Category: darkreading
-
How CISOs Can Communicate With Their Boards Effectively
How CISOs Can Communicate With Their Boards Effectively With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable. Harold Rivas Go to gbhackers.com
-
Middle East Cyberwar Rages On, With No End in Sight
Middle East Cyberwar Rages On, With No End in Sight Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
LockBit Ransomware Developer Arrested in Israel
LockBit Ransomware Developer Arrested in Israel Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit’s RaaS activities, dating back to the ransomware gang’s origins. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
How to Protect Your Environment from the NTLM Vulnerability
How to Protect Your Environment from the NTLM Vulnerability This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability. Roy Akerman Go to gbhackers.com
-
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
US Ban on TP-Link Routers More About Politics Than Exploitation Risk While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company’s popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing. Robert Lemos, Contributing Writer Go to gbhackers.com
-
How Nation-State Cybercriminals Are Targeting the Enterprise
How Nation-State Cybercriminals Are Targeting the Enterprise Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort. Adam Finkelstein Go to gbhackers.com
-
Managing Threats When Most of the Security Team Is Out of the Office
Managing Threats When Most of the Security Team Is Out of the Office During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls. Joan Goodchild Go to gbhackers.com
-
OT/ICS Engineering Workstations Face Barrage of Fresh Malware
OT/ICS Engineering Workstations Face Barrage of Fresh Malware Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Fortinet Addresses Unpatched Critical RCE Vector
Fortinet Addresses Unpatched Critical RCE Vector Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2 A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Bridging the ‘Keyboard-to-Chair’ Gap With Identity Verification
Bridging the ‘Keyboard-to-Chair’ Gap With Identity Verification Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability. Joan Goodchild Go to gbhackers.com
-
CISA Releases Draft of National Cyber Incident Response Plan
CISA Releases Draft of National Cyber Incident Response Plan The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident. Jennifer Lawinski Go to gbhackers.com
-
India Sees Surge in API Attacks, Especially in Banking, Utilities
India Sees Surge in API Attacks, Especially in Banking, Utilities The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Recorded Future: Russia’s ‘Undesirable’ Designation Is a Compliment
Recorded Future: Russia’s ‘Undesirable’ Designation Is a Compliment The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin’s regime. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Interpol: Can We Drop the Term ‘Pig Butchering’?
Interpol: Can We Drop the Term ‘Pig Butchering’? The agency asks the cybersecurity community to adopt “romance baiting” in place of dehumanizing language. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign
Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Wallarm Releases API Honeypot Report Highlighting API Attack Trends
Wallarm Releases API Honeypot Report Highlighting API Attack Trends Go to gbhackers.com
-
The Importance of Empowering CFOs Against Cyber Threats
The Importance of Empowering CFOs Against Cyber Threats Working closely with CISOs, chief financial officers can become key players in protecting their organizations’ critical assets and ensuring long-term financial stability. Shai Gabay Go to gbhackers.com
-
Wald.ai Launches Data Loss Protection for AI Platforms
Wald.ai Launches Data Loss Protection for AI Platforms The cybersecurity startup’s data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms. Fahmida Y. Rashid Go to gbhackers.com
-
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Thai Police Systems Under Fire From ‘Yokai’ Backdoor
Thai Police Systems Under Fire From ‘Yokai’ Backdoor Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Texas Tech Fumbles Medical Data in Massive Breach
Texas Tech Fumbles Medical Data in Massive Breach The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks. Tara Seals, Managing Editor, News, Dark Reading Go…
-
CISA Directs Federal Agencies to Secure Cloud Environments
CISA Directs Federal Agencies to Secure Cloud Environments Actions direct agencies to deploy specific security configurations to reduce cyber-risk. Go to gbhackers.com
-
Delinea Joins CVE Numbering Authority Program
Delinea Joins CVE Numbering Authority Program Go to gbhackers.com
-
Azure Data Factory Bugs Expose Cloud Infrastructure
Azure Data Factory Bugs Expose Cloud Infrastructure Three vulnerabilities in the service’s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
CompTIA Xpert Series Expands With SecurityX Professional Certification
CompTIA Xpert Series Expands With SecurityX Professional Certification Program designed to validate and sharpen cybersecurity skills for working professionals. Go to gbhackers.com
-
To Defeat Cybercriminals, Understand How They Think
To Defeat Cybercriminals, Understand How They Think Getting inside the mind of a threat actor can help security pros understand how they operate and what they’re looking for — in essence, what makes a soft target. Ben Barrontine Go to gbhackers.com
-
BlackBerry to Sell Cylance to Arctic Wolf
BlackBerry to Sell Cylance to Arctic Wolf Arctic Wolf plans to integrate Cylance’s EDR technology into its XDR platform. Fahmida Y. Rashid Go to gbhackers.com
-
Does Desktop AI Come With a Side of Risk?
Does Desktop AI Come With a Side of Risk? Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks? Robert Lemos, Contributing Writer Go to gbhackers.com
-
Citizen Development Moves Too Fast for Its Own Good
Citizen Development Moves Too Fast for Its Own Good While low-code/no-code tools can speed up application development, sometimes it’s worth taking a slower approach for a safer product. Michael Bargury Go to gbhackers.com
-
Microsoft Teams Vishing Spreads DarkGate RAT
Microsoft Teams Vishing Spreads DarkGate RAT A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
The Education Industry: Why Its Data Must Be Protected
The Education Industry: Why Its Data Must Be Protected The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment. Vichai Levy Go to gbhackers.com
-
Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs
Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs Go to gbhackers.com
-
Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution
Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution Go to gbhackers.com
-
Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn
Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Generative AI Security Tools Go Open Source
Generative AI Security Tools Go Open Source Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Test Your Cyber Skills With the SANS Holiday Hack Challenge
Test Your Cyber Skills With the SANS Holiday Hack Challenge Open to players of all skill levels, the “Snow-mageddon” cybersecurity competition is set in the world of Santa, elves, and Christmas mayhem. Jennifer Lawinski Go to gbhackers.com
-
OData Injection Risk in Low-Code/No-Code Environments
OData Injection Risk in Low-Code/No-Code Environments As the adoption of LCNC grows, so will the complexity of the threats organizations face. Amichai Shulman Go to gbhackers.com
-
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks
‘Dubai Police’ Lures Anchor Wave of UAE Mobile Attacks A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Chinese Cops Caught Using Android Spyware to Track Mobile Devices
Chinese Cops Caught Using Android Spyware to Track Mobile Devices Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
336K Prometheus Instances Exposed to DoS, ‘Repojacking’
336K Prometheus Instances Exposed to DoS, ‘Repojacking’ Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations. Nate Nelson, Contributing Writer Go to gbhackers.com
-
IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack
IoT Cloud Cracked by ‘Open Sesame’ Over-the-Air Attack Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Europol Cracks Down on Holiday DDoS Attacks
Europol Cracks Down on Holiday DDoS Attacks In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat
Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn’t enforced them. It’s unclear if they will help. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Cultivating a Hacker Mindset in Cybersecurity Defense
Cultivating a Hacker Mindset in Cybersecurity Defense Security isn’t just about tools — it’s about understanding how the enemy thinks and why they make certain choices. Roei Sherman Go to gbhackers.com
-
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack
Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack Threat actors punch holes in the company’s online ordering systems, tripping up doughnut deliveries across the US after a late November breach. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can’t gain enough information to breach. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Researchers Crack Microsoft Azure MFA in an Hour
Researchers Crack Microsoft Azure MFA in an Hour A critical flaw in the company’s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Cybersecurity Lessons From 3 Public Breaches
Cybersecurity Lessons From 3 Public Breaches High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others’ mistakes. Dmytro Tereshchenko Go to gbhackers.com
-
Tips for Preventing Breaches in 2025
Tips for Preventing Breaches in 2025 Hackers are constantly evolving, and so too should our security protocols. Pukar C. Hamal Go to gbhackers.com
-
Governments, Telcos Ward Off China’s Hacking Typhoons
Governments, Telcos Ward Off China’s Hacking Typhoons Infiltrating other nations’ telecom networks is a cornerstone of China’s geopolitical strategy, and it’s having the unintended consequence of driving the uptake of encrypted communications. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
‘Termite’ Ransomware Likely Behind Cleo Zero-Day Attacks
‘Termite’ Ransomware Likely Behind Cleo Zero-Day Attacks The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Scottish Parliament TV at Risk From Deepfakes
Scottish Parliament TV at Risk From Deepfakes Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Lessons From the Largest Software Supply Chain Incidents
Lessons From the Largest Software Supply Chain Incidents The software supply chain is a growing target, and organizations need to take special care to safeguard it. Eldan Ben-Haim Go to gbhackers.com
-
Cybercrime Gangs Abscond With Thousands of AWS Credentials
Cybercrime Gangs Abscond With Thousands of AWS Credentials The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs
Sprawling ‘Operation Digital Eye’ Attack Targets European IT Orgs A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Microsoft NTLM Zero-Day to Remain Unpatched Until April
Microsoft NTLM Zero-Day to Remain Unpatched Until April The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Millionaire Airbnb Phishing Ring Busted Up by Police
Millionaire Airbnb Phishing Ring Busted Up by Police Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Attackers Can Use QR Codes to Bypass Browser Isolation
Attackers Can Use QR Codes to Bypass Browser Isolation Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption
Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent. Go to gbhackers.com
-
Large-Scale Incidents & the Art of Vulnerability Prioritization
Large-Scale Incidents & the Art of Vulnerability Prioritization We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. Audra Streetman Go to gbhackers.com
-
Texas Teen Arrested for Scattered Spider Telecom Hacks
Texas Teen Arrested for Scattered Spider Telecom Hacks An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on ‘key Scattered Spider members’ and their tactics. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
Microsoft Expands Access to Windows Recall AI Feature
Microsoft Expands Access to Windows Recall AI Feature The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Open Source Security Priorities Get a Reshuffle
Open Source Security Priorities Get a Reshuffle The “Census of Free and Open Source Software” report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Why SOC Roles Need to Evolve to Attract a New Generation
Why SOC Roles Need to Evolve to Attract a New Generation The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts. Jessica Belt Go to gbhackers.com
-
Library of Congress Offers AI Legal Guidance to Researchers
Library of Congress Offers AI Legal Guidance to Researchers Researchers testing generative AI systems can use prompt injection, re-register after being banned, and bypass rate limits without running afoul of copyright law. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels
Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com
-
Bypass Bug Revives Critical N-Day in Mitel MiCollab
Bypass Bug Revives Critical N-Day in Mitel MiCollab A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there’s a workaround. Nate Nelson, Contributing Writer Go to gbhackers.com
-
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges At least 17 affiliate groups have used the “DroidBot” Android banking Trojan against 77 financial services companies across Europe, with more to come, researchers warn. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com
-
‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs
‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called “DarkNimbus” to ethnic minorities, including Tibetans. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Vulnerability Management Challenges in IoT & OT Environments
Vulnerability Management Challenges in IoT & OT Environments By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats. Malleswar Reddy Yerabolu Go to gbhackers.com
-
African Law Enforcement Nabs 1,000+ Cybercrime Suspects
African Law Enforcement Nabs 1,000+ Cybercrime Suspects Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms. Robert Lemos, Contributing Writer Go to gbhackers.com
-
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects Go to gbhackers.com
-
Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systems
Wyden and Schmitt Call for Investigation of Pentagon’s Phone Systems Go to gbhackers.com
-
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Veeam Urges Updates After Discovering Critical Vulnerability
Veeam Urges Updates After Discovering Critical Vulnerability The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Pegasus Spyware Infections Proliferate Across iOS, Android Devices
Pegasus Spyware Infections Proliferate Across iOS, Android Devices The notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Navigating the Changing Landscape of Cybersecurity Regulations
Navigating the Changing Landscape of Cybersecurity Regulations The evolving regulatory environment presents both challenges and opportunities for businesses. Michael McLaughlin Go to gbhackers.com
-
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control. Stephen Lawton Go to gbhackers.com
-
SecureG, CTIA Project Secures Business Phone Calls
SecureG, CTIA Project Secures Business Phone Calls BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers. Jennifer Lawinski Go to gbhackers.com
-
BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture
BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture Go to gbhackers.com
-
Misconfigured WAFs Heighten DoS, Breach Risks
Misconfigured WAFs Heighten DoS, Breach Risks Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report
KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report Go to gbhackers.com
-
Decade-Old Cisco Vulnerability Under Active Exploit
Decade-Old Cisco Vulnerability Under Active Exploit Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Cyber-Unsafe Employees Increasingly Put Orgs at Risk
Cyber-Unsafe Employees Increasingly Put Orgs at Risk Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com
-
Venom Spider Spins Web of New Malware for MaaS Platform
Venom Spider Spins Web of New Malware for MaaS Platform A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group’s cybercriminal tool set. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com
-
Ransomware’s Grip on Healthcare
Ransomware’s Grip on Healthcare Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption. Claudio Gallo Go to gbhackers.com
-
Note From the Editor-in-Chief
Note From the Editor-in-Chief A change in ownership and what it means for our readers. Kelly Jackson Higgins, Editor-in-Chief, Dark Reading Go to gbhackers.com
-
‘White FAANG’ Data Export Attack: A Gold Mine for PII Threats
‘White FAANG’ Data Export Attack: A Gold Mine for PII Threats Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe’s GDPR-mandated data portability rules. Nate Nelson, Contributing Writer Go to gbhackers.com
-
‘Bootkitty’ First Bootloader to Take Aim at Linux
‘Bootkitty’ First Bootloader to Take Aim at Linux Though it’s still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors. Jai Vijayan, Contributing Writer Go to gbhackers.com
-
Interpol Cyber-Fraud Action Nets More Than 5K Arrests
Interpol Cyber-Fraud Action Nets More Than 5K Arrests Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise. Dark Reading Staff Go to gbhackers.com
-
Name That Edge Toon: Shackled!
Name That Edge Toon: Shackled! Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. John Klossner Go to gbhackers.com
-
Does Your Company Need a Virtual CISO?
Does Your Company Need a Virtual CISO? With cybersecurity talent hard to come by and companies increasingly looking for guidance and best practices, virtual and fractional chief information security officers can make a lot of sense. Robert Lemos, Contributing Writer Go to gbhackers.com
-
2 UK Hospitals Targeted in Separate Cyberattacks
2 UK Hospitals Targeted in Separate Cyberattacks Alder Hey Children’s Hospital got hit with a ransomware attack, while the nature of an incident at Wirral University Teaching Hospital remains undisclosed. Dark Reading Staff Go to gbhackers.com
-
Incident Response Playbooks: Are You Prepared?
Incident Response Playbooks: Are You Prepared? The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization. James Bruhl Go to gbhackers.com
-
Microsoft Boosts Device Security With Windows Resiliency Initiative
Microsoft Boosts Device Security With Windows Resiliency Initiative Microsoft is readying a new release of Windows in 2025 that will have significant security controls such as more resilient drivers and “self-defending” operating system kernel. Jeffrey Schwartz Go to gbhackers.com
-
How AI Is Enhancing Security in Ridesharing
How AI Is Enhancing Security in Ridesharing Whether it’s detecting fraudulent activity, preventing phishing, or protecting sensitive data, AI is transforming cybersecurity in ridesharing. Rachita Naik Go to gbhackers.com
-
Ransomware Gangs Seek Pen Testers to Boost Quality
Ransomware Gangs Seek Pen Testers to Boost Quality Qualified applicants must be able to test ransomware encryption and find bugs that might enable defenders to jailbreak the malware. Robert Lemos, Contributing Writer Go to gbhackers.com