The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.
By Robert Lemos, Contributing Writer, Dark Reading
The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.
TPx, a leading nationwide managed services provider (MSP) delivering cybersecurity, managed networks, and cloud communications, today announced the addition of penetration scanning to its Security Advisory Services portfolio.
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.
By Tara Seals, Managing Editor, News, Dark Reading
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.
By Tara Seals, Managing Editor, News, Dark Reading
A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.
By Jonathan Hencinski, Vice President of Security Operations, Expel
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.
By Robert Lemos, Contributing Writer, Dark Reading
A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition among cybersecurity vendors.
Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites โ posing a real risk to enterprises from remote employees.
When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.
Oversubscribed round validates company's data-first approach to solving cloudโฏsecurity and privacy issues for global businesses thwarting data breaches and ransomwar
By Robert Lemos, Contributing Writer, Dark Reading
Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.
By Robert Lemos, Contributing Writer, Dark Reading
Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly.
Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk
By Elizabeth Montalbano, Contributor, Dark Reading
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.
By Robert Lemos, Contributing Writer, Dark Reading
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management.
The American Data Privacy and Protection Act would provide federal-level protections that don't exist in most states, but override existing, stronger state protections.
Security Pro File: The DevOps evangelist and angel investor shares his expertise with the next generation of startups. If you're lucky, maybe he'll even share his Lagavulin.
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.
By Tara Seals, Managing Editor, News, Dark Reading
The Treasury Department links the MuddyWater APT and APT39 to Iran's intelligence apparatus, which is now blocked from doing business with US entities.
By Robert Lemos, Contributing Writer, Dark Reading
Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving โ or have moved โ to requiring more secure authentication as well. Is your company ready?
A sweeping effort to prevent a raft of targeted cybercrime groups from posting ransomware victims' data publicly is hampering their operations, causing outages.