Overtaxed State CISOs Struggle With Budgeting, Staffing

CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well.

DoJ Charges 3 Iranian Hackers in Political 'Hack & Leak' Campaign

The cyberattackers allegedly stole information from US campaign officials only to turn around and weaponize it against unfavored candidates.

Elaborate Deepfake Operation Takes a Meeting With US Senator

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

Treat Your Enterprise Data Like a Digital Nomad

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

Shadow AI, Sensitive Data Exposure & More Plague Workplace Chatbot Use

Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.

Millions of Kia Vehicles Open to Remote Hacks via License Plate

The vulnerability is the latest discovered in connected vehicles in recent years, and it points out the cyber dangers lurking in automotive APIs.

Novel Exploit Chain Enables Windows UAC Bypass

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

Top Allies Executives & Boards Should Leverage During a Cyber Crisis

It is imperative for executives and board members to know who their top allies are, and how to best leverage them to successfully navigate a crisis and minimize the harm caused by a breach.

5 Cyber Strategies Research Universities Can Adopt to Lead in Global Research

Public Wi-Fi Compromised in UK Train Stations

British Transport Police and Network Rail are investigating the incident, in which bad actors posted Islamophobic messages on the transport system's network.

Hurricane Helene Prompts CISA Fraud Warning

Beware that friendly text from the IT department giving you an "update" about restoring your broadband connectivity.

Pwn2Own Auto Offers $500K for Tesla Hacks

There will be four major categories in the 2025 retread of the hacking competition, with prizes ranging for each challenge, from $20,000 to half a million.

China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs

The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.

Third Ivanti Bug Comes Under Active Exploit, CISA Warns

Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.

How Russia, China & Iran Are Targeting US Elections

While these threats remain a valid concern, US government agencies have doubled down on their assurances to the American public that election infrastructure is secure.

Kansas Water Plant Pivots to Analog After Cyber Event

A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident.

Telegram to Share User Info With Law Enforcement in Policy Shift

The encrypted messaging service said it will share users' IP addresses and phone numbers with authorities when requested.

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

MoneyGram Goes Offline After Vague Cyber Woes

The money-transfer company is going on day four of its services being suspended.

Kaspersky Rolls Back for US Customers, Makes Way for UltraAV

Some users complain they had no idea the switch would be automatic on their devices, vowing to uninstall the unwanted antivirus software.

Mastercard's Bet on Recorded Future a Win for Cyber Threat Intel

The $2.65B buy validates the growing importance of threat intelligence to enterprise security strategies.

Target Practice: Honing Critical Skills on Cyber Ranges

Cyber ranges are a great way for cyber professionals to keep up on emerging threats and new technologies — while having a little fun.

Commerce Dept. Proposes Ban on Automotive Software & Hardware From China, Russia

After launching an investigation in February into vehicles made by foreign adversaries, the Biden administration is finally making its move in the name of national security.

Data Security Posture Management: Accelerating Time to Value

Data discovery and classification are foundational for data security, data governance, and data protection.

China's 'Earth Baxia' Spies Exploit Geoserver to Target APAC Orgs

The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippines, and South Korea.

Ivanti's Cloud Service Appliance Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).

Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

LinkedIn Addresses User Data Collection for AI Training

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

c/side Lands $6M to Combat Rising Browser Supply Chain Attacks

1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam

The first patch lets threat actors with low-level credentials still exploit the vulnerability, while the second fully resolves the flaw.

Packed With Features, 'SambaSpy' RAT Delivers Hefty Punch

Thought to be Brazilian in origin, the remote access Trojan is the "perfect tool for a 21st-century James Bond."

FCC: AT&T Didn't Adequately Protect Customers' Cloud Data

Regulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.

QR Phishing Scams Gain Motorized Momentum in UK

Criminal actors are finding their niche in utilizing QR phishing codes, otherwise known as "quishing," to victimize unsuspecting tourists in Europe and beyond.

Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data

Despite security updates to protect data, 45% of total enterprise instances of the cloud-based IT management platform leaked PII, internal system details, and active credentials over the past year.

'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.

RT News Hosted Russian Cyber Spy Unit, US Says

US State Department warns that Kremlin-backed media outlets in democracies around the world are hiding Russian cyber spies and actively working to sow discord.

Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets

Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.

Cambodian Tycoon Sanctioned for Forced Cyber Labor, Trafficking

The sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.

Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised

Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.

Name That Toon: Tug of War

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Cybersecurity & the 2024 US Elections

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact.

Cloud-Native Network Security Up 17%, Hardware Down 2%

NFL Teams Block & Tackle Cyberattacks in a Digital World

As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas.

US Army Selects QuSecure Solution for 'Enhanced Post-Quantum Cryptography Suite for Tactical Networks' Project

SCADA Market Is Set to Reach $18.7B by 2031

Amateurish 'CosmicBeetle' Ransomware Stings SMBs in Turkey

With an immature codebase and a "rather chaotic encryption scheme" prone to failure, the group targets small businesses with custom malware.

Dark Reading Expands Its Coverage to the Asia-Pacific Region

The latest step in a journey to serve cybersecurity professionals in other regions of the world.

Xiphera Develops Quantum-Resilient Hardware Security Solutions for Space

Microsoft Discloses 4 Zero-Days in September Update

This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

Sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

Cyber Staffing Shortages Remain CISOs' Biggest Challenge

Besides operational issues connected to a talent shortage, the cost of running security platforms — and their training costs — also keeps CISOs up at night.

Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets

A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.

10 Writing Tips for Cybersecurity Professionals

It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills.

Akira Ransomware Actors Exploit SonicWall Bug for RCE

CISA has added CE-2024-40766 to its Known Exploited Vulnerabilities catalog.

300K Victims' Data Compromised in Avis Car Rental Breach

Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed.

How to Establish & Enhance Endpoint Security

Endpoint security has been around for decades, but changes in device use and the quick evolution of new attacks have triggered the development of new security techniques.

'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers

The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.

FreeBSD Gets €686,400 to Boost Security Features

The funds from Germany’s Sovereign Tech Fund will be used to integrate security features such as zero trust capabilities and tools for software bill of materials.

CISA Flags ICS Bugs in Baxter, Mitsubishi Products

The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.

Commercial Spyware Use Roars Back Despite Sanctions

Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.

Malvertising Campaign Builds a Phish for Lowe's Employees

Retail employees are being duped into divulging their credentials by typosquatting malvertisements.

China's 'Earth Lusca' Propagates Multiplatform Backdoor

The malware, KTLVdoor, has already been found on more than 50 command-and-control servers and enables full control of any environment it compromises.

Biden Admin Files Charges Against Election Meddlers From Russia

Working with the Treasury and Justice departments, the president has sanctioned anti-democratic Russian adversaries.

Open-Source Tool Allows Voters to Verify Election Results

The ElectionGuard project allows anyone — voters, campaign staffers, and election officials — to cryptographically verify ballots, a promise which may bolster faith in election integrity.

Indian Army Propaganda Spread by 1.4K AI-Powered Social Media Accounts

For three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X.

'Revival Hijack' on PyPI Disguises Malware with Legitimate File Names

Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.

FBI: North Korean Actors Readying Aggressive Cyberattack Wave

Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.

Name That Edge Toon: Bug Off

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

City of Columbus Sues Researcher After Ransomware Attack

The city filed for a restraining order, claiming the researcher was working in tandem with the ransomware attackers.

Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant

The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.

Evolving NPM Package Campaign Targets Roblox Devs, For Years

Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.

BlackCat Spinoff 'Cicada3301' Uses Stolen Creds on the Fly, Skirts EDR

Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better.

Improved Software Supply Chain Resilience Equals Increased Security

Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack.

Ransomware Gangs Pummel Southeast Asia

Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year.