Dark Reading:

VMware, Airline Targeted as Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Dark Reading:

Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Dark Reading:

Act Now: Leveraging PCI Compliance to Improve Security

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Dark Reading:

Quanta Servers Caught With 'Pantsdown' BMC Vulnerability

Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

Dark Reading:

Most Common Threats in DBIR

Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.

Dark Reading:

Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats

New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.

Dark Reading:

Is Your Data Security Living on the Edge?

Gartner's security service edge fundamentally changes how companies should be delivering data protection in a cloud and mobile first world.

Dark Reading:

Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig

A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.

Dark Reading:

JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

Open source software community initiative utilizes blockchain technology.

Dark Reading:

Mastercard Launches Cybersecurity “Experience Centre”

Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.

Dark Reading:

Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

Company will detail enhancements to Vulnerability Management, Detection and Response solution next month.

Dark Reading:

Corelight Announces New SaaS Platform for Threat Hunting

Corelight Investigator aids threat hunting and investigation through intelligent alert aggregation, built-in queries and scalable search

Dark Reading:

Cybersecurity-Focused SYN Ventures Closes $300 Million Fund II

Cylance co-founder Ryan Permeh has joined full time as an operating partner.

Dark Reading:

Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report

According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

Dark Reading:

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

Dark Reading:

Meet the 10 Finalists in the RSA Conference Innovation Sandbox

This year's finalists tackle such vital security concerns as permissions management, software supply chain vulnerability, and data governance. Winners will be announced June 6.

Dark Reading:

Brexit Leak Site Linked to Russian Hackers

Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.

Dark Reading:

Spring Cleaning Checklist for Keeping Your Devices Safe at Work

Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.

Dark Reading:

CLOP Ransomware Activity Spiked in April

In just one month, the ransomware group's activity rose by 2,100%, a new report finds.

Dark Reading:

Industry 4.0 Points Up Need for Improved Security for Manufacturers

With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.

Dark Reading:

DDoS Extortion Attack Flagged as Possible REvil Resurgence

A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.

Dark Reading:

DBIR Makes a Case for Passwordless

Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.

Dark Reading:

'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

Dark Reading:

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

Dark Reading:

New Attack Shows Weaponized PDF Files Remain a Threat

Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.

Dark Reading:

DeFi Is Getting Pummeled by Cybercriminals

Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

Dark Reading:

New Connecticut Privacy Law Makes Path to Compliance More Complex

As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.

Dark Reading:

XM Cyber Adds New Security Capability for Microsoft Active Directory

Company to debut its AD capabilities at the 2022 RSA Conference.

Dark Reading:

Strong Password Policy Isn't Enough, Study Shows

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Dark Reading:

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

New features include context-aware, zero-trust data protection on local peripherals and devices.

Dark Reading:

Nisos Announces $15 Million in Series B Funding Round

New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.

Dark Reading:

Crypto Hacks Aren't a Niche Concern; They Impact Wider Society

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

Dark Reading:

Multiple Governments Buying Android Zero-Days for Spying: Google

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

Dark Reading:

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

Dark Reading:

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Dark Reading:

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Analysts have seen a massive spike in malicious activity by the XorDdos Trojan in the last six months, against Linux cloud and IoT infrastructures .

Dark Reading:

Why the Employee Experience Is Cyber Resilience

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

Dark Reading:

Valeo Networks Acquires Next I.T.

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

Dark Reading:

Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection

IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.

Dark Reading:

After the Okta Breach, Diversify Your Sources of Truth

What subsequent protections do you have in place when your first line of defense goes down?

Dark Reading:

Chatbot Army Deployed in Latest DHL Shipping Phish

In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.

Dark Reading:

Partial Patching Still Provides Strong Protection Against APTs

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Dark Reading:

Quantum Key Distribution for a Post-Quantum World

New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.

Dark Reading:

Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

Dark Reading:

Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

Dark Reading:

New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

Dark Reading:

More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam

New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.

Dark Reading:

Deadbolt Ransomware Targeting QNAP NAS Devices

QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.

Dark Reading:

Pro-Russian Information Operations Escalate in Ukraine War

In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.

Dark Reading:

DoJ Won't Charge 'Good Faith' Security Researchers

Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.

Dark Reading:

Majority of Kubernetes API Servers Exposed to the Public Internet

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

Dark Reading:

Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution

CrowdStrike and CyberArk invest in Dig's seed round, which was led by Team8, alongside Merlin Ventures and chairs of MongoDB and Exabeam.

Dark Reading:

6 Scary Tactics Used in Mobile App Attacks

Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.

Dark Reading:

Phishing Attacks for Initial Access Surged 54% in Q1

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

Dark Reading:

MITRE Creates Framework for Supply Chain Security

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Dark Reading:

CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline

Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.

Dark Reading:

How Pwn2Own Made Bug Hunting a Real Sport

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.

Dark Reading:

Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments

Polygraph Data Platform adds Kubernetes audit log monitoring, integration with Kubernetes admission controller, and Infrastructure as Code (IaC) security to help seamlessly integrate security into developer workflows.

Dark Reading:

CISA: Unpatched F5 BIG-IP Devices Under Active Attack

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

Dark Reading:

The Industry Must Better Secure Open Source Code From Threat Actors

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.