Dark Reading:

Easing the Cyber-Skills Crisis With Staff Augmentation

Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.

Dark Reading:

China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload

The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access.

Dark Reading:

Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip

Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.

Dark Reading:

5 Russia-Linked Groups Target Ukraine in Cyberwar

Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks.

Dark Reading:

Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out

How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk.

Dark Reading:

Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors

The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history.

Dark Reading:

How to Upskill Tech Staff to Meet Cybersecurity Needs

Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff.

Dark Reading:

OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain

Hosts next OpenSSF Day in Dublin.

Dark Reading:

Google Cloud Adds Curated Detection to Chronicle

The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.

Dark Reading:

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

Dark Reading:

'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections

The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.

Dark Reading:

When Countries Are Attacked: Making the Case for More Private-Public Cooperation

The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.

Dark Reading:

'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries

A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.

Dark Reading:

China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure

The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.

Dark Reading:

Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint

All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.

Dark Reading:

ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market

Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.

Dark Reading:

AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale

Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.

Dark Reading:

7 Smart Ways to Secure Your E-Commerce Site

Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.

Dark Reading:

Microsoft Rolls Out Tamper Protection for Macs

The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.

Dark Reading:

Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign

"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.

Dark Reading:

DEF CON: A Woman's First Experience

Omdia Senior Analyst Hollie Hennessy goes over her first experience of DEF CON as a woman in cybersecurity.

Dark Reading:

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.

Dark Reading:

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.

Dark Reading:

Name That Toon: Vicious Circle

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Dark Reading:

With Plunge in Value, Cryptocurrency Crimes Decline in 2022

Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.

Dark Reading:

Windows Vulnerability Could Crack DC Server Credentials Open

The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Dark Reading:

Lessons From the Cybersecurity Trenches

Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.

Dark Reading:

SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit

Heads of CIA and CISA headline event at DC Convention Center.

Dark Reading:

DEF CON 30: Hackers Come Home to Vibrant Community

After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.

Dark Reading:

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

Dark Reading:

Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management

ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised.

Dark Reading:

How and Why to Apply OSINT to Protect the Enterprise

Here's how to flip the tide and tap open source intelligence to protect your users.

Dark Reading:

Cybercriminals Weaponizing Ransomware Data for BEC Attacks

Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.

Dark Reading:

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

Dustin Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.

Dark Reading:

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

Dark Reading:

Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan

Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability.

Dark Reading:

How to Clear Security Obstacles and Achieve Cloud Nirvana

Back-end complexity of cloud computing means there's plenty of potential for security problems. Here's how to get a better handle on SaaS application security.

Dark Reading:

Microsoft: We Don't Want to Zero-Day Our Customers

The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse — it is, she says, to protect customers.

Dark Reading:

Krebs: Taiwan, Geopolitical Headwinds Loom Large

During a keynote at Black Hat 2022, former CISA director Chris Krebs outlined the biggest risk areas for the public and private sectors for the next few years.

Dark Reading:

After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks

In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.

Dark Reading:

Supply Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight

Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.

Dark Reading:

Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage

Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.

Dark Reading:

4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls

More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.

Dark Reading:

New Cross-Industry Group Launches Open Cybersecurity Framework

Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.

Dark Reading:

Cisco Confirms Data Breach, Hacked Files Leaked

Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

Dark Reading:

The Time Is Now for IoT Security Standards

Industry standards would provide predictable and understandable IoT security frameworks.

Dark Reading:

New Open Source Tools Launched for Adversary Simulation

The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.

Dark Reading:

New HTTP Request Smuggling Attacks Target Web Browsers

Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Dark Reading:

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.

Dark Reading:

Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.

Dark Reading:

Rethinking Software in the Organizational Hierarchy

Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?

Dark Reading:

Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

Platform engineered to let organizations mitigate risk and manage complexities.

Dark Reading:

OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022

Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.

Dark Reading:

Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference

.

Dark Reading:

Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape

New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.

Dark Reading:

Zero Trust & XDR: The New Architecture of Defense

Zero trust and XDR are complementary and both are necessary in today's modern IT environment. In this article, we discuss the intersection of zero trust and XDR.

Dark Reading:

Compliance Certifications: Worth the Effort?

Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.

Dark Reading:

Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

First-of-its-kind solution discovers and protects both data at rest and in motion.

Dark Reading:

Looking Back at 25 Years of Black Hat

The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.

Dark Reading:

Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem

A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.