Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises

Cynet CISO survey reveals lack of staff, skills, and resources driving smaller teams to outsource security with advanced tools, technologies, and services.

Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

US Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network

QuSecure’s QuProtect leverages unique post-quantum cryptographic algorithm on government legacy systems to achieve world’s first and only post-quantum resilient channel within a government facility.

New Research Reveals 93% of Organizations Surveyed Have Had Failed IIoT/OT Security Projects

Barracuda research finds organizations are struggling to protect operational technology and getting breached as a result.

Keep Humans in the Loop in SOC Operations

Machine learning and automation can help free up security pros for higher-value tasks.

Exostar Empowers SMBs with Enhanced, Low-Cost, Easy-to-Use Microsoft 365 and CMMC 2.0 Solutions

Upgrades to the Exostar platform promote secure, compliant collaboration and handling of controlled unclassified information.

QuickBooks Vishing Scam Targets Small Businesses

Businesses receive an invoice via email with a credit card charge and are asked to call a fake number and hand over personal information to receive a refund.

Getting Up and Running with Windows Autopatch

This Tech Tip outlines how system administrators can get started with automated continuous patching for their Windows devices and applications.

PyPI Mandates 2FA, Plans Google Titan Key Giveaway

Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.

Core Security by HelpSystems Introduces New Ransomware Simulator

.

Privitar Announces Kormoon Acquisition, Extending Data Privacy and Provisioning Capabilities

.

Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now

July's security update included fixes for one actively exploited flaw, more than 30 bugs in Azure Site Recovery, and four privilege escalation bugs in Windows Print Spooler.

Understanding the Omdia Threat Detection Data Life Cycle

Data quality is key in an effective TDIR solution. Omdia's threat detection data life cycle highlights the considerations for effective data-driven threat detection.

Don't Have a COW: Containers on Windows and Other Container-Escape Research

Several pieces of Black Hat USA research will explore container design weaknesses and escalation of privilege attacks that can lead to container escapes.

One-Third of Users Without Security Awareness Training Click on Phishing URLs

New data from security training provider shows half of untrained users in consulting, energy, and healthcare industries fall for phishing attacks.

5 Traits That Differentiate CISOs From CIROs

Chief information risk officers must have a keen understanding of — and interaction with — the business.

Deloitte Launches Zero Trust Access, a New Managed Security Service

.

How Confidential Computing Locks Down Data, Regardless of Its State

Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.

Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack

If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.

Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.

Paladin Cloud Launches New Cloud Security and Governance Platform

The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.

Fake Google Software Updates Spread New Ransomware

"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.

'Luna Moth' Group Ransoms Data Without the Ransomware

Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.

Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.

Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers

.

Proposed SEC Rules Require More Transparency About Cyber-Risk

The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.

Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Scams pressure victims to "resolve an issue that could impact their status, business."

Microsoft Reverses Course on Blocking Office Macros by Default

Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.

DoJ Charges CEO for Dealing $1B in Fake Cisco Gear

Fraudster allegedly passed off refurbished, modified Cisco equipment as new to hospitals, schools, and even the military.

SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets

.

Welcome-Back-to-the-Future Shock

This year's RSA Conference saw a strange mix of selling the future and the past — for good reason.

Swimlane Secures $70M Growth Round to Fuel Global Expansion of Next Generation Low-Code Security Automation Platform

.

Worldwide Enterprise Endpoint Security Industry to 2027: Focus on Antivirus, Firewall, Endpoint Device Control, and Anti-Spyware/Anti-Malware

.

Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion

Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalition’s vision to provide security for all.

Zero Trust Bolsters Our National Defense Against Rising Cyber Threats

The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration.

In Switch, Trickbot Group Now Attacking Ukrainian Targets

Latest campaigns are a break from its usual financially motivated attacks and appear aligned with Russian interests, security researchers say.

What Do All of Those Cloud Cybersecurity Acronyms Mean?

Acronyms serve as a gatekeeper — if you don't sling the lingo, you don't belong. So here's a quick guide to the letter salad of cloud cybersecurity.

ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack

Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on.

Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival 'Brute Ratel' Pen Test Tool

The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries.

Cyber Skills Center Launches in Tulsa to Develop Diverse, Local Tech Talent Pipeline

New program offers free tech skills training and paid apprenticeships to make education and career pathways more accessible.

Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materials Standards

.

China's Tonto Team APT Ramps Up Spy Operations Against Russia

In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.

Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover

Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.

Empower Your Security Operations Team to Combat Emerging Threats

When examining the modern threat landscape, empowering your security operations and overcoming the limitations inherent with other malware prevention solutions is imperative.

Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out

It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.

Inside NIST's 4 Crypto Algorithms for a Post-Quantum World

With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.

Prevention Takes Priority Over Response

Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action.

North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs

US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.

I Built a Cheap 'Warshipping' Device in Just 3 Hours — and So Can You

Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.

Marriott Data Breach Exposes PII, Credit Cards

The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.

How to Keep EVs From Taking Down the Electrical Grid

They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.

Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'

The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.

Identity Access Management Is Set for Exploding Growth, Big Changes — Report

New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.

The Cyber-Asset Management Playbook for Supply Chain Modernization

Organizations must balance the risk and reward of new cyber-asset management technologies.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

NIST Picks 4 Quantum-Resistant Cryptographic Algorithms

The US Department of Commerce's National Institute of Standards and Technology has announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.

HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain

Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe.

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.