Insurance Costs Rise, Coverage Shrinks, But Policies Remain Essential

The number of companies that have used their cyber insurance policies multiple times rises, but policy coverage grows more expensive and less comprehensive.

Cybercriminals Team Up to Upgrade 'SapphireStealer' Malware

A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features.

Apple iPhone 14 Pro Offered Up to the Hacking Masses

Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.

A Brief History of ICS-Tailored Attacks

It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers.

Adversaries Ride RocketMQ Bug to DreamBus Bot Resurgence

Last seen in 2021, DreamBus Monero crypto bot is back and finding new life on vulnerable RocketMQ servers.

Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps

Thousands of devices have become infected with "BadBazaar," malware previously used to spy on Uyghur and Turkic ethnic minorities in China.

APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware

A sophisticated threat actor managed to fly under the radar for three years, despite flexing serious muscle.

New York Times Spoofed to Hide Russian Disinformation Campaign

"Operation Doppelganger" has convincingly masqueraded as multiple news sites with elaborate fake stories containing real bylines of journalists, blasting them out on social media platforms.

4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught

Through strategic measures and a united front, the finance industry can overcome the looming threat of deepfakes.

Delinea Research Reveals a Cyber Insurance Gap

Meta Cripples China's Signature 'Spamouflage' Influence Op

The social media giant is taking on Dragonbridge, the "largest known cross-platform covert influence operation in the world."

MOVEit Was a SQL Injection Accident Waiting to Happen

SQL injection and its ilk will stop being "a thing" only after organizations focus on security by construction.

South African Department of Defence Denies Stolen Data Claims

Attackers leaked 1.6TB of stolen data, which government officials dismissed as "fake news."

Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs

CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.

Here's What Your Breach Response Plan Might Be Missing

The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.

Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits

TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.

London Police Warned to Stay Vigilant Amid Major Data Breach

Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.

5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration

With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.

Authentication Outage Underscores Why 'Fail Safe' Is Key

Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.

Legal Liability for Insecure Software Might Work, but It's Dangerous

Imposing government-regulated security requirements on software companies may go too far and create unintended consequences.

Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research

Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure.

Vendors Training AI With Customer Data is an Enterprise Risk

While Zoom has scrapped plans to harvest customer content for use in its AI and ML models, the incident should raise concerns for enterprises and consumers a like.

Genworth Financial Under Investigation for Data Breach

China Unleashes Flax Typhoon APT to Live Off the Land, Microsoft Warns

The cyber espionage group has created a stealthy, hard-to-mitigate network of persistent access across a range of organizations, but the endgame is unclear.

Luna Grabber Malware Targets Roblox Gaming Devs

Roblox gaming developers are lured in by a package that claims to create useful scripts to interact with the Roblox website, for example by “promot(ing) users, shout events, and so on, or to create Discord utiltiies (sic) to manage their community.”

'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds

Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.

Critical Insight Releases H1 2023 Report

Black Hat USA 2023 Closes on Record-Breaking Event in Las Vega

Malwarebytes Announces Acquisition of Online Privacy Company Cyrus

Cypago Raises $13M and Unveils its Cyber GRC Automation (CGA) Platform to Simplify GRC Processes

US Space Industry More Prone to Foreign Espionage, US Agencies Warn

Foreign intelligence entities have the US space industry in their sights, posing serious threats to US national security, multiple federal agencies say.

Ransomware With an Identity Crisis Targets Small Businesses, Individuals

TZW is the latest version of Adhubllka, which has been active since 2019 but has gone largely unreported due to its lower ransom demands.

North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT

The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.

eSentire Labs Open Sources Project to Monitor LLMs

The eSentire LLM Gateway provides monitoring and governance of ChatGPT and other Large Language Models being used in the organization.

Prelude Security Tackles Continuous Security Testing in Containers

Probes are tiny processes which run inside containers and scan applications for vulnerabilities.

Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts

Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.

FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group

The most recent stolen bitcoin comes just after three major operations occurred in June, with millions stolen in each heist.

Name That Toon: Swift as an Arrow

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.

When Leadership Style Is a Security Risk

Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.

The Physical Impact of Cyberattacks on Cities

Understanding potential threats and regularly updating response plans are the best lines of defense in the new world of cyberattacks.

New NCUA Rule Requires Credit Unions to Report Cyberattacks Within 3 Days

The updated cybersecurity reporting rule from the National Credit Union Administration takes effect Sept. 1.

'Cuba' Ransomware Group Uses Every Trick in the Book

How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations.

Chinese APT Targets Hong Kong in Supply Chain Attack

Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.

Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.

Energy One Investigates Cyberattack

Energy One is trying to determine the initial point of entry and whether personal information has been compromised.

Generative AI Is Scraping Your Data. So, Now What?

AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.

DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws

Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.

Visibility Is Just Not Enough to Secure Operational Technology Systems

Visibility is just the first step to secure your operational technology environment against today's threats. You need a proactive, defense-in-depth approach.

App Security Posture Management Improves Software Security, Synopsys Says

In this Dark Reading News Desk segment, Jim Ivers and Natasha Gupta of Synopsys discuss application security posture management and software consolidation.

Time To Address What’s Undermining SaaS Security, AppOmni Says

In this Dark Reading News Desk segment, Brendan O'Connor, CEO and Co-Founder of AppOmni describes some of the biggest security challenges for securing software-as-a-service (SaaS) applications.

PKI Maturity Model Aims to Improve Crypto Infrastructure

Joining a growing group of cybersecurity-related "maturity models," PKIMM allows companies to measure their progress, benchmark themselves against other firms.

Expand Your Definition of ‘Endpoint,’ Get a Better Handle On Cloud Threats

In this Dark Reading News Desk segment, Sysdig's Anna Belak discusses how the boom in cloud services and applications expanded the definition of what constitutes an endpoint.

African Cybercrime Operations Shut Down in Law Enforcement Operation

Interpol- and Afripol-led crackdown disrupts cybercrime ecosystem responsible for some $40 million in losses to victims.

Interpres: Getting the Most Out of Threat Intelligence Resources

In this Dark Reading News Desk segment, Interpres Security's Nick Lantuh discusses how security practitioners can get the most out of various threat intelligence offerings.

ISC2 Announces Milestone As Community Grows to Half a Million

Foretrace Announces Launch of "Tim," Generative AI Analyst for Assessing and Responding to Data Leaks

TXOne: How to Improve Your Operational Technology Security Posture

In this Dark Reading News Desk segment, Terence Liu of TXOne Networks discusses operational technology and industrial cybersecurity.

Normalyze: How Focusing On Data Can Improve Cloud Security

In this Dark Reading News Desk segment, Normalyze’s Ravi Ithal discusses cloud security and data security posture management (DPSM).

White House Orders Federal Agencies to Bolster Cyber Safeguards

A Biden administration adviser puts federal departments and agencies on notice to come into full compliance with presidential guidelines by the end of the year.

LinkedIn Suffers 'Significant' Wave of Account Hacks

Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.

Researchers Harvest, Analyze 100K Cybercrime Forum Credentials

Researchers found that many Dark Web forums have stronger password rules than most government and military entities.

Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets

67% of Federal Government Agencies Are Confident in Meeting Zero Trust Executive Order Deadline

Call for Applications Open for DataTribe's Sixth Annual Cybersecurity Startup Challenge

Insurance Data Breach Victims File Class-Action Suit Against Law Firm

This time, it's the law firm that got breached, then sued for what victims claim was inadequate protection and compensation for theft of personal data.

Beyond Identity Launches Passkey Adoption Tool, The Passkey Journey

Mirai Common Attack Methods Remain Consistent, Effective

While relatively unchanged, the notorious IoT botnet still continues to drive DDoS.

The Gulf's Dizzying Tech Ambitions Present Risk & Opportunity

Threats and opportunities are abound for the UAE and Gulf states, so can they deal with being a cybersecurity stronghold?

OX Security Receives Strategic Investment From IBM Ventures

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service

Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.

Discord.io Temporarily Shuts Down Amid Breach Investigation

The platform plans to revamp its website code and conduct "a complete overhaul" of its security practices.

AI Steals Passwords by Listening to Keystrokes With Scary Accuracy

The AI model trained on typing recorded over a smartphone was able to steal passwords with 95% accuracy.

Bolstering Africa’s Cybersecurity

A thriving economy needs several factors to continue an upward trajectory — but is Africa in a position to enable these factors to take place?

Microsoft Cloud Security Woes Inspire DHS Security Review

Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try.

How & Why Cybercriminals Fabricate Data Leaks

A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.

Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department

State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.

Interpol Shuts Down Phishing Service '16shops'

Global law enforcement operation leads to arrests of suspects behind sale of popular phishing kits.

Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models

Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.

5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments

Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.

How to Choose a Managed Detection and Response (MDR) Solution

MDR empowers organizations with enhanced security. Look for these four capabilities when selecting an MDR product.

3 Mobile or Client-Side Security Myths Debunked

The industry's understanding of mobile or client-side security is too limited, leaving many mobile apps vulnerable. Don't let these three myths lead you astray.

DARPA Taps RTX to Attune AI Decisions to Human Values

Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House's Cyber Initiatives

As Phishing Gets Even Sneakier, Browser Security Needs to Step Up

Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques.

Threat Intelligence Efforts, Investment Lagging, Says Opswat

In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.

CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain

Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.

Dell Credentials Bug Opens VMWare Environments to Takeover

Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.

Cyber Insurance Experts Make a Case for Coverage, Protection

At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage — and the risk of doing without.

EvilProxy Cyberattack Flood Targets Execs via Microsoft 365

A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations

The Hard Realities of Setting AI Risk Policy

Time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.

SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks

Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster

Osano Secures $25M Series B to Advance Data Privacy Platform

Cybersecurity: It's Time to Trust the Machines

When it comes to cybersecurity automation, the pluses outweigh the minuses.

Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says

Wi-Fi settings are easily stolen when old gadgets are gotten rid of, which puts end users in the crosshairs for network attacks.

It's Time for Cybersecurity to Talk About Climate Change

From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.

Safety of Officers & Civilians of PSNI Compromised in Major Data Breach

A mistake snowballs into a serious political issue as the safety of police officers in Northern Ireland is compromised in an accidental data leak.

Top 3 Insights I Learned at Recent Cybersecurity Events

Events like RSA Conference and Infosecurity Europe provide industry collaboration opportunities required to address the evolving cybersecurity threat landscape.

Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications

Further TETRA-related vulnerabilities have been disclosed in base stations that run and decrypt the worldwide communications protocol for industrial systems.

Custom Yashma Ransomware Crashes Into the Scene

The threat actor is targeting organizations in Bulgaria, China, Vietnam, and various English-speaking nations.

Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised

Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints.

The Problem With Cybersecurity (and AI Security) Regulation

Are we really improving security, or are we just imposing more regulation?

10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance

More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated.

How to Prepare for ChatGPT's Risk Management Challenges

ChatGPT promises to transform all sorts of corporate business functions, but your business needs to be prepared to address the new risks that come with it.

SANS Teaches Cybersecurity Leadership in Saudi Arabia

Infosecurity learning modules will cover security planning, policy, and leadership.

Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics

The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.

Colorado Dept. of Higher Education Hit With Massive Data Breach

Last week, the department uncovered a data breach that occurred back in June stemming from what it deems to be a cybersecurity ransomware incident.

Selling Software to the US Government? Know Security Attestation First

Challenging new safety requirements are needed to improve security and work toward a more secure future.

Name That Edge Toon: How Now?

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

The Dark Web Is Expanding (As Is the Value of Monitoring It)

Rising cybercrime threats heighten risks. Dark Web monitoring offers early alerts and helps lessen exposures.

Cloud Security Market Worth $62.9B by 2028

Endor Labs Raises $70M to Reform Application Security and Eliminate Developer Productivity Tax

Salesforce Zero-Day Exploited to Phish Facebook Credentials

The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.

Burger King Serves Up Sensitive Data, No Mayo

The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.

Hawaii's Gemini North Observatory Suspended After Cyberattack

It is unclear who the threat actors were or what kind of cyberattack was attempted on the observatory, but for now it, and a sister site in Chile, remain closed to the skies.

Qualys Announces First-Party Software Risk Management Solution

Vulcan Cyber Attack Path Graph Targets Cloud-Scale Risk Prioritization and Mitigation

Center for Cyber Safety and Education Awards $174K in Cybersecurity Scholarships

Exclusive: CISA Sounds the Alarm on UEFI Security

Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.

Global Optical Sensor Market to Reach $45.56B by 2030, Rising Demand in Consumer Electronics and IoT Applications

Instagram Flags AI-Generated Content

Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.

Iranian Company Plays Host to Reams of Ransomware, APT Groups

Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.

Iran's APT34 Hits UAE With Supply Chain Attack

The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.

Hot Topic Apparel Brand Faces Credential-Stuffing Attack

Due to the nature of the attack, Hot Topic says that it was unable to tell which accounts were accessed by legitimate users and which were accessed by threat actors, making the situation all the more difficult.

Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages

Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.

Devo and Cybermindz Partner to Address the Mental Health of Front-Line Cybersecurity Workers in the US

MEF and CyberRatings.org Partner on SASE Certification Program

Forescout's Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management

Nile Raises $175M Series C Funding to Redefine Enterprise Networks

Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.

Space Pirates Train Cyber Sabers on Russian, Serbian Organizations

The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks.

Lessons Not Learned From Software Supply Chain Attacks

Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.

CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security

A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug — with severe threat of lateral movement, CISA warns.

Why the California Delete Act Matters

Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.