Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company.
By Robert Lemos, Contributing Writer, Dark Reading
Canary tokens β also known as honey tokens β force attackers to second-guess their potential good fortune when they come across user and application secrets.
By Tara Seals, Managing Editor, News, Dark Reading
Dark Reading's digest of other "don't-miss" stories of the week β including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.
By Ericka Chickowski, Contributing Writer, Dark Reading
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
By Robert Lemos, Contributing Writer, Dark Reading
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.
By Tara Seals, Managing Editor, News, Dark Reading
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
By embracing cybersecurity as a critical part of our national security and education strategy, and working together to invest in opportunities for all, we can create a safer, more secure world.
By dynamically mirroring an organizationβs login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.
With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections.
By Jonathan Care, Contributing Writer, Dark Reading
Dark Reading's analysis suggests that the merger between Human Security and PerimeterX will bring modern defense strategies to disrupt cybercrime and fraud.
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise.
Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing initiative from the foundation that is designed to better secure the devices.
By Gil Hoffer, Co-Founder and Chief Technology Officer, Salto
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.
By Robert Lemos, Contributing Writer, Dark Reading
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.
By James Brodhurst, Principal Consultant, Resistant AI
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.
The open source fully homomorphic encryption library from Duality Technologies is intended to help developers build their own FHE-enabled applications.
By Tara Seals, Managing Editor, News, Dark Reading
The firmware threat offers ultimate stealth and persistence β and may be distributed via tainted firmware components in a supply chain play, researchers theorize.
After leaking 80 million US customer data records in a cyberattack last summer, T-Mobile offers to settle a wide-ranging class action suit for just $350 million.
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.
Two previously unknown critical vulnerabilities within FileWaveβs multiplatform MDM system could grant malicious actors access to the platform's most privileged user account.
Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful.
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.
A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content.
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.
Login
FreshRSS