| Dark Reading |
|---|
| Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students |
| $10,000 to be awarded annually for four years each by Optiv’s Black Employee Network. |
| Microsoft-Signed Rootkit Targets Gaming Environments in China |
| FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process. |
| Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges |
| Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain. |
| MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services |
| Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies. |
| CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations |
| Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs. |
| Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme |
| Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme. |
| Google: Phishing Campaign Targets YouTube Creators |
| The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum. |
| Removing Friction for the Enterprise With Trusted Access |
| Our work lives are supposed to be simpler and easier because of technology. At least that’s the promise. |
| Passwordless Is the Future … but What About the Present£ |
| Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits — and drawbacks — to users. |
| The Ransomware Payment Dilemma: Should Victims Pay or Not£ |
| It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect. |
| JavaScript Packing Found in More Than 25% of Malicious Sites |
| Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them. |
| Deepfake Audio Scores $35M in Corporate Heist |
| A combination of business email compromise and deepfake audio led a branch manager to transfer millions to scammers, in a case that serves as a warning to organizations. |
| Penetration Testing in the Cloud Demands a Different Approach |
| Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments. |
| Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign |
| LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns. |
| Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises |
| Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million. |
| Enterprise Cybersecurity Strategies Are Getting More Attention |
| Data in Dark Reading's "2021 Strategic Security Survey" report suggest organizations are taking the security challenge seriously. |
| Query.ai Closes $15M Series A for Security Investigations Tool |
| The funding will support product development for Query.AI's browser-based security investigations tool. |
| Keysight Technologies Acquires SCALABLE Network Technologies |
| Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio. |
| 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored |
| Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats. |
| CrowdStrike Invests in Microsoft AD Competitor JumpCloud |
| Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others. |
| Candy Corn Maker Hit With Ransomware |
| Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands. |
| Name That Toon: Bone Dry |
| Feeling creative£ Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. |
| Privacy Management for Microsoft 365 Now Generally Available |
| The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments. |
| Winners Announced for 2021 Infosec Inspire Security Awareness Awards |
| Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs. |
| Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors |
| Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion. |
| Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster |
| Achieves 8x growth in last three quarters, and raises $70M in less than 18 months. |
| Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency |
| Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service. |
| The Simmering Cybersecurity Risk of Employee Burnout |
| Why understanding human behavior is essential to building resilient security systems. |
| Damages Escalate Rapidly in Multiparty Data Breaches |
| Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage. |
| 7 Cross-Industry Technology Trends That Will Disrupt the World |
| Recent McKinsey analysis examines which technologies will have the most momentum in the next 10 years. These are the trends security teams need to know to protect their organizations effectively. |
| FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream |
| New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies. |
| Group With Potential Links to Iranian Threat Actor Resurfaces |
| The Lyceum group has previously been linked to attacks on targets in the Middle East. |
| Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud |
| As retailers roll out more fulfillment options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud. |
| NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware |
| Ransomware has become a "national security issue," NSA director said. |
| (ISC)² Plans Entry-Level Certification for Aspiring Security Pros |
| The certification aims to help new entrants to the security field with professional development and career paths early on. |
| Sinclair Broadcast Group Confirms Ransomware Attack |
| The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack. |
| In Cyberwar, Attribution Can Be Impossible — and That's OK |
| Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack. |
| 10 Hot Red Team Tools Set to Hit Black Hat Europe |
| The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros. |
| China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes |
| China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup. |
| Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move |
| Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers. |
| How Attackers Hack Humans |
| Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka. |
| 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks |
| Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system. |
| Evolution Equity Partners Close $400M for Cybersecurity Investments |
| The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity. |
| From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor |
| Why a passion for helping people is key to delivering effective cybersecurity solutions. |
| How AI Can Stop Zero-Day Ransomware |
| Ransomware attacks are unpredictable. AI is better at figuring out what looks malicious and abnormal than humans will ever be. |
| Enterprise Data Storage Environments Riddled With Vulnerabilities |
| Many organizations are not properly protecting their storage and backup systems from compromise, new study finds. |
| Increased Security Spending to Support Distributed Workforce |
| Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies. |
| Deepfence Announces Open Source Availability of ThreatMapper |
| Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage. |
| US Water and Wastewater Facilities Targeted in Cyberattacks, Feds Warn |
| CISA, FBI, and NSA issue advisory and defense practices to help these utilities thwart "ongoing" threats targeting IT and OT networks. |
| Praetorian Launches Snowcat Tool for Istio |
| Snowcat is the world's first static analysis tool dedicated to Istio. |
| Digging Deep Into the Top Security Certifications |
| When it comes to technical certifications, which ones pay off so you can get that infosec job or more money for the one you're already doing£ |
| Open Source Security Foundation Raises $10M |
| Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden's executive order and commit to a more secure future for software. |
| The Human Element Is the Weakest Link |
| While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours. |
| How Security Teams Can Reinforce End-User Awareness |
| Training programs provide the information, but security teams can reinforce these for better end-user education. |
| 6 Lessons From the Expiration of the Let's Encrypt Root Certificate |
| Fallout from the transition highlights the need for organizations to monitor and have processes for updating CA roots, experts say. |
| Fugue Adds Kubernetes Security Checks to Secure Infrastructure-as-Code |
| Developers can apply proper security controls as they programmatically deploy Kubernetes clusters. |
| SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks |
| Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs. |
| What Does a Chief Product Security Officer Do£ |
| A CPSO bridges the gap between developers and security to ensure products are built securely and safely. |
| VirusTotal Shares Data on Ransomware Activity |
| Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half. |
| Are You Ready for the Privacy Laws Tsunami£ |
| Think PCI, HIPAA, and GDPR compliance is tough£ There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design. |
| Corelight Unveils Corelight Labs, a Hub for Research and Innovation |
| Company expands its research expertise with addition of AI and security operations experts from its PatternEx acquisition to the Labs team. |
| Worried Over Antitrust Debate, Apple Talks Sideloading Dangers |
| Apple argues in a position paper that sideloading apps poses a major security threat to its users, as many lawmakers and technologists criticize its App Store as a monopoly. |
| A Close Look at Russia's Ghostwriter Campaign |
| The group, which conducts espionage and sows disinformation, is larger than previously thought and has shifted tactics. |
| Microsoft Fixes Zero-Day Flaw in Win32 Driver |
| A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns. |
| New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted |
| Encryption startup Vaultree aims to give companies the ability to work with fully encrypted data in the cloud. |
| Former Director of IT and Cybersecurity for Warren Presidential Campaign Launches Personified |
| Founder and CEO Mike Marotti will lead experts in campaign security to help progressive politicians and organizations with cybersecurity and IT needs. |
| High-Profile Breaches Are Shifting Enterprise Security Strategy |
| Increased media attention is driving changes in enterprise security strategy -- some positive, some negative. |
| New CrowdXDR Alliance Defines Data Exchange Standard for XDR |
| Google Cloud, Okta, ServiceNow, Zscaler, Netskope, Proofpoint, Extrahop, Mimecast, Claroty, and Corelight have joined the coalition. |
| Smaller 'Bit and Piece' DDoS Attacks Slam Servers to Evade Mitigation Systems |
| Nearly all DDoS attacks in the first half of 2021 were less than 1 Gbps, Nexusguard found. |
| Why Choke-Point Analysis Is Essential in Active Directory Security |
| Defense should focus on high-value choke points first to ensure that their most critical assets are protected, before moving on to deal with other attack paths. |
| Google Launches Security Advisory Service, Security to Workspaces |
| Internet giant aims to help companies use the cloud securely and adds more security features to its productivity workspaces to better compete with Microsoft. |
| Palo Alto Networks to Transfer Stock Exchange Listing to Nasdaq |
| Palo Alto Networks anticipates meeting the requirements for inclusion in the NASDAQ-100 index when it rebalances in December. |
| Oracle Cloud Joins ONUG Collaborative |
| ONUG Collaborative welcomes new members including Oracle Cloud, Sysdig, Wiz, Intuit, Adobe, Qualys, and F5. |
| Kaspersky Updates Industrial Cybersecurity Service |
| Kaspersky Industrial CyberSecurity unlocks centralized management and visibility across entire OT infrastructure. |
| RealDefense Completes Fourth Cyber Security Acquisition; Adds STOPzilla to Its Portfolio |
| RealDefense holding company seeks to acquire additional security companies and brands through partnership with Corbel Capital Partners. |
| Not Hitting Your Security KPIs£ Get the Whole Business Involved |
| CISOs can deliver better outcomes and get the support they need by linking security processes to business results. |
| Overly Complex IT Infrastructures Pose Security Risk |
| Cybersecurity budgets are set to increase in 2022, but companies worry that complex IT networks and data infrastructure are wasting money, new PwC survey finds. |
| 7 Smart Ways a Security Team Can Win Stakeholder Trust |
| By demonstrating the following behaviors, security teams can more effectively move their initiatives forward. |
| Wiz Reaches $6B Valuation |
| Startup created by former leaders of Microsoft Cloud Security Group experiencing rapid growth. |
| Handling Threat Intelligence Across Billions of Data Points |
| Graph databases can play a role in threat intelligence and unraveling sprawling data. |
| Forcepoint to Acquire Bitglass |
| Deal will merge Bitglass's security service edge technology with Forcepoint’s SASE architecture. |
| IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities |
| Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls. |
| The 5 Phases of Zero-Trust Adoption |
| Zero trust aims to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data. |
| Applying Behavioral Psychology to Strengthen Your Incident Response Team |
| A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs. |
| Continuous Authentication Tech Looms Large in Deployment Plans |
| Security leaders are interested in continuous authentication technologies, especially behavioral-based capabilities. |
| North American Orgs Hit With an Average of 497 Cyberattacks per Week |
| A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began. |
| 'FontOnLake' Malware Family Targets Linux Systems |
| Researchers report that the location of its C2 server and the countries where samples were uploaded may indicate targets include Southeast Asia. |
| 71% of Security Pros Find Patching to be Complex and Time Consuming, Ivanti Study Confirms |
| Challenges with lack of time and vulnerability and patching prioritization are putting organizations at increased risk of cyberattacks. |
| Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks |
| CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate. |
| Hardware Bolsters Medical Device Security |
| New microprocessor technologies like secure enclaves and cryptography acceleration enable hardware to better safeguard medical devices. |
| Microsec.ai Launches Solution to Deliver Agentless Runtime Protection for Multi-cloud Infrastructure as a Service |
| Continuous monitoring of network traffic, data loss prevention, and responsive self-healing protection from threats to cloud-native applications. |
| HP Extends Security Features to Work-from-Home Devices |
| HP aims to let admins secure work-from-home endpoints by extending cloud security management that can remotely track, detect and self-heal remote company devices -- including printers. |
| Microsoft: 58% of Nation-State Cyberattacks Come From Russia |
| A wealth of Microsoft data highlights trends in nation-state activity, hybrid workforce security, disinformation, and supply chain, IoT, and OT security. |
| What Are Some Red Flags in a Vendor Security Assessment£ |
| The last thing you want is a vendor that lies to you about its security practices. |
| CyberArk Leads the PAM Omdia Universe |
| With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored. |
| Rapid RYUK Ransomware Attack Group Christened as FIN12 |
| Prolific ransomware cybercrime group's approach underscores a complicated, layered model of cybercrime. |
| Former Google Employees Launch Supply Chain Security Startup |
| Chainguard aims to make the software supply chain secure by default as supply chain-focused attacks continue to rise. |
| New Kaspersky Service Delivers Cyberthreat Insights on Request |
| Kaspersky's new Ask the Analyst service will allow businesses to reach out to the company's researchers for their opinions and guidance on cyberthreats and security issues. |
| New Regulations Are Coming — Get a Handle on Your App Portfolio |
| With the realization that any app could be a gateway for a larger attack, there will be more pressure than ever on companies to fully protect their entire application landscape. |
| What the CEO Saw: Colonial Pipeline, Accellion Execs Share Cyberattack War Stories |
| CEOs of the two breached companies said their priorities instantly shifted to joining the response efforts when they first learned of attacks on their systems. |