Long Con Impersonates Financial Advisers to Target Victims

Cybercriminals are co-opting the identities of legitimate US financial advisers to use them as fodder for relationship scams (aka "pig butchering"), which end with the theft of investments.

The Journal, Artificial Intelligence in the Life Sciences, Highlights the Contributions of Women in Artificial Intelligence in the Life Sciences

The launch of a new article collection and webinar by the journal AILSCI recognises prominent female scientists in the field of AI.

Spotlight on 2023 DevSecOps Trends

Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year.

Enterprises Don't Know What to Buy for Responsible AI

Organizations are struggling to procure appropriate technical tools to address responsible AI, such as consistent bias detection in AI applications.

Enterprises Need to Do More to Assure Consumers About Privacy

Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.

Why Most Companies Still Don’t Know What’s on Their Network

Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.

On Data Privacy Day, Organizations Fail Data Privacy Expectations

Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign

Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group.

How Noob Website Hackers Can Become Persistent Threats

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in the future, researchers say.

3 Ways ChatGPT Will Change Infosec in 2023

OpenAI's chatbot has the promise to revolutionize how security practitioners work.

Riot Games Latest Video-Game Maker to Suffer Breach

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

A Child's Garden of Cybersecurity

Whether you dream of your child becoming a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery.

Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems

Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA.

SaaS Rootkit Exploits Hidden Rules in Microsoft 365

A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit.

Dutchman Detained for Dealing Details of Tens of Millions of People

The accused sold an enormous data set stolen from the Austrian radio and television licensing authority — to an undercover cop.

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ

The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations.

German Government, Airports, Banks Hit With Killnet DDoS Attacks

After Berlin pledged tanks for Ukraine, some German websites were knocked offline temporarily by Killnet DDoS attacks.

7 Insights From a Ransomware Negotiator

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

Companies Struggle With Zero Trust as Attackers Adapt to Get Around It

Only one in 10 enterprises will create a robust zero-trust foundation in the next three years, while more than half of attacks won't even be prevented by it, according to Gartner.

New Study Examines Application Connectivity Security in the Cloud

Center for Cyber Safety and Education Opens 2023 Cybersecurity Scholarship Applications

Program provides financial assistance to aspiring information security professionals, enabling students toward long-term career success.

Cybellum Releases Enhanced SBOM Management and Compliance Oversight for Manufacturers with New Release of its Product Security Platform

Advanced workflow, approval process, and management dashboard enhance control, distribution, and supervision, while reducing errors and streamlining the entire SBOM management process.

NIST Risk Management Framework Aims to Improve Trustworthiness of Artificial Intelligence

New guidance seeks to cultivate trust in AI technologies and promote AI innovation while mitigating risk

Organizations Must Brace for Privacy Impacts This Year

Expect more regulatory and enforcement action in the US and around the world.

Snyk Gets Nod of Approval With ServiceNow Strategic Investment

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.

KORE Delivers IoT SAFE Solution for Massive IoT Use Cases with AWS

Delivering secure, global IoT device connectivity, deployment, and management at scale.

Data Privacy Day: Privado Flags Data Privacy Challenges In 2023 As It Hails Industry Stars

Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts

Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.

Zacks Investment Research Hack Exposes Data for 820K Customers

Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.

Google Pushes Privacy to the Limit in Updated Terms of Service

In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?

Healthcare Remains Top Target in 2022 ITRC Breach Report

Despite Slowing Economy, Demand for Cybersecurity Workers Remains Strong

New Cyberseek™ data shows US is short nearly 530,000 skilled cybersecurity staff.

Davos Debrief: Critical Shortage of Cybersecurity Talent Requires Action on Several Fronts, CompTIA Executive Says

Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

GoTo Encrypted Backups Stolen in LastPass Breach

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.

North Korea's Top APT Swindled $1B From Crypto Investors in 2022

The DPRK has turned crypto scams into big business to replenish its depleted state coffers.

Multicloud Security Challenges Will Persist in 2023

Some predictions about impending security challenges, with a few tips for proactively addressing them.

ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)

BD Publishes 2022 Cybersecurity Annual Report

Cybersecurity Budgets Increase for Retail & Hospitality Industry

Despite economic headwinds and layoffs in other areas, most retail and hospitality CISOs expect to add staff in 2023, according to a new report.

BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute

Report identifies 1.75m cyberattacks were stopped by BlackBerry in the last 90 days.

Can't Fill Open Positions? Rewrite Your Minimum Requirements

If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent.

Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform

Skyhawk Synthesis extends cloud security misconfiguration detection across multiple clouds, the company says — throwing cloud security posture management in for free.

View from Davos: The Changing Economics of Cybercrime

Participants in a working session on ransomware at the World Economic Forum discussed how planning ahead can reduce cyber risk.

Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

Forescout Appoints Technology Veteran Barry Mainz as CEO

Mainz brings 25 years of industry experience to execute on Forescout’s strategy and drive its next phase of growth.

Fenix24 Releases White Paper Proposing New Cyber Incident Response Paradigm

Restoration teams must be part of a collaborative, initial response team to address costly downtime.

Armis State of Cyberwarfare and Trends Report: 2022-2023 Highlights Global IT and Security Professionals' Sentiment on Cyberwarfare

Respondents indicate organizations are unprepared to handle cyberwarfare, there's no one-size-fits-all response to ransomware, and cybersecurity spending is on the rise.

Keeper Security Shares Password Best Practices Ahead of Data Privacy Day

The 2022-2023 Cloud Awards Announces Its Finalists

Chat Cybersecurity: AI Promises a Lot, but Can It Deliver?

Machine learning offers great opportunities, but it still can't replace human experts.

'DragonSpark' Malware: East Asian Cyberattackers Create an OSS Frankenstein

Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses.

Microsoft to Block Excel Add-ins to Stop Office Exploits

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

Security and the Electric Vehicle Charging Infrastructure

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.

Wallarm Aims to Reduce the Harm From Compromised APIs

API Leak Management software discovers exposed API keys and other secrets, blocks their use, and monitors for abuse, the company says.

Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access

Devices running Android 12 and below are at risk of attackers downloading apps that direct users to a malicious domain.

Organizations Likely to Experience Ransomware Threat in the Next 24 Months, According to Info-Tech Research Group

Security leaders must build resiliency against these complex attacks immediately.

Magnet Forensics Inc. Enters Into Definitive Agreement to be Acquired by Thoma Bravo