‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections

The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.

Palo Alto Networks Closes Talon Cybersecurity Acquisition

The Talon acquisition extends Palo Alto Networks' best-in-class SASE solution to help protect all managed and unmanaged devices.

I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions

As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024.

UAE Banks on AI to Boost Cybersecurity

The federation has formed partnerships to aid its cybersecurity ambitions as well, but aging legacy systems and a talent gap leave the UAE vulnerable to cyber-risks.

In Cybersecurity and Fashion, What's Old Is New Again

What a recent rise in DDoS attacks portends — and how to prepare for 2024.

Skynet Ahoy? What to Expect for Next-Gen AI Security Risks

The innovation that ChatGPT and other LLMs demonstrate is a good thing, but safeguards and other security frameworks must keep pace.

Saudi Arabia Strengthens Its Cybersecurity Posture

The country is facing a skills shortage and increased attacks, but its cyber plans are rapidly developing.

How Cybercriminals Will Sway 2024 US Elections, Or Try To

"Coordinated inauthentic behavior" networks are already attempting to build up audiences for their campaigns via fake news outlets, social media platforms, and other avenues.

AI, Supply Chain Are Fertile Areas for Cybersecurity Investment

Cybersecurity continues to be a growing sector, but a lot of investment funding is gravitating toward supply chain security and artificial intelligence (AI) for solving a range of security problems.

Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024

Political and economic motivations impel nation-state and independent hackers, while the European Union strives to keep its members secure and prepared.

Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers

Unreasonable requirements, low salaries, and a lack of commitment to training leaves businesses unable to hire their perfect cybersecurity pros. So, is there really a workforce "shortage"?

GenAI Tools Will Permeate All Areas of the Enterprise

Many departments and groups see the benefits of using generative AI tools, which will complicate the security teams' job of protecting the enterprise from data leaks and compliance and privacy violations.

Security Pros Grapple With Ways to Manage GenAI Risk

Security professionals in Dark Reading's latest survey are well aware of the risks posed by generative AI in their organizations, but questions remain on what strategies to employ.

African Organizations Aim to Fix Cybersecurity in 2024

The continent suffers $3.5 billion in losses every year, lending momentum to efforts to train a generation of cybersecurity professionals.

Cisco Bets Big on Multicloud Security With Isovalent Deal

Cisco says Isovalent will help expand the capabilities of Security Cloud, an AI-driven, cloud-delivered, integrated security platform.

Google Releases Eighth Zero-Day Patch of 2023 for Chrome

CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser's WebRTC component.

Strengthening Resilience: Navigating the Cybersecurity Landscape

The significance of cybersecurity resilience has never been higher as we grow more reliant on digital infrastructure.

New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes

In the first half of 2022, intercepted emails represented 10% of total correspondences, rising to almost 18% during the same period in 2023.

Russian Water Utility Hacked in Retaliation for Kyivstar Hit

Moscow's Rosvodokanal water-management company was ransacked by Ukraine-aligned Blackjack group, with reports that the company's IT infrastructure was "destroyed."

8 Strategies for Defending Against Help Desk Attacks

The help desk is under siege from AI-based and other attacks. Next-gen tactics call for in-depth cyber-defense strategies.

Black Hat Europe 2023 Closes on Record-Breaking Event in London

Defiant BlackCat Gang Stands Up New Site, Calls for Revenge Attacks

Ransomware group tries to claw back operations following FBI disruption, and lifts a previous ban on attacks against critical infrastructure in retaliation.

Physical Access Systems Open Cyber Door to IT Networks

Besides unlocking supposedly secure doors, a man-in-the-middle cyberattack on physical access controllers can enable ransomware, data theft, and more.

Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs

Seedworm, aka MuddyWater, drops PowerShell-based malware on victims using living-off-the-land techniques.

Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected

A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Attackers can chain the vulnerabilities to gain full remote code execution.

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.

Why I Chose Google Bard to Help Write Security Policies

Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually.

ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director

Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them?

Zoom's Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?

Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

Attackers can spoof millions of email addresses to create targeted phishing attacks using flaws in Microsoft, GTX, and Cisco Secure Email Gateway servers.

Name That Toon: Just for Kicks

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Pro-Israeli Hacktivists Attack Iranian Gas Stations

Iranian officials blame a software issue for the "disruption" to gasoline pumps.

Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round

Xeol's technology secures an organization’s end-of-life software.

Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets

Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets.

Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines

The multifaceted malware leverages the NKN blockchain-based peer-to-peer networking protocol, operating as both a sophisticated backdoor and a flooder launching DDoS attacks.

In Appreciation: ESET Founder Rudolf Hruby Passes Away

Cybersecurity pioneer and soccer fan Rudolf Hruby was a prominent business figure in post-independence Slovakia.

Stamus Networks Supports NATO Red Teaming Cyber Exercise for the Fifth Consecutive Year

Twelfth annual Crossed Swords will see Stamus Networks share expertise and technology to develop and test the capabilities and practical skills of participants

BlackBerry Appoints John Giamatteo as CEO

Company to pursue full separation of IoT and cybersecurity business units.

BT and Netskope Partner to Provide Secure Managed Services

Communicating with Impact: Tips for Discussing Cybersecurity Metrics with Boards

Metrics have a place when it comes to reporting on organizational security and risk management, but effectively communicating their relevance to the board in the context of the overall security story is more important than simply reporting on the raw numbers.

MITRE Debuts ICS Threat Modeling for Embedded Systems

EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them.

Attackers Target Microsoft Accounts to Weaponize OAuth Apps

After compromising Azure and Outlook user accounts, threat actors are creating malicious apps with high privileges to conduct cryptomining, phishing, and password spraying.

Hacktivists Interrupt UAE TV Streams With a Message About Gaza

The root cause may lie in set-top boxes run by a questionable service provider.

BT and Netskope Partner to Provide Secure Managed Services

Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores

There's a new way for hackers to abuse the cloud, this time with data analysts and scientists in the crosshairs.

Biden's AI Exec Order Is a Start, but We Must Safeguard Innovation

It's important for Congress to strengthen protections for AI and set guardrails to make sure it isn't used maliciously.

Libyan Government Trains Personnel in Electoral Cyber Threats

The UN is helping Ministry of Interior staff implement cybersecurity best practices, as talks continue about scheduling a parliamentary election in the coming months.

Cybercrime Orgs Increasingly Use Human Trafficking to Staff Scam Mills

Interpol breaks up Southeast Asian cybercrime rings, rescuing 149 victims of human trafficking, but the agency warns the human cost of cybercrime is mounting across the globe.

Convincing LinkedIn 'Profiles' Target Saudi Workers for Information Leakage

Social engineering attacks in the Kingdom collect information on professionals — and offer fake profiles for sale.

Ghana Official to Head Africa's New Cybersecurity Authority

ANCA comprises 17 members, representing less than half of the countries in Africa.

Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs

Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups.

Responsibly Implementing AI, the Unstoppable Force

Balancing the good and bad of AI/ML means being able to control what data you're feeding into AI systems and solving the privacy issues to securely enable generative AI.

ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related

Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.

Making Cyber Insurance Available for Small Biz, Contractors

Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks.

Municipalities Face a Constant Battle as Ransomware Snowballs

As record-breaking volumes of ransomware hit cities, towns, and counties this year, municipalities remain easy targets that pay, and there's no end of the attacks in sight.

Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug

State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.

'HeadCrab' Malware Variants Commandeer Thousands of Servers

New techniques in a second variant of the malware improved functionality and communication commands.

As SAT Goes Digital, Schools Must Prepare for Disruption

Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024.

Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms

A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal.

US Navy Ship Builder Says No Classified Info Leaked in Cyberattack

Austul USA, a military contractor, alerts law enforcement it quickly mitigated a recent cyberattack on its systems and that an investigation is ongoing.

Vulns in Android WebView, Password Managers Can Leak User Credentials

Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.

UK Cyber CTO: Vendors' Security Failings Are Rampant

The NCSC's Ollie Whitehouse criticizes security vendors for actively working against organizations in their fight against breaches and ransomware.

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.

SpyLoan Malicious App Downloaded 12M+ Times in Google Play

The fake financial app tricks users into signing up for high-interest payments, only to steal their information and blackmail them.

Q&A: Lessons Learned From the Middle East's National Cyber Drills

Suleyman Ozarslan, co-founder of Picus Security, discusses critical-infrastructure cyber drills in the region, who runs them, and what happens to the results.

Hackers Claim to Breach Israeli Defense Force Medical Data

The Malek Team, which previously hit a private college in Israel, claims responsibility for a hack of Israel's Ziv Medical Center.

Meta AI Models Cracked Open With Exposed API Tokens

Researchers at Lasso found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations.

23andMe: Data Breach Was a Credential-Stuffing Attack

The DNA testing company believes that the attack has now been contained and is notifying impacted individuals.

Pro-Iran Attackers Access Multiple Water Facility Controllers

Multiple agencies warn that attackers have been active since Nov. 22, targeting operational technology (OT) across the US.

Name That Edge Toon: On Your Mark...

Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Cybersecurity is a Team Sport

Enterprise security goes beyond tech leadership, and beyond the CISO's office. Achieving cybersecurity and resilience is a team effort, and requires building a culture of security awareness. 

Establishing New Rules for Cyber Warfare

Why we should applaud the Red Cross's efforts, even if they likely won't work.

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Hundreds of consumer and enterprise-grade x86 and ARM devices from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.

Japan's Space Program at Risk After Microsoft Active Directory Breach

The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.

Emirates CISOs Flag Rampant Cybersecurity Gaps

UAE security leaders warn that people, tech, and process gaps are exposing their organizations to cybercrime.