Dark Reading
Shift to Memory-Safe Languages Gains Momentum
Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.
ASM Can Fill Gaps While Working to Implement SBOM
If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.
Cambridge Centre for Risk Studies and Kivu Release Benchmark of Cost-Effective Responses to Cybercrime
Google Chrome Flaw Added to CISA Patch List
CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.
Russia Readies Winter Cyberattacks As Troops Retreat From Ukraine
Microsoft warns that the Kremlin is ramping up cyberattacks against infrastructure and supply chains and starting disinformation campaigns as Russian troops lose on the battlefield.
What Will It Take to Secure Critical Infrastructure£
There's no quick fix after decades of underinvestment, but the process has started. Cybersecurity grants, mandatory reporting protocols, and beefed-up authentication requirements are being put in place.
Name That Edge Toon: Not Your Average Bear
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
Intellicene Brand Launches After Completion of Acquisition by Volaris Group
Global security technology provider with 20+ years of experience embraces the next evolution of its business with refreshed brand and invigorated leadership.
Hardening Identities With Phish-Resistant MFA
Extending multifactor authentication to include device identity assurance offers more authentication confidence than what multiple user-identity factors can by themselves.
Applying the OODA Loop to Cybersecurity and Secure Access Service Edge
Organizations can best defend themselves on the cyber battlefield by adopting a military-style defense.
Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs
Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.
AlgoSec Acquires Prevasio To Disrupt Agentless Cloud Security Market
Organizations of all sizes can now protect their cloud-native applications easily and cost-effectively across containers and all other cloud assets.
Machine Learning Models: A Dangerous New Attack Vector
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
Wiper, Disguised as Fake Ransomware, Targets Russian Orgs
The program, dubbed CryWiper, is aimed at Russian targets; it requests a ransom but has no way to decrypt any overwritten files.
Hive Social Buzzing With Security Flaws, Analysts Warn
Twitter alternative Hive Social took down its servers after researchers discovered several critical vulnerabilities.
Cybersecurity Should Focus on Managing Risk
Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimizing the greatest risks.
Cyberattack Shuts Down French Hospital
Patients transferred and operations canceled following a recent network breach at a hospital in the outskirts of Paris.
The New External Attack Surface: 3 Elements Every Organization Should Monitor
In short, the global Internet is now part of your external attack surface. Here’s how to better protect your users and data.
Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care
The comprehensive zero trust security solution for medical devices lets healthcare organizations automate zero trust policy recommendations and manage new connected technologies quickly and securely.
OpenSSF Membership Exceeds 100, With Many New Members Dedicated to Securing Open Source Software
Introduces a "Developing Secure Software" training course in Japanese at OpenSSF Day Japan.
Infostealer Malware Market Booms, as MFA Fatigue Sets In
The successful combo of stolen credentials and social engineering to breach networks is increasing demand for infostealers on the Dark Web.
The Privacy War Is Coming
Privacy standards are only going to increase. It's time for organizations to get ahead of the coming reckoning.
Ransomware Professionalization Grows as RaaS Takes Hold
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.
Malware Authors Inadvertently Take Down Own Botnet
A single improperly formatted command has effectively killed KmsdBot botnet, security vendor says.
Concern Over DDoS Attacks Falls Despite Rise in Incidents
Almost a third of respondents in Fastly's "Fight Fire with Fire" survey view data breaches and data loss as the biggest cybersecurity threat.
SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking
A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.
Newsroom Sues NSO Group for Pegasus Spyware Compromise
Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.
Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech
Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.
SOC Turns to Homegrown Machine Learning to Catch Cyber Intruders
A do-it-yourself machine learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.
A Risky Business: Choosing the Right Methodology
Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.
AWS Unveils Amazon Security Lake at re:Invent 2022
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.
LastPass Discloses Second Breach in Three Months
The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
Is MFA the Vegetable of Cybersecurity£
Multifactor authentification is crucial for creating a healthy cybersecurity posture, but many companies are slow to adopt.
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands
As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
Of Exploits and Experts: The Professionalization of Cybercrime
No longer the realm of lone wolves, the world of cybercrime is increasingly strategic, commoditized, and collaborative.
Guidehouse Insights Anticipates Market for Automotive Cybersecurity Solutions Will Grow to More Than $445 Billion by 2031
Market drivers include new regulations, increasing automobile complexity, and new vehicle types.
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall
Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.
Phylum Expands Its Software Supply Chain Security Capabilities, Introduces Automated Vulnerability Reachability
Know what you need to fix today and what you don’t.
CI Fuzz CLI Brings Fuzz Testing to Java Applications
CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.
Nvidia GPU Driver Bugs Threaten Device Takeover & More
If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.
Google TAG Warns on Emerging Heliconia Exploit Framework for RCE
The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.
How Banks Can Upgrade Security Without Affecting Client Service
New protective measures work behind the scenes, with little impact on the customer experience.
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days
Signal messaging app zero-day vulnerabilities have sparked a $1.5M bidding match, as gray-market exploit brokers flourish in today's geopolitical climate.
SPHERE Receives $31M for Series B Funding From Edison Partners, Forgepoint Capital
New investment will accelerate growth and expansion of SaaS identity-hygiene platform.
The Evolution of Business Email Compromise
The simplicity and profitability of these attacks continue to appeal to threat actors a decade later.
API Secrets: Where the Bearer Model Breaks Down
Current authentication methods are based on the bearer model, but lack of visibility into the entities leveraging API secrets has made this untenable.
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.
Identity Digital Releases Its First DNS Anti-Abuse Report
The quarterly report, made possible by its Dynamic Defense™ service, demonstrates significant progress in mitigating domain abuse among its top-level domains (TLDs).
Delinea Introduces Granular Privileged Access Controls on Servers
New functionality further reduces the risk of lateral movement.
CyberRatings.org Revives NSS Labs Research
The NSS Labs archive, available with free registration, consists of over 800 test reports, analyst briefs, and research published by NSS Labs from 2013 — 2020.
Connect the Dots with Genetic Algorithms on CNAPP
Cloud-native application protection platforms can apply machine-learning algorithms on cloud data to identify accounts with abnormal permissions and uncover potential threats.
Microsoft Defender Gets New Security Protections
The new Microsoft Defender for Endpoint capabilities include built-in protection and scanning network traffic for malicious activity.
How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape
Organizations must be prepared to root out bad actors by any means possible, even if it means setting traps and stringing lures.
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw
The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.
Oracle Fusion Middleware Flaw Flagged by CISA
The bug could allow unauthorized access and takeover, earning it a spot on the Known Exploited Vulnerabilities Catalog.
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
Expect to see attackers expand their use of current consumer-targeting tactics while exploring new ways to target Internet users — with implications for businesses.
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.
Why the Culture Shift on Privacy and Security Means Today's Data Looks Different
A lack of federal regulatory legislation leaves US privacy concerns to battle for attention with other business priorities.
CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%
.
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.
Nok Nok and UberEther Partner to Deliver Phishing-Resistant MFA FedRAMP-Certified IAM Solutions
Nok Nok’s S3 Suite brings next-level MFA to UberEther’s IAM Advantage Platform to protect the US federal government and its suppliers.
CISA's Strategic Plan Is Ushering in a New Cybersecurity Era
Today's cyber environment requires less emphasis on detection and perimeter defenses and more focus on bolstering security with resilience.
Cybersecurity and ESG Among Top Areas of Concern for Audit Leaders in 2023
.
9 Out of 10 Security Leaders State That Control Failures Are the Primary Reason For Data Breaches
Senior cybersecurity professionals reveal their number one frustration is the inability to continuously measure enterprise-wide security posture and identify control failures.
What Every Enterprise Can Learn From Russia’s Cyber Assault on Ukraine
Once isolated occurrences, nation-state attacks are now commonplace; security professionals should know the elements of defense.
How the Cloud Changed Digital Forensics Investigations
The enterprise's shift to the cloud means digital forensics investigators have had to adopt new remote techniques and develop custom tools to uncover and process evidence off compromised devices.
Cybersecurity Consolidation Continues, Even as Valuations Stall
Financing and acquisitions are trending toward smaller deals, which means fewer high-valuation purchases and funding, but likely fewer post-merger layoffs as well.
Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign
More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
Global Cyber-Enforcement Op Nets $130M, Says Interpol
A worldwide operation aimed at curtailing fraud has led to the arrest of 975 suspects and the seizure of nearly $130 million, as Interpol expands its efforts and brings new tools to its investigations.
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign
The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.
$275M Fine for Meta After Facebook Data Scrape
Meta has been found in violation of Europe's GDPR rules requiring the social media giant to protect user data by "design and default."
KnowBe4 Launches New Mobile Learner App for Cybersecurity Learning
KnowBe4 empowers end users by introducing security awareness and compliance training on the go at no additional cost.
NanoLock Brings Built-In Meter-Level Cybersecurity to Renesas Customers
The DLMS-compatible, zero-trust meter-level security is built into the Renesas smart meter solutions, enabling smart meter manufacturers to get to market faster with built-in advanced security solutions.
Bring Your Own Key — A Placebo£
BYOK was envisioned to reduce the risk of using a cloud service provider processing sensitive data, yet there are several deficiencies.
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal
A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.
For Gaming Companies, Cybersecurity Has Become a Major Value Proposition
New users and monetization methods are increasingly profitable for gaming industry, but many companies find they have to stem growth in cheats, hacks, and other fraud to keep customers loyal.
How Development Teams Should Respond to Text4Shell
Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next.
Why Africa's Telecoms Must Actively Collaborate to Combat Fraud
Unique conditions contribute to outsized telecom fraud across the continent, but working together can bring solutions.
'Patch Lag' Leaves Millions of Android Devices Vulnerable
Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend.
Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors
The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps.
Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
Penetration Testing Market Size Is Projected to Reach $5.28B Globally by 2028
Fueling the trend are the rising adoption of cloud computing solutions, technology advancements, stricter data safety regulations, and the move to digitalization, says Brandessence Market Research.
Where Are We Heading With Data Privacy Regulations£
New laws have made the current US privacy landscape increasingly complex.
Cybersecurity Pros Put Mastodon Flaws Under the Microscope
As the open source social media network grabs the spotlight as a Twitter replacement, researchers caution about vulnerabilities.
Adversarial AI Attacks Highlight Fundamental Security Issues
An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.
Ducktail Cyberattackers Add WhatsApp to Facebook Business Attack Chain
The Vietnam-based financial cybercrime operation's primary goal is to push out fraudulent ads via compromised business accounts.
DraftKings Account Takeovers Frame Sports-Betting Cybersecurity Dilemma
Cybercrooks have drained DraftKings accounts of $300K in the past few days thanks to credential stuffing, just as the 2022 FIFA World Cup starts up.
Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations
To get the full picture, companies need to look into the cybersecurity history and practices of the business they're acquiring.
How Work From Home Shaped the Road to SASE for Enterprises
As SASE adoption grows, with its allure of simplified protection via one network and security experience for hybrid workers, remember: Have an overall plan, integrate and migrate to scale usage, and start small.
Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps
Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks
Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks.
How Tech Companies Can Slow Down Spike in Breaches
Cybercrime continues to evolve — and shows no signs of slowing down.
Hack The Box Launches Annual University CTF to Inspire Next Generation of Security Professionals
.
CybeReady Releases Five Easy Tips to Shop Safely During Black Friday
Safe shopping guidance coupled with new CISO tool to help safeguard personal data and corporate networks.
FIDO Alliance Announces Authenticate Virtual Summit Focused on Securing IoT
Industry experts to share insights into how FIDO and related technologies can bring password-less authentication to IoT.
Two Estonian Citizens Arrested in $575 Million Cryptocurrency Fraud and Money Laundering Scheme
.
Identity Security Needs Humans and AI Working Hand in Hand
In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.
Feed Fetched by RSS Dog.