How Can Disrupting DNS Communications Thwart a Malware Attack?

Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

Poser Hackers Impersonate LockBit in SMB Cyberattacks

Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

Will Cybersecurity Remain Recession-Proof in 2023?

Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

To meet a pressing demand for industrial and OT security, zero-trust, device-level cybersecurity provider expands with strategic hires in new and established markets.

New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.

Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

Mentoring, scholarships, and professional development opportunities will be offered to those underrepresented in the industry through the collaboration.

Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

Standard Investments leads round with participation from Munich Re Ventures, Moore Strategic Ventures, Bessemer Venture Partners, and Zeev Ventures.

Are Your Employees Thinking Critically About Their Online Behaviors?

Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response

Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy

The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.

10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance

New research from Drata shows compliance remains a business challenge for many organizations.

The Threat from Within: 71% of Business Leaders Surveyed Think Next Cybersecurity Breach Will Come from the Inside

Make Developers the Driver of Software Security Excellence

Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.

How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals

Facebook Bug Allows 2FA Bypass Via Instagram

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!

Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.

Convincing, Malicious Google Ads Look to Lift Password Manager Logins

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.

Long Con Impersonates Financial Advisers to Target Victims

Cybercriminals are co-opting the identities of legitimate US financial advisers to use them as fodder for relationship scams (aka "pig butchering"), which end with the theft of investments.

The Journal, Artificial Intelligence in the Life Sciences, Highlights the Contributions of Women in Artificial Intelligence in the Life Sciences

The launch of a new article collection and webinar by the journal AILSCI recognises prominent female scientists in the field of AI.

Spotlight on 2023 DevSecOps Trends

Solutions that provide more actionable results — remediation that frees up engineers, processes which integrate security into software development from its design, along with automation, IAC, and tool consolidation — are among the DevSecOps strategies that will prevail this year.

Enterprises Don't Know What to Buy for Responsible AI

Organizations are struggling to procure appropriate technical tools to address responsible AI, such as consistent bias detection in AI applications.

Enterprises Need to Do More to Assure Consumers About Privacy

Organizations care about data privacy, but their priorities appear to be different from what their customers think are important.

Why Most Companies Still Don’t Know What’s on Their Network

Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.

On Data Privacy Day, Organizations Fail Data Privacy Expectations

Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.

Critical RCE Lexmark Printer Bug Has Public Exploit

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign

Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind the group.

How Noob Website Hackers Can Become Persistent Threats

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in the future, researchers say.

3 Ways ChatGPT Will Change Infosec in 2023

OpenAI's chatbot has the promise to revolutionize how security practitioners work.

Riot Games Latest Video-Game Maker to Suffer Breach

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

A Child's Garden of Cybersecurity

Whether you dream of your child becoming a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery.

Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems

Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA.

SaaS Rootkit Exploits Hidden Rules in Microsoft 365

A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit.

Dutchman Detained for Dealing Details of Tens of Millions of People

The accused sold an enormous data set stolen from the Austrian radio and television licensing authority — to an undercover cop.

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ

The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations.

German Government, Airports, Banks Hit With Killnet DDoS Attacks

After Berlin pledged tanks for Ukraine, some German websites were knocked offline temporarily by Killnet DDoS attacks.

7 Insights From a Ransomware Negotiator

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

Companies Struggle With Zero Trust as Attackers Adapt to Get Around It

Only one in 10 enterprises will create a robust zero-trust foundation in the next three years, while more than half of attacks won't even be prevented by it, according to Gartner.

New Study Examines Application Connectivity Security in the Cloud

Center for Cyber Safety and Education Opens 2023 Cybersecurity Scholarship Applications

Program provides financial assistance to aspiring information security professionals, enabling students toward long-term career success.

Cybellum Releases Enhanced SBOM Management and Compliance Oversight for Manufacturers with New Release of its Product Security Platform

Advanced workflow, approval process, and management dashboard enhance control, distribution, and supervision, while reducing errors and streamlining the entire SBOM management process.

NIST Risk Management Framework Aims to Improve Trustworthiness of Artificial Intelligence

New guidance seeks to cultivate trust in AI technologies and promote AI innovation while mitigating risk

Organizations Must Brace for Privacy Impacts This Year

Expect more regulatory and enforcement action in the US and around the world.

Snyk Gets Nod of Approval With ServiceNow Strategic Investment

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.

KORE Delivers IoT SAFE Solution for Massive IoT Use Cases with AWS

Delivering secure, global IoT device connectivity, deployment, and management at scale.

Data Privacy Day: Privado Flags Data Privacy Challenges In 2023 As It Hails Industry Stars

Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts

Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.

Zacks Investment Research Hack Exposes Data for 820K Customers

Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.

Google Pushes Privacy to the Limit in Updated Terms of Service

In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?

Healthcare Remains Top Target in 2022 ITRC Breach Report

Despite Slowing Economy, Demand for Cybersecurity Workers Remains Strong

New Cyberseek™ data shows US is short nearly 530,000 skilled cybersecurity staff.

Davos Debrief: Critical Shortage of Cybersecurity Talent Requires Action on Several Fronts, CompTIA Executive Says

Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

GoTo Encrypted Backups Stolen in LastPass Breach

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset.

North Korea's Top APT Swindled $1B From Crypto Investors in 2022

The DPRK has turned crypto scams into big business to replenish its depleted state coffers.