Microsoft Flags Attack Targeting SQL Servers With Novel Approach

Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.

2022: The Year Zero Trust Becomes Mainstream

It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.

How Threat Actors Are a Click Away From Becoming Quasi-APTs

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

(ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities

Multi-million-pound commitment will empower everyone from recent graduates to career changers to IT professionals in the UK to begin a successful career in cybersecurity.

New Venture Capital Fund Focuses on Emerging Cybersecurity Tech

The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund.

Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS

.

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.

Training to Beat a Bad Cybersecurity Culture

Creating a company culture for security may need to start by tearing down an anti-security culture.

Local Government's Guide to Minimizing the Risk of a Cyberattack

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.

Google Cloud Aims to Share Its Vetted Open Source Ecosystem

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Barracuda Expands Cloud-Native SASE Platform to Protect Hybrid Cloud Deployments

Expansion includes new capabilities for hybrid deployment models and industrial Internet of things (IIoT) environments.

Qualys Adds Custom Assessment and Remediation to Its Cloud Platform

Provides security architects with access to custom scripts that can be natively integrated with other Qualys solutions.

YouMail Launches YouMail Protective Services for Carriers and Enterprises

Protect enterprises from the harm of unwanted voice-based phishing perpetrated by bad actors.

Ericom’s New ZTEdge Web Application Isolation Addresses Security Concerns Associated With Third-Party Contractor Application Access

Enables organizations to provide simple, secure access to the private and public cloud or Web-based corporate apps that workers using unmanaged devices need for their work.

Bitdefender Launches Identity Theft Protection Service for U.S. Consumers

New offering provides credit and financial monitoring along with identity protection and restoration.

How Mobile Networks Have Become a Front in the Battle for Ukraine

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience.

TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft

MDR Sentinel expands TorchLight’s leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status

RF Technologies Releases Safe Place Staff Protection for Healthcare Settings

RFT is expanding the Safe Place hospital market security system to include staff protection.

50% of Orgs Rely on Email to Manage Security

Even with dedicated identity management tools at their disposal, many companies — smaller ones especially — are sticking with email and spreadsheets for handling permissions.

iPhones Open to Attack Even When Off, Researchers Say

Wireless chips that run when the iPhone iOS is shut down can be exploited.

Open Source Security Gets $30M Boost From Industry Heavy Hitters

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

You Can't Opt Out of Citizen Development

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Name That Toon: Knives Out

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.

How to Turn a Coke Can Into an Eavesdropping Device

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

US Agrees to International Electronic Cybercrime Evidence Swap

The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.

CISO Shares Top Strategies to Communicate Security's Value to the Biz

In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.

Black Hat Asia: Democracy's Survival Depends on Taming Technology

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.

How to Avoid Falling Victim to PayOrGrief's Next Rebrand

The group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

Black Hat Asia: Firmware Supply Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

3 Predictors of Cybersecurity Startup Success

Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

Egnyte Enhances Program for Managed Service Providers

Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.

StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.

Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.

Needs Improvement: Scoring Biden's Cyber Executive Order

One year after it was issued, has President Biden's Cyber Executive Order had an impact?

How Can Your Business Defend Itself Against Fraud-as-a-Service?

By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

5 Years That Altered the Ransomware Landscape

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

Google Will Use Mobile Devices to Thwart Phishing Attacks

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Nokia Opens Cybersecurity Testing Lab

The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.

On the Air With Dark Reading News Desk at Black Hat Asia 2022

This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.

PlainID Debuts Authorization-as-a-Service Platform

Platform powered by policy-based access control (PBAC).

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.

Ready, IAM, Fire: How Weak IAM Makes You a Target

Proper identity and access management configuration serves as an effective starting point for organizations looking to secure their cloud infrastructure.

Microsoft Simplifies Security Patching Process for Exchange Server

Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.

Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier

Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.

Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme

.

Fraudulent 'Bot-driven' College Enrollment up 50%, New Study Finds

.

NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

International cybersecurity authorities issue guidance to help information and communications service providers secure their networks.

Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)

The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).

Top 6 Security Threats Targeting Remote Workers

Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.