Deadbolt Ransomware Targeting QNAP NAS Devices

QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.

Pro-Russian Information Operations Escalate in Ukraine War

In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

DoJ Won't Charge 'Good Faith' Security Researchers

Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.

Majority of Kubernetes API Servers Exposed to the Public Internet

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution

CrowdStrike and CyberArk invest in Dig's seed round, which was led by Team8, alongside Merlin Ventures and chairs of MongoDB and Exabeam.

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

Phishing Attacks for Initial Access Surged 54% in Q1

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

MITRE Creates Framework for Supply Chain Security

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline

Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.

How Pwn2Own Made Bug Hunting a Real Sport

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.

Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments

Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.

CISA: Unpatched F5 BIG-IP Devices Under Active Attack

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

The Industry Must Better Secure Open Source Code From Threat Actors

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

Microsoft Flags Attack Targeting SQL Servers With Novel Approach

Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.

2022: The Year Zero Trust Becomes Mainstream

It has never been more important for organizations of all sizes to prioritize securing their users and their infrastructure secrets with zero-trust network access.

How Threat Actors Are a Click Away From Becoming Quasi-APTs

As demonstrated in Ukraine and elsewhere, the battlefield for today's warriors extends to the virtual realm with cyber warfare.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

(ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities

Multi-million-pound commitment will empower everyone from recent graduates to career changers to IT professionals in the UK to begin a successful career in cybersecurity.

New Venture Capital Fund Focuses on Emerging Cybersecurity Tech

The founders behind more than 90 cybersecurity firms have set up a $300 million investment fund.

Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS

.

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.

Training to Beat a Bad Cybersecurity Culture

Creating a company culture for security may need to start by tearing down an anti-security culture.

Local Government's Guide to Minimizing the Risk of a Cyberattack

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.

Google Cloud Aims to Share Its Vetted Open Source Ecosystem

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Barracuda Expands Cloud-Native SASE Platform to Protect Hybrid Cloud Deployments

Expansion includes new capabilities for hybrid deployment models and industrial Internet of things (IIoT) environments.

Qualys Adds Custom Assessment and Remediation to Its Cloud Platform

Provides security architects with access to custom scripts that can be natively integrated with other Qualys solutions.

YouMail Launches YouMail Protective Services for Carriers and Enterprises

Protect enterprises from the harm of unwanted voice-based phishing perpetrated by bad actors.

Ericom’s New ZTEdge Web Application Isolation Addresses Security Concerns Associated With Third-Party Contractor Application Access

Enables organizations to provide simple, secure access to the private and public cloud or Web-based corporate apps that workers using unmanaged devices need for their work.

Bitdefender Launches Identity Theft Protection Service for U.S. Consumers

New offering provides credit and financial monitoring along with identity protection and restoration.

How Mobile Networks Have Become a Front in the Battle for Ukraine

Since 2014's annexation of Crimea, Ukrainian mobile operators have taken multiple, proactive steps to defend networks in the country and ensure their resilience.

TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft

MDR Sentinel expands TorchLight’s leading managed detection and response (MDR) services with turnkey SIEM and SOAR capabilities from Microsoft; TorchLight also announces it attains elite Microsoft Gold Partner Status

RF Technologies Releases Safe Place Staff Protection for Healthcare Settings

RFT is expanding the Safe Place hospital market security system to include staff protection.

50% of Orgs Rely on Email to Manage Security

Even with dedicated identity management tools at their disposal, many companies — smaller ones especially — are sticking with email and spreadsheets for handling permissions.

iPhones Open to Attack Even When Off, Researchers Say

Wireless chips that run when the iPhone iOS is shut down can be exploited.

Open Source Security Gets $30M Boost From Industry Heavy Hitters

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

You Can't Opt Out of Citizen Development

To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Name That Toon: Knives Out

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.

How to Turn a Coke Can Into an Eavesdropping Device

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

US Agrees to International Electronic Cybercrime Evidence Swap

The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.

CISO Shares Top Strategies to Communicate Security's Value to the Biz

In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.

Black Hat Asia: Democracy's Survival Depends on Taming Technology

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.

How to Avoid Falling Victim to PayOrGrief's Next Rebrand

The group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

Black Hat Asia: Firmware Supply Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

3 Predictors of Cybersecurity Startup Success

Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

Egnyte Enhances Program for Managed Service Providers

Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.

StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.

Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.

Needs Improvement: Scoring Biden's Cyber Executive Order

One year after it was issued, has President Biden's Cyber Executive Order had an impact?

How Can Your Business Defend Itself Against Fraud-as-a-Service?

By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

5 Years That Altered the Ransomware Landscape

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.