A shifting paradigm – Virsec’s deterministic approach to cybersecurity
Virsec has come a long way in the past few years. As recently as 2017, its technology only focused on memory protection. 5 years, $137 million in funding and the addition of host and feedback protection later, the company is looking to revolutionise cybe
04-07-2022 15:23

Google closes data loophole amid privacy fears over abortion ruling
Developers’ ability to see which other apps are installed on people’s phones restricted.
04-07-2022 14:15

TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff
Following concerns that U.S. users’ data had been accessed by TikTok engineers in China between September 2021 and January 2022, TikTok sought to assure U.S. lawmakers that it’s taking steps to “strengthen data security.” The admi
04-07-2022 10:34

Threat Actor Group Claims Responsibility for High Profile University Hacks
Reportedly, CloudSEK used its artificial intelligence (AI)-powered digital risk platform XVigil to identify a post on a cybercrime forum mentioning open source automation server platform Jenkins as one of the TTP (tactics, techniques, and procedures) use
04-07-2022 10:17

Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group
Microsoft’s Security Intelligence team have issued a new warning against a known cloud threat actor group. Active since early 2017 and tracked as 8220, the group have now updated its malware toolset to breach Linux servers to install crypto miners
04-07-2022 10:03

ICYMI: A Microsoft Warning, Follina, Atlassian, and More
Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.
01-07-2022 20:58

Billing fraud apps can disable Android Wi-Fi and intercept text messages
Android scamware uses many tricks to sign you up for pricey services.
01-07-2022 20:47

OpenSea NFT Marketplace Faces Insider Hack
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.
01-07-2022 19:09

Time Constraints Hamper Security Awareness Programs
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
01-07-2022 19:08

Criminals Use Deepfake Videos to Interview for Remote Work
The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
01-07-2022 17:01

DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware
The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.
01-07-2022 15:14

A Vulnerability Management Program is Nothing Without Identity Risk Protection
“Identity is the number one security concern.” Tim Nursall, Field Engineer at Illusive spoke at Infosecurity Europe last week on identity risk and the Analysing Identity Risks Report.   —  So, what is identity risk? With the migration of networks t
01-07-2022 14:30

A Research of Threat Actor Activity & Myths Busted by Cato Networks
“An attacker only has to be right once, but the defender must be right all the time.” Etay Maor, Sr. Director of Security Strategy of Cato Networks, disagrees. According to him, this is one cybersecurity myth he wishes to dispel.   —  Cato Networks
01-07-2022 14:25

SPACE Dynamic Orchestration in the SASE Cloud with Cato Networks
Vice President of Product Marketing at Cato Networks, Eyal Webber-Zvik, representing the world’s first SASE platform, spoke last week at Infosecurity Europe. Topic of discussion? Cloud-native single pass processing in action.  —  Following Gartner’
01-07-2022 14:21

When It Comes to SBOMs, Do You Know the Ingredients in Your Ingredients?
Transitive dependencies can complicate the process of developing software bills of materials.
01-07-2022 14:00

RSA 2022: Omdia Research Take Aways
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
01-07-2022 14:00

Microsoft Going Big on Identity with the Launch of Entra
With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.
01-07-2022 13:52

Over a Decade in Software Security: What Have We learned?
With over a decade experience in software security, what can Synopsys teach us? Managing Consultant Adam Brown presented this very subject at Infosecurity Europe 2022, with the help of Synopsys’s BSIMM metrics. The Building Security in Maturity Model (BS
01-07-2022 12:27

A Talk About Unified Identity Security & Deploying Resilience
Unified identity security company, One Identity, focuses on helping organisations close the cybersecurity exposure gap that exists with newfound identity vulnerabilities and stopping opportunistic bad actors before they can seek to utilise it.   The iden
01-07-2022 11:07

Macmillan Publishers Shut Down Systems After Security Incident
Publishing firm Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack. The attack reportedly occurred on Saturday 25th June, with the company shutting down all their I
01-07-2022 10:12

Man Arrested in LA For Alleged Involvement in Multi-Million Dollar Fraud Scheme
Yesterday, a man was arrested in Los Angeles on suspicion of masterminding a multi-million dollar investment fraud scheme that tricked over 10,000 victims. Neil Chandran, 50, from Las Vegas, was charged with three counts of wire fraud and two counts of e
01-07-2022 09:47

Ex-Canadian Government Employee Pleads Guilty to Involvement With NetWalker Ransomware Group
Early this week, an ex-Canadian government employee pleaded guilty in a Florida court to charges of involvement with the NetWalker ransomware group. Sebastien Vachon-Desjardins, 34, was accused of conspiracy to commit computer fraud and wire fraud, as we
01-07-2022 09:21

Microsoft Exchange servers worldwide hit by stealthy new backdoor
SessionManager scours memory for passwords, does recon, and installs new tools.
30-06-2022 21:57

Google: Hack-for-Hire Groups Present a Potent Threat
Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
30-06-2022 20:21

18 Zero-Days Exploited So Far in 2022
It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
30-06-2022 19:39

API Security Losses Total Billions, But It's Complicated
A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?
30-06-2022 19:31

Exchange Servers Backdoored Globally by SessionManager
Malicious ISS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.
30-06-2022 18:29

Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
Titaniam’s ‘State of Data Exfiltration & Extortion Report’ also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands.
30-06-2022 16:57

NXM Announces Platform That Protects Space Infrastructure and IoT Devices From Cyberattacks
NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities.
30-06-2022 16:54

A Fintech Horror Story: How One Company Prioritizes Cybersecurity
A password link that didn't expire leads to the discovery of exposed personal information at a payments service.
30-06-2022 16:54

Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration
An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.
30-06-2022 15:17

Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe.
30-06-2022 14:00

China lured graduate jobseekers into digital espionage
Student translators were targeted by front company for Beijing-backed hacking group APT40.
30-06-2022 13:49

North Korea-Backed Hacking Collective Lazarus Group Suspected to be Behind Recent Harmony Bridge Attack
The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge. Last week Harmony confirmed that its Horizon Bridge, a platform that allows users to move crypt
30-06-2022 10:40

A conversation with Andrew Clarke, Global Head of Channel and Strategic Alliances at One Identity
The COVID-19 pandemic and ensuing work-from-home revolution has thrust identity management to the top of corporate agendas. As such, security professionals can no longer be satisfied with securing their perimeters, they now have to account for countless
30-06-2022 10:14

Walmart Denies Being Hit by Yanlouwang Ransomware Attack
The American retailer Walmart has denied being hit with a ransomware attack by the Yanlouwang gang after hackers claimed to encrypt thousands of computers. According to BleepingComputer, Walmart said that their “Information Security team is monitor
30-06-2022 10:11

YTStealer Malware Found to Steal Accounts From Creators
YTStealer, a new information-stealing malware, is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels. Focusing on one goal has given YTStealer’s authors the capacity to make its token-st
30-06-2022 09:54

Cybersecurity leaders are anticipating mass resignations within the year
A new survey from Bridewell, a cybersecurity services company, found that 95% of respondents are experiencing factors that would make them likely to leave in the next 12 months. Of the 521 critical national infrastructure decision makers who were surveye
30-06-2022 09:09

YouTube content creator credentials are under siege by YTStealer malware
Researchers unearth suspected credential-stealer service targeting YouTubers.
29-06-2022 22:25

Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
29-06-2022 20:08

ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.
29-06-2022 18:41

Broken Authentication Vuln Threatens Amazon Photos Android App
The now-patched bug allows an attacker to gain full access to a user's Amazon files.
29-06-2022 17:25

How to Master the Kill Chain Before Your Attackers Do
In the always-changing world of cyberattacks, preparedness is key.
29-06-2022 17:00

What's Your AppSec Personality?
It's time to decide which role to play to best serve your organization's security needs: an auditor, a lawyer, or a developer.
29-06-2022 16:00

Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing
External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data.
29-06-2022 15:03

Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric
Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts.
29-06-2022 14:00

European Cybersecurity Blogger Awards 2022 Winners Announced
Hosted by Eskenzi PR and sponsored by KnowBe4 and Qualys, the European Cybersecurity Blogger Awards has announced this year’s winners and runners-up. The awards returned as an in-person event on the first evening of Infosecurity Europe (21st of June 2022
29-06-2022 13:05

5 Surprising Cyberattacks AI Stopped This Year
See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures — but were busted by AI.
29-06-2022 12:30

Kaspersky Reveals Phishing Emails That Employees Find Most Confusing
Results from phishing simulation campaigns highlight the five most effective types of phishing email.
29-06-2022 12:13

The Top Mobile Security Threats of 2022
Whether you are ordering food online, booking a doctor’s appointment, or checking your balance, you are doing it through your phone. For many years we believed that we had a valid reason to trust our phone with sensitive information. Today, we have
29-06-2022 12:11

Evilnum Hackers Return With New Activity Targeting International Migration Campaigns
The Evilnum hacking group have been targeting European organisations that are involved in international migration, showing renewed signs of malicious activity within the group. Evilnum is an advanced persistent threat (APT) that has been active since at
29-06-2022 10:47

Appointment of four new executives ignites Illusive’s international expansion
Today, Illusive has announced the appointment of four new executive hires since the launch of Illusive SpotlightTM, which has driven great interest and adoption of the solution. Illusive has appointed Kristen Twining as VP of Sales – Americas, and
29-06-2022 10:07

Ransomware Suspected in Wiltshire Farm Foods Attack
Wiltshire Farm Foods, a leading producer of frozen ready meals in the UK, has revealed that its systems are currently down after experiencing a serious cyber-attack. The producer said on Sunday that it is “currently experiencing severe difficulties
29-06-2022 09:52

A wide range of routers are under attack by new, unusually sophisticated malware
Router-stalking ZuoRAT is likely the work of a sophisticated nation-state, researchers say.
29-06-2022 00:01

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.
28-06-2022 21:11

Google Analytics Continues to Lose SEO Visibility as Bans Continue
Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.
28-06-2022 20:02

'Raccoon Stealer' Scurries Back on the Scene After Hiatus
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
28-06-2022 19:34

China-Backed APT Pwns Building-Automation Systems with ProxyLogon
The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.
28-06-2022 18:33

RSA 2022: Omdia Research Take Aways
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
28-06-2022 18:00

Atlassian Confluence Exploits Peak at 100K Daily
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.
28-06-2022 17:58

Can Zero-Knowledge Cryptography Solve Our Password Problems?
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.
28-06-2022 17:51

A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
28-06-2022 17:00

Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
28-06-2022 15:58

5 Cyber Security Tips for Smart Buildings
In the recent past, there have been a lot of stories of companies succumbing to IT cybersecurity threats. Property owners are incorporating and relying on smart building technologies more and more, and it has become even more important to think about cyb
28-06-2022 15:57

How to Find New Attack Primitives in Microsoft Azure
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.
28-06-2022 14:00

Cybersecurity is complex – but it doesn’t need to be costly or complicated
The pandemic tested the business resilience of every organisation. Small and medium sized enterprises (SMEs) had to maximise their digital footprint to keep operational, service their customers and survive. Just as companies are starting to return to som
28-06-2022 13:18

New Vulnerability Database Catalogs Cloud Security Issues
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.
28-06-2022 13:00

Cyber Insurance: The Good, the Bad, and the Ugly
The past decade has seen cybersecurity barge its way into the mainstream. A meteoric rise in attack rates during COVID-19, major incidents such as the Colonial Pipeline attack, and an increasingly tense geopolitical landscape have all contributed to cybe
28-06-2022 10:53

Google Warns of New Spyware Targeting iOS and Android Users
More news concerning the notorious spyware group NSO Group Technologies was released last week in discussions with European legislators. At least five EU countries have been using its powerful Pegasus surveillance malware raising questions about how comm
28-06-2022 10:32

$100m Stolen from California Based Cryptocurrency Firm by Unidentified Hackers
An unidentified hacker group has stolen more than $100million from Californian cryptocurrency firm Harmony. Last Thursday, the company made the announcement via Twitter. They said that they had identified a theft occurring on the Horizon bridge amounting
28-06-2022 09:29

Cybersecurity Experts Warn of Emerging Threat of “Black Basta” Ransomware
The ransomware-as-a-service (RaaS) Black Basta has struck 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the cybersecurity landscape. The speed at which it has accumulated victims in such a shor
28-06-2022 09:13

Global Police Operation Cracks Down on Widespread Criminal Activity
Police from South America and Europe have teamed up to take action against an organised crime group involved in human trafficking for sexual exploitation. Between the 20th and 23rd June, the police swooped on 14 locations, arrested 10 and interviewed eig
28-06-2022 09:13

NIST Finalizes macOS Security Guidance
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.
28-06-2022 00:20

Pro-Russia threat group Killnet is pummeling Lithuania with DDoS attacks
DDoSes aim to punish Baltic country's blockade of shipments to Kaliningrad.
27-06-2022 21:52

Federal, State Agencies' Aid Programs Face Synthetic Identity Fraud
Balancing public service with fraud prevention requires rule revisions and public trust.
27-06-2022 21:16

LockBit 3.0 Debuts With Ransomware Bug Bounty Program
LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.
27-06-2022 20:55

Shadow IT Spurs 1 in 3 Cyberattacks
Cerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview.
27-06-2022 18:55

Thrive Acquires DSM
DSM is now the third acquisition by Thrive in Florida in the past six months.
27-06-2022 14:31

It's a Race to Secure the Software Supply Chain — Have You Already Stumbled?
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.
27-06-2022 14:00

Basic home office hacks: 8 things you need to elevate your workspace
We've got some 101-level tips on essential gear for your home office.
27-06-2022 13:00

Threat Intelligence Services Are Universally Valued by IT Staff
Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
24-06-2022 23:25

Why We're Getting Vulnerability Management Wrong
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
24-06-2022 21:32

APT Groups Swarming on VMware Servers with Log4Shell
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
24-06-2022 18:55

Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
24-06-2022 16:23

7 Steps to Stronger SaaS Security
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
24-06-2022 14:00

A conversation with Jim Dolce, CEO of Lookout
Jim is a veteran of cybersecurity. He has founded four successful companies, held senior positions at both Juniper and Akamai technologies, and now serves as CEO of Lookout.  Lookout was founded in 2007 as an endpoint security service, but the acquisitio
24-06-2022 12:39

The Cybersecurity Talent Shortage Is a Myth
We have a tech innovation problem, not a staff retention (or recruitment) problem.
24-06-2022 12:25

Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
24-06-2022 12:00

Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.
23-06-2022 19:58

Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.
23-06-2022 18:45

ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
23-06-2022 17:55

Pair of Brand-New Cybersecurity Bills Become Law
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
23-06-2022 17:33

The Rise, Fall, and Rebirth of the Presumption of Compromise
The concept might make us sharp and realistic, but it's not enough on its own.
23-06-2022 17:00

Reinventing How Farming Equipment Is Remotely Controlled and Tracked
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
23-06-2022 16:32

Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
23-06-2022 16:14

Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
23-06-2022 15:09

How APTs Are Achieving Persistence Through IoT, OT, and Network Devices
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.
23-06-2022 14:00

80% of Legacy MSSP Users Planning MDR Upgrade
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.
23-06-2022 13:00

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.
23-06-2022 12:00

Biden signs cyber bills into law
On Tuesday President Biden signed two pieces of legislation into law which were aimed at enhancing the cybersecurity capabilities of federal, state and local governments. The signing was preceded by an earlier law which increased the ability of the feder
23-06-2022 11:44

source : arstechnica, darkreading, itsecurityguru