Tag: darkreading

How Security Has Changed the Hacker Marketplace Your ultimate goal shouldn’t be security perfection — it should be making exploitation of your organization unprofitable. Isaac Evans Go to gbhackers.com

SonicWall Issues Patch for Exploit Chain in SMA Devices Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild. Nate Nelson, Contributing Writer Go to gbhackers.com

Email-Based Attacks Top Cyber-Insurance Claims Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024. Rob Wright Go to gbhackers.com

Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol’s support. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Life Without CVEs? It’s Time to Act Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It’s simply too important for that. Keith Ibarguen Go to gbhackers.com

Countries Begin NATO’s Locked Shields Cyber Defense Exercise The NATO-run live cyber exercise event helps countries test and develop defenses against current and emerging cyber threats including disinformation, quantum, and AI. Arielle Waldman Go to gbhackers.com

‘Lemon Sandstorm’ Underscores Risks to Middle East Infrastructure The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed. Robert Lemos, Contributing Writer Go to gbhackers.com

‘CoGUI’ Phishing Kit Helps Chinese Hackers Target Japan Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea. Nate Nelson, Contributing Writer Go to gbhackers.com

TikTok Fined €530 Million Over Chinese Access to EU Data European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles? Becky Bracken Go to gbhackers.com

Meta Wins Lawsuit Against Spyware Vendor NSO Group The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Play Ransomware Group Used Windows Zero-Day Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries. Jai Vijayan, Contributing Writer Go to gbhackers.com

“Bring Your Own Installer” Attack Targets SentinelOne EDR Researchers from Aon’s Stroz Friedberg incident response firm discovered a new attack type, known as “Bring Your Own Installer,” targeting misconfigured SentinelOne EDR installs. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Infrastructure as Code: An IaC Guide to Cloud Security IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can’t keep up. Jatin Mannepalli Go to gbhackers.com

Researcher Says Patched Commvault Bug Still Exploitable CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation The vulnerabilities affect SonicWall’s SMA devices for secure remote access, which have been heavily targeted by threat actors in the past. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Addressing the Top Cyber-Risks in Higher Education As attacks accelerate, security leaders must act to gain visibility across their entire institution’s network and systems and continuously educate their users on best practices. Michael Sink Go to gbhackers.com

AI Domination: RSAC 2025 Social Media Roundup Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘Venom Spider’ Targets Hiring Managers in Phishing Scheme Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Phony Hacktivist Pleads Guilty to Disney Data Leak After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists’ rights and ensuring they receive fair compensation for their work. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

How to Prevent AI Agents From Becoming the Bad Guys When designed with strong governance principles, AI can drive innovation while maintaining the people’s trust and security. Marla Hay Go to gbhackers.com

UK Retailers Reeling From Likely Ransomware Attacks A series of cyberattacks have struck multiple major British retailers in recent weeks, and a ransomware gang has reportedly claimed responsibility. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

What NYDFS Rules Mean for Businesses (in and outside of NY) Starting this month, finance companies operating in New York must implement a variety of protections against unauthorized access to IT systems. Nate Nelson, Contributing Writer Go to gbhackers.com

Attackers Ramp Up Efforts Targeting Developer Secrets Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files. Robert Lemos, Contributing Writer Go to gbhackers.com

Despite Arrests, Scattered Spider Continues High-Profile Hacking While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc. Rob Wright Go to gbhackers.com

Cut CISA and Everyone Pays for It Gutting CISA won’t just lose us a partner. It will lose us momentum. And in this game, that’s when things break. Audian Paxson Go to gbhackers.com

SANS Top 5: Cyber Has Busted Out of the SOC This year’s top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI’s capabilities. Becky Bracken Go to gbhackers.com

Experts Debate Real ID Security Ahead of May 7 Deadline Real IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025? Nate Nelson, Contributing Writer Go to gbhackers.com

Getting Outlook.com Ready for Bulk Email Compliance Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline. Faisal Misle Go to gbhackers.com

A Cybersecurity Paradox: Even Resilient Organizations Are Blind to AI Threats A LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot. Arielle Waldman Go to gbhackers.com

Microsoft Readies Administrator Protection Option for Windows 11 Microsoft’s David Weston describes the new feature as the most significant architectural Windows security change in a generation. Go to gbhackers.com

When Threat Actors Behave Like Managed Service Providers How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat. Steve Stasiukonis Go to gbhackers.com

Putin’s Cyberattacks on Ukraine Rise 70%, With Little Effect Russia’s cyberattacks on Ukraine have increased dramatically, targeting the country’s government and defense infrastructure. Nate Nelson, Contributing Writer Go to gbhackers.com

Cisco Boosts XDR Platform, Splunk With Agentic AI Cisco joins the agentic AI wave with the introduction of advanced LLMs to autonomously verify and investigate attacks. Jeffrey Schwartz Go to gbhackers.com

Billbug Expands Cyber-Espionage Campaign in Southeast Asia The China-linked cyber-operations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam. Robert Lemos, Contributing Writer Go to gbhackers.com

Prolific RansomHub Operation Goes Dark The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors. Jai Vijayan, Contributing Writer Go to gbhackers.com

Former CISA Head Slams Trump Admin Over ‘Loyalty Mandate’ Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president’s “mandate for loyalty” during a panel at RSAC 2025. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Adversaries Are Toying With US Networks & DC Is Short on Answers While nation-state actors are demonstrating how easily they can infiltrate US networks, government officials don’t seem to have a clear vision for what comes next. Becky Bracken Go to gbhackers.com

TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications. Tara Seals Go to gbhackers.com

Phishers Take Advantage of Iberian Blackout Before It’s Even Over Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal’s national airline in a campaign offering compensation for delayed or disrupted flights. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

DHS Boss Noem Vows to Get CISA Back ‘On Mission’ Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies. Becky Bracken Go to gbhackers.com

DARPA Highlights Critical Infrastructure Security Challenges Leaders at federal research organizations DARPA, ARPA-I, and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Nvidia’s AI Security Offering Protects From Software Landmines Nvidia’s DOCA Argus prevents attacks before they compromise AI architectures. Agam Shah Go to gbhackers.com

Many Fuel Tank Monitoring Systems Vulnerable to Disruption Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just “a packet away” from compromise, security researcher warns at 2025 RSAC Conference. Jai Vijayan, Contributing Writer Go to gbhackers.com

From Mission-Centric to People-Centric: Competitive Leadership in Cyber Making a case for empathy in cyber-leadership roles as a strategic business advantage. Tara Seals Go to gbhackers.com

Hacking in Space: Not as Tough as You Might Think Barbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

US Critical Infrastructure Still Struggles With OT Security How does a company defend itself from cyberattacks by a foreign adversary? A collection of experts gathered at this year’s RSAC Conference to explain how the US can help. Becky Bracken Go to gbhackers.com

Risks of Using AI Models Developed by Competing Nations The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today. Pascal Geenens Go to gbhackers.com

Windows Backdoor Targets Members of Exiled Uyghur Community A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China’s continued cyber-espionage activity against the ethnic minority. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Vulnerability Exploitation Is Shifting in 2024-25 The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies. Nate Nelson, Contributing Writer Go to gbhackers.com

SAP NetWeaver Visual Composer Flaw Under Active Exploitation CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it. Jai Vijayan, Contributing Writer Go to gbhackers.com

AI, Automation, and Dark Web Fuel Evolving Threat Landscape Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Forget the Stack; Focus on Control Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can’t be eliminated overnight, it can be managed. Jonathan Meler Go to gbhackers.com

DoJ Data Security Program Highlights Data Sharing Challenges The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom. Arielle Waldman Go to gbhackers.com

Mobile Applications: A Cesspool of Security Issues An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do? Robert Lemos, Contributing Writer Go to gbhackers.com

How Organizations Can Leverage Cyber Insurance Effectively By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks. Erich Kron Go to gbhackers.com

Vehicles Face 45% More Attacks, 4 Times More Hackers Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025. Nate Nelson, Contributing Writer Go to gbhackers.com

Phishing Kit Darcula Gets Lethal AI Upgrade Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers. Becky Bracken Go to gbhackers.com

[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you Go to gbhackers.com

‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it’s anything but. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Max-Severity Commvault Bug Alarms Researchers Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers. Jai Vijayan, Contributing Writer Go to gbhackers.com

NFC-Powered Android Malware Enables Instant Cash-Outs Researchers at security vendor Cleafy detailed a malware known as “SuperCard X” that uses the NFC reader on a victim’s own phone to steal credit card funds instantly. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

FBI: Cybercrime Losses Rocket to $16.6B in 2024 The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Navigating Regulatory Shifts & AI Risks By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage. Arnaud Treks Go to gbhackers.com

‘Industrial-Scale’ Asian Scam Centers Expand Globally The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar. Nate Nelson, Contributing Writer Go to gbhackers.com

Microsoft Claims Steady Progress Revamping Security Culture In the latest Secure Future Initiative Progress Report, Microsoft described efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new “Secure by Design UX Toolkit.” Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Ransomware Gangs Innovate With New Affiliate Models Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Popular British Retailer Marks & Spencer Addresses ‘Cyber Incident’ M&S has launched an investigation and said some customer operations are impacted. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Japan Warns on Unauthorized Stock Trading via Stolen Credentials Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they’ve been hacked. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Kubernetes Pods Are Inheriting Too Many Permissions Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS. Becky Bracken Go to gbhackers.com

The Foundations of a Resilient Cyber Workforce In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust. Mohan Koo Go to gbhackers.com

Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn’t materialize and less widely touted attack scenarios shot up. Nate Nelson, Contributing Writer Go to gbhackers.com

Zambia’s Updated Cyber Laws Prompt Surveillance Warnings Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558 The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT’s breach of its Exchange Online environment in 2023. Jai Vijayan, Contributing Writer Go to gbhackers.com

City of Abilene Goes Offline in Wake of Cyberattack The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

3 More Healthcare Orgs Hit by Ransomware Attacks Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365 A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

DeepSeek Breach Opens Floodgates to Dark Web The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability. Emma Zaballos Go to gbhackers.com

‘Fog’ Hackers Troll Victims With DOGE Ransom Notes Since January, threat actors distributing the malware have notched up more than 100 victims. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Elusive Comet’ Attackers Use Zoom to Swindle Victims The threat actor uses sophisticated social engineering techniques to infect a victim’s device, either with an infostealer or remote access Trojan (RAT). Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Nation-State Threats Put SMBs in Their Sights Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services. Robert Lemos, Contributing Writer Go to gbhackers.com

Can Cybersecurity Weather the Current Economic Chaos? Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession. Robert Lemos, Contributing Writer Go to gbhackers.com

ASUS Urges Users to Patch AiCloud Router Vuln Immediately The vulnerability is only found in the vendor’s router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

The Global AI Race: Balancing Innovation and Security The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right. Chuck Herrin Go to gbhackers.com

Could Ransomware Survive Without Cryptocurrency? Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene. Arielle Waldman Go to gbhackers.com

AWWA Supports Introduction of Collaborative Cybersecurity Legislation Go to gbhackers.com

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved Go to gbhackers.com

Attackers and Defenders Lean on AI in Identity Fraud Battle Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire. Robert Lemos, Contributing Writer Go to gbhackers.com

Chinese APT Mustang Panda Debuts 4 New Attack Tools The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal. Nate Nelson, Contributing Writer Go to gbhackers.com

CISA Weighs in on Alleged Oracle Cloud Breach The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

If Boards Don’t Fix OT Security, Regulators Will Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won’t drive up security maturity for operational technology unless they’re made to. Warren O’Driscoll Go to gbhackers.com

Android Phones Pre-Downloaded With Malware Target User Crypto Wallets The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Dogged by Trump, Chris Krebs Resigns from SentinelOne The president revoked the former CISA director’s security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation. Nate Nelson, Contributing Writer Go to gbhackers.com

CVE Program Cuts Send the Cyber Sector Into Panic Mode After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it’s up to the private sector to find the cash to keep it…

Cybersecurity by Design: When Humans Meet Technology If security tools are challenging to use, people will look for workarounds to get around the restrictions. Matthew Warner Go to gbhackers.com

Middle East, North Africa Security Spending to Top $3B Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth. Nate Nelson, Contributing Writer Go to gbhackers.com

GPS Spoofing Attacks Spike in Middle East, Southeast Asia An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border. Robert Lemos, Contributing Writer Go to gbhackers.com

Multiple Groups Exploit NTLM Flaw in Microsoft Windows The attacks have been going on since shortly after Microsoft patched the vulnerability in March. Jai Vijayan, Contributing Writer Go to gbhackers.com

China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe. Rob Wright, Senior News Director, Dark Reading Go to gbhackers.com

Ransomware gang ‘CrazyHunter’ Targets Critical Taiwanese Orgs Trend Micro researchers detailed an emerging ransomware campaign by a new group known as “CrazyHunter” that is targeting critical sectors in Taiwan. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com