By Tara Seals, Managing Editor, News, Dark Reading
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.
By dynamically mirroring an organizationβs login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.
With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.
By Jonathan Care, Contributing Writer, Dark Reading
Dark Reading's analysis suggests that the merger between Human Security and PerimeterX will bring modern defense strategies to disrupt cybercrime and fraud.
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise.
Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing initiative from the foundation that is designed to better secure the devices.
By Gil Hoffer, Co-Founder and Chief Technology Officer, Salto
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.
By Robert Lemos, Contributing Writer, Dark Reading
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.
By James Brodhurst, Principal Consultant, Resistant AI
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.
The open source fully homomorphic encryption library from Duality Technologies is intended to help developers build their own FHE-enabled applications.
By Tara Seals, Managing Editor, News, Dark Reading
The firmware threat offers ultimate stealth and persistence β and may be distributed via tainted firmware components in a supply chain play, researchers theorize.
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.
Two previously unknown critical vulnerabilities within FileWaveβs multiplatform MDM system could grant malicious actors access to the platform's most privileged user account.
Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful.
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.
A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content.
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.
By Tara Seals, Managing Editor, News, Dark Reading
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.
Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.
By Robert Lemos, Contributing Writer, Dark Reading
A study of the unregulated dark markets shows that the vast majority of malware, exploits, and attacker tools sell for less than $10, giving would-be criminals a fast entry point.
The cyber campaign, aimed at siphoning funds, uses an improved version of the malware, which can adjust infection paths based on recognized antivirus software.
New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with
The threat group 8220 Gang's cryptocurrency miner and botnet reach has exploded to 30,000 global hosts, a notable increase over the past month, researchers say.
Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."
By Richard Marcus, Head of Information Security, AuditBoard
Security pros' experience with transparency and evaluating third-party partners positions them to act as key environmental, social, and governance advisers.
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.
Login
FreshRSS