Cerberus Sentinel Completes Acquisition of Creatrix, Inc.

U.S. cybersecurity services firm expands security and identity management services with woman-owned business.

Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach

79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments.

Intel Chipset Firmware Actively Targeted by Conti Group

Conti threat actors are betting chipset firmware is updated less frequently than other software — and winning big, analysts say.

Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detection and Response

Gurucul automating threat detection, investigation and response (TDIR) with advanced analytics, comprehensive threat content, and a flexible enterprise risk engine for hybrid and multi-cloud environments.

Phishers Having a Field Day on WhatsApp, Telegraph

A pair of phishing campaigns against users of WhatsApp and Telegram's Telegraph expose them to extortion, credential harvesting, and even account takeover.

New Cloud Pricing and Products Proof of RSA’s Transformation

RSA pivots to exclusive focus. Identity is once again the ‘beating heart’ of RSA.

Microsoft Philanthropies Collaborates With WiCyS to Help Close the Cybersecurity Skills Gap

Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

US Sanctions Force Evil Corp to Change Tactics

The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder.

CyberQ Technologies Inc. Launches Managed AI for Splunk UBA Customers

.

Neosec Introduces Expert Managed Threat Hunting Service for Detecting and Investigating API Abuse and Vulnerabilities

Neosec threat hunters from the 'ShadowHunt' team jumpstart the API Security process quickly and help build the knowledge in today's overstretched security teams.

Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage

As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.

Building America's Cybersecurity Infrastructure

The government is putting the right skills and expertise in place to fight the rising cyber threat.

'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijacking

The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.

Fighting Follina: Application Vulnerabilities and Detection Possibilities

Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.

Neutralizing Novel Trickbot Attacks With AI

Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage.

Darktrace's Brianna Leddy on How Ransomware Groups Adapt to New Defenses

In this Tech Talk, Darktrace's Brianna Leddy and Dark Reading's Terry Sweeney discuss ways ransomware groups adapt their activities as enterprise security teams evolve their defenses and controls.

Managing Extended Software Supply Chain Risks

Supply chain woes have dominated headlines, but there's another type of supply chain that's also increasingly at risk: the cloud supply chain.

Hunting for Threats Using Network Traffic Flows

SeclarityIO's NetworkSage platform analyzes network traffic data to identify attacks before they become real problems.

FluBot Android Malware Operation Disrupted, Infrastructure Seized

Security researchers have described the malware as among the fastest-spreading mobile threats in recent years.

NetSPI's New Breach and Attack Simulation Enhancements Help Organizations Achieve Behavior-Based Threat Detection

Organizations leverage the platform-driven, human-delivered service to measure and continuously improve the efficacy of detective controls and MSSP coverage.

Netenrich Debuts Resolution Intelligence Secure Digital Operations Platform at RSA 2022

New operational analytics and AI/ML platform drives contextual intelligence and prioritized actions to anticipate risky behaviors, disrupt threats and insure business resilience.

12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists

The cloud instances were left open to the public Internet with no authentication, allowing attackers to wipe the data.

Darktrace's David Masson on What Attacks on Critical Infrastructure Look Like

In this Tech Talk, Darktrace's David Masson and Dark Reading's Terry Sweeney discuss the rise of destructive attacks against critical infrastructure.

Feds Seize Domains Dealing Stolen Personal Data

WeLeakInfo.to and two related domains let users search data stolen in more than 10,000 different breaches.

Netskope Acquires WootCloud, Extending Zero Trust Capabilities to Enterprise IoT

Contextual Intelligence derived with machine learning helps customers identify, assess and remediate threats from IoT devices on their networks, achieving full visibility and control.

ReliaQuest to Acquire Digital Shadows

Combined company creates world-class security operations platform to offer customers unmatched visibility and detection to defend against threats.

Lookout Acquires SaferPass To Address The Rising Threat Of Identity Theft

Password management solution delivers proactive, seamless approach to protecting privacy and login credentials for consumers and businesses; Password Management market expected to reach $3 billion by 2026.

EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

Security at the Edge: Why It's Complicated

Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.

Consumer Reports Launches IoT Cybersecurity 'Nutrition Label'

Stalwart consumer advocacy group says it intends to educate people about cybersecurity and how to choose the safest products.

10 No-BS Tips for Building a Diverse and Dynamic Security Team

Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.

Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise

.

Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies

Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.

Help Organizations to Mitigate Risk in Microsoft 365 with 'Vectra Protect'

Vectra offers a free of charge security assessment for your cloud tenant.

Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security

Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks.

StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments

EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.

Distinguishing AI Hype From Reality in SecOps

AI and ML are important SecOps tools, but human involvement is still required.

ESET Launches NetProtect Suite of Advanced Cybersecurity Offerings for Telcos and ISPs

.

3.6M MySQL Servers Found Exposed Online

Researchers from Shadowserver recommend removing the servers from the Internet to shrink external attack surface.

Surefire Cyber Launches to Help Cyber Insurance Ecosystem from Response to Resilience, with $10 Million in Funding by Forgepoint Capital

Industry veterans roll out end-to-end incident response services and innovative tech-enabled platform, following successful incubation.

New Microsoft Zero-Day Attack Underway

"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.

Biometric Data Offers Added Security — But Don't Lose Sight of These Important Risks

With rising fraud, businesses are seeking authentication methods that are security- and user-friendly. But with that comes a few complications.

Fewer DDoS Attacks in 2021, Still Above Pre-Pandemic Levels

New research finds a rise in TCP acknowledgement (ACK) DDoS attacks, which rely on a smaller amount of traffic to disrupt targets.

New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.

How to Keep Your Enterprise Safe From Digital Supply Chain Attacks

Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.

6 Steps to Ensure Cyber Resilience

To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.

Critical OAS Bugs Open Industrial Systems to Takeover

The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.

Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks

Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.

Space Force Expands Cyber Defense Operations

Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.

Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years

The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.

New Chaos Malware Variant Ditches Wiper for Encryption

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.

ChromeLoader Malware Hijacks Browsers With ISO Files

The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.

Physical Security Teams' Impact Is Far-Reaching

Here's how physical security teams can integrate with the business to identify better solutions to security problems.

Taking the Danger Out of IT/OT Convergence

The Colonial Pipeline attack highlighted the risks of convergence. Unified security provides a safer way to proceed.

Microsoft Unveils Dev Box, a Workstation-as-a-Service

Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.

Broadcom Snaps Up VMware in $61B Deal

Massive merger will put Broadcom's Symantec and VMware's Carbon Black under one roof.

Lacework Announces Layoffs, Restructuring

The cloud-security company blames "seismic" market shifts for shakeup.

Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector

Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.

Twitter Fined $150M for Security Data Misuse

Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.

The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.