, so can they deal with being a cybersecurity stronghold?
0
Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.
0
Discord.io Temporarily Shuts Down Amid Breach Investigation
The platform plans to revamp its website code and conduct "a complete overhaul" of its security practices.
0
AI Steals Passwords by Listening to Keystrokes With Scary Accuracy
The AI model trained on typing recorded over a smartphone was able to steal passwords with 95% accuracy.
0
Bolstering Africa’s Cybersecurity
A thriving economy needs several factors to continue an upward trajectory — but is Africa in a position to enable these factors to take place?
0
Microsoft Cloud Security Woes Inspire DHS Security Review
Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try.
0
How & Why Cybercriminals Fabricate Data Leaks
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.
0
Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department
Thứ Hai, 14 tháng 8, 2023
State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.
0
Interpol Shuts Down Phishing Service '16shops'
Global law enforcement operation leads to arrests of suspects behind sale of popular phishing kits.
0
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models
Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.
0
5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.
0
How to Choose a Managed Detection and Response (MDR) Solution
MDR empowers organizations with enhanced security. Look for these four capabilities when selecting an MDR product.
0
3 Mobile or Client-Side Security Myths Debunked
The industry's understanding of mobile or client-side security is too limited, leaving many mobile apps vulnerable. Don't let these three myths lead you astray.
0
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up
Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques.
0
Threat Intelligence Efforts, Investment Lagging, Says Opswat
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.
0
CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain
Thứ Năm, 10 tháng 8, 2023
Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.
0
Dell Credentials Bug Opens VMWare Environments to Takeover
Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.
0
Cyber Insurance Experts Make a Case for Coverage, Protection
At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage — and the risk of doing without.
0
EvilProxy Cyberattack Flood Targets Execs via Microsoft 365
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations
0
The Hard Realities of Setting AI Risk Policy
Time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.
0
Cybersecurity: It's Time to Trust the Machines
When it comes to cybersecurity automation, the pluses outweigh the minuses.
0
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says
Thứ Tư, 9 tháng 8, 2023
Wi-Fi settings are easily stolen when old gadgets are gotten rid of, which puts end users in the crosshairs for network attacks.
0
It's Time for Cybersecurity to Talk About Climate Change
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.
0
Safety of Officers & Civilians of PSNI Compromised in Major Data Breach
A mistake snowballs into a serious political issue as the safety of police officers in Northern Ireland is compromised in an accidental data leak.
0
Top 3 Insights I Learned at Recent Cybersecurity Events
Events like RSA Conference and Infosecurity Europe provide industry collaboration opportunities required to address the evolving cybersecurity threat landscape.
0
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications
Thứ Ba, 8 tháng 8, 2023
Further TETRA-related vulnerabilities have been disclosed in base stations that run and decrypt the worldwide communications protocol for industrial systems.
0
Custom Yashma Ransomware Crashes Into the Scene
The threat actor is targeting organizations in Bulgaria, China, Vietnam, and various English-speaking nations.
0
Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised
Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints.
0
The Problem With Cybersecurity (and AI Security) Regulation
Are we really improving security, or are we just imposing more regulation?
0
10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance
More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated.
0
How to Prepare for ChatGPT's Risk Management Challenges
ChatGPT promises to transform all sorts of corporate business functions, but your business needs to be prepared to address the new risks that come with it.
0
SANS Teaches Cybersecurity Leadership in Saudi Arabia
Thứ Hai, 7 tháng 8, 2023
Infosecurity learning modules will cover security planning, policy, and leadership.
0
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.
0
Colorado Dept. of Higher Education Hit With Massive Data Breach
Last week, the department uncovered a data breach that occurred back in June stemming from what it deems to be a cybersecurity ransomware incident.
0
Selling Software to the US Government? Know Security Attestation First
Challenging new safety requirements are needed to improve security and work toward a more secure future.
0
Name That Edge Toon: How Now?
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
0
The Dark Web Is Expanding (As Is the Value of Monitoring It)
Rising cybercrime threats heighten risks. Dark Web monitoring offers early alerts and helps lessen exposures.
0
Salesforce Zero-Day Exploited to Phish Facebook Credentials
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
0
Burger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.
0
Hawaii's Gemini North Observatory Suspended After Cyberattack
It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.
0
Exclusive: CISA Sounds the Alarm on UEFI Security
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
0
Instagram Flags AI-Generated Content
Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.
0
Iranian Company Plays Host to Reams of Ransomware, APT Groups
Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.
Đăng ký:
Bài đăng (Atom)
