Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months

State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.

Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community

Lessons All Industries Can Learn From Automotive Security

Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.

Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways

It's not just Internet-accessible hosts that are vulnerable, researchers say.

Dark Web Revenue Down Dramatically After Hydra's Demise

Competitor markets working to replace Hydra's money-laundering services for cybercriminals.

9 Scammers Busted for 5M Euro Phishing Fraud Ring

The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.

Accenture Acquires Morphus, Brazil-Based Cybersecurity Company

Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.

Healthcare in the Crosshairs of North Korean Cyber Operations

CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.

Russian Hackers Disrupt NATO Earthquake Relief Operations

Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.

What Happened to #OpRussia?

The cyberwar to attack Russia has never really stopped, despite a decreasing interest from the West.

Reddit Hack Shows Limits of MFA, Strengths of Security Training

A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.

Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits

The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.

Integreon Launches Cyber Incident Response Offering with Development of AI-Based Review and Integration of RadarFirst

MagicWeb Mystery Highlights Nobelium Attacker's Sophistication

The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.

Malicious Game Mods Target Dota 2 Game Users

Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.

Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks

Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.

Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together

Bridging the divide between developers and security can create a culture change organically.

Google Cloud Connects Chronicle to Health ISAC Feed

Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.

Reddit Breached With Stolen Employee Credentials

Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.

NewsPenguin Goes Phishing for Maritime & Military Secrets

A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.

Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

4 Ways to Handle AI Decision-Making in Cybersecurity

As evolving cyber threats force security teams to adopt AI to automate workflows, we ask how the relationship between humans and AI will pan out.

7 Critical Cloud Threats Facing the Enterprise in 2023

From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.

SynSaber Releases ICS CVE Retrospective: 3 Years of CISA Advisories

Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools

Schools paying higher ransoms and seeing longer closures, according to survey of parents.

Cryptographers Decode Secret Letters of Mary, Queen of Scots

Nearly a half-millennium after her execution, encrypted letters from the imprisoned royal offer a fascinating look into early cryptography.

Phishing Surges Ahead, as ChatGPT & AI Loom

AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names.

NIST Picks IoT Standard for Small Electronics Cybersecurity

NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.

In Perfect Harmony: Cybersecurity Regulation Harmonization

By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk — and better counter threats.

Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis?

Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?

Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity

High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.

How Do Playbooks Help CISOs Improve SecOps?

Extended detection and response (XDR) solutions have evolved to offer automated tools, such as playbooks, that enhance context and response.

(ISC)² Makes Certified in Cybersecurity Exam Available in More Languages to Address Global Workforce Shortage

CISA Releases Recovery Script for Victims of ESXiArgs Ransomware

The malware has affected thousands of VMware ESXi hypervisors in the last few days.

Jailbreak Trick Breaks ChatGPT Content Safeguards

Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls.

Building Up IAM in a Multicloud World

In the cloud-first world, the security goal is to ensure only qualified users can access information across clouds.

Exclu Shutdown Underscores Outsized Role Messaging Apps Play in Cybercrime

Apps like Telegram, WhatsApp, and Discord are a hotbed of cybercriminal communication and scams.

ActZero Unveils Next-Generation MDR Platform

Latest release gives small and mid-sized enterprises AI-driven analysis tools and unified visibility across IT environments for stronger ransomware protection.

Leading Energy Companies Tap Fortress to Build and Operate Industry Repository to Identify and Remediate Critical Software Vulnerabilities

Skybox Security Appoints Cybersecurity Veteran Mordecai Rosen as CEO

Skybox closes $50 million in financing to drive growth of its SaaS-based security platform.

SecuriThings Brings Managed Service Capabilities to Physical Security, With New Managed Service Platform

Platform opens new opportunities for managed service providers to manage, visualize, and secure customer devices from a single pane of glass, including automated maintenance and other operations.

GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks

Enhanced industrial control systems cybersecurity for energy and communications sector among top recommendations in new GAO cybersecurity assessment.

Corelight Expands Partnership With CrowdStrike to Provide Network Detection and Response Technology for CrowdStrike Services

Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting and Financial Data in Year Ahead

Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet

Omdia has learned that Gigamon sold its ThreatInsight NDR business to Fortinet for approximately $31 million. The deal highlights what may be a pivot point for the NDR market.

It Isn't Time to Worry About Quantum Computing Just Yet

Don't let something that's a decade away distract you from today's cyber threats.

Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver's Seat

The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.

Why ChatGPT Isn't a Death Sentence for Cyber Defenders

Generative AI combined with user awareness training creates a security alliance that can let organizations work protected from ChatGPT.

How to Optimize Your Cyber Insurance Coverage

From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.

Why Some Cloud Services Vulnerabilities Are So Hard to Fix

Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.

Cloud Apps Still Demand Way More Privileges Than They Use

Hackers can't steal a credential that doesn't exist.

'Money Lover' Finance App Exposes User Data

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

Fresh, Buggy Clop Ransomware Variant Targets Linux Systems

For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.

DPRK Using Unpatched Zimbra Devices to Spy on Researchers

Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.

New Banking Trojan Targeting 100M Pix Payment Platform Accounts

New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.

Industrial Cybersecurity Innovator Opscura Receives $9.4M in Series A Funding as Critical Operations Transform

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

With TikTok Bans, the Time for Operational Governance Is Now

Emerging risks and trends need to be monitored, but cybersecurity challenges can be fixed with a focus on the fundamentals.