Products & Services
Products & Services
Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.
Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.
Rethinking Software in the Organizational Hierarchy
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?
Google Fiber was stalled for years but now says it’ll expand to 5 new states
ISP's history suggests you can expect only limited availability in each area.
Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security
Platform engineered to let organizations mitigate risk and manage complexities.
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.
Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference
Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.
Zero Trust & XDR: The New Architecture of Defense
Zero trust and XDR are complementary and both are necessary in today's modern IT environment. In this article, we discuss the intersection of zero trust and XDR.
Compliance Certifications: Worth the Effort?
Because demonstrating compliance with industry regulations can be cumbersome and expensive, it's important to ensure they're also absolutely essential.
Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round
First-of-its-kind solution discovers and protects both data at rest and in motion.
Man who built ISP instead of paying Comcast $50K expands to hundreds of homes
Jared Mauch gets $2.6 million from gov't to expand fiber ISP in rural Michigan.
Dark Reading News Desk: Live at Black Hat USA 2022
LIVE: Dark Reading News Desk at Black Hat USA 2022
Looking Back at 25 Years of Black Hat
The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.
MIRACL is One Cybersecurity Company to Watch in 2022
Passwords are traditional. As long as only you and the people you trust know them then, you can operate anonymously and with security on the Internet and various applications. Passwords are safe. Well not really. Not anymore. Passwords are reuse
Unitree Robot Gun Carrying Dog Disabled by Remote Hacking Tool
Hackers have found that a robot dog carrying a submachine gun has a kill switch that can be accessed using a tiny handheld hacking tool. The discovery was posted on Twitter by hackers going by the handles KF@d0tslash and MavProxyUser on GitHub and Twitte
Meta Take Action Against Two Cyber Espionage Operations in South Africa
Action has been taken against two cyber espionage operations in South Africa, according to Meta. Action has been taken against Bitter APT and APT36. The announcement was made by the company last Thursday in its Quarterly Adversarial Threat Report, Second
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Software Development Pipelines Offer Cybercriminals 'Free-Range' Access to Cloud, On-Prem
A Q&A with NCC Group's Viktor Gazdag ahead of a Black Hat USA session on CI/CD pipeline risks reveals a scary, and expanding, campaign vector for software supply chain attacks and RCE.
Microsoft Patches Zero-Day Actively Exploited in the Wild
The computing giant issued a massive Patch Tuesday update, including a pair of remote execution flaws in the Microsoft Support Diagnostic Tool (MSDT) after attackers used one of the vulnerabilities in a zero-day exploit.
Halo Security Emerges From Stealth With Full Attack Surface Management Platform
The latest startup to enter the space also has a free scanning service to audit the contents of any website.
10 malicious Python packages exposed in latest repository attack
Supply-chain attacks are moving GitHub toward digitally signed packages.
Setting our heart-attack-predicting AI loose with “no-code” tools
In the second part of this three-part series, our heart attack predictions take flight.
Cybrary Unveils Next-Generation Interactive, Hands-On Training Experience to Upskill Cybersecurity Professionals
New SOC Analyst Assessment delivers threat-informed training in a live lab environment to help cybersecurity professionals defend their organizations against the latest adversarial tactics and techniques.
Researchers Debut Fresh RCE Vector for Common Google API Tool
The finding exposes the danger of older, unpatched bugs, which plague at least 4.5 million devices.
Abusing Kerberos for Local Privilege Escalation
Upcoming Black Hat USA presentation will examine the implications of Kerberos weaknesses for security on the local machine.
SGX, Intel’s supposedly impregnable data fortress, has been breached yet again
ÆPIC Leak spills users' most sensitive secrets in seconds from SGX enclaves.
Domino's Takes a Methodical Approach to IoT
The success of Domino's Flex IoT project can be attributed in large part to the security best practices it followed.
Russia-Ukraine Conflict Holds Cyberwar Lessons
Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss.
US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study
Study offers a cyber "state of the industry" analysis from a hacker's perspective to help companies anticipate attacks.
Netscout Arbor Insight Leverages Patented ASI Technology to Enhance Security and Operational Awareness for Network Operators of Any Scale
Extends all aspects of the Arbor Sightline solution with unique, real-time multidimensional DDoS and traffic analytics capabilities.
Lacework Updates Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale
New time series model and enhanced alerting experience make it easy for organizations to address more threats in the cloud while enabling faster investigations.
Don't Take the Cyber Safety Review Board's Log4j Report at Face Value
Given the lack of reporting requirements, the findings are more like assumptions. Here's what organizations can do to minimize exposure.
Human Threat Hunters Are Essential to Thwarting Zero-Day Attacks
Machine-learning algorithms alone may miss signs of a successful attack on your organization.
Crypto and the US government are headed for a decisive showdown
Lawsuits may decide whether most digital assets are illegal securities offerings.
Small businesses count cost of Apple’s privacy changes
Online brands reliant on personalized ads ramp back marketing spending.
7-Eleven Stores in Denmark Close After Cyberattack
7-Eleven stores in Denmark closed their doors yesterday after a cyberattack disrupted store payment and checkout systems throughout the country. The attack occurred early on the 8th August, with the company posting on Facebook that they were likely ̶
Twilio Suffers Phishing Based Data Breach
Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The company, based in San Francisco, allows users to build voice and SMS capabi
How to stay safe from cybercriminals and avoid data breaches
A data breach is any person’s nightmare. It can affect you mentally and financially, and an 100% unhackable device or account necessitates taking precautionary measures. Hackers target small and medium businesses as they don’t have the resources to pay
Regardless Of Your Organisation’s Size, Do Your Best to Prevent Data Breaches
See information on how data breaches affect many people in the UK https://www.how-to-sue.co.uk/how-to-sue-for-gdpr-data-breach The progression into the digital age is inevitable. It’s necessary to embed innovative technologies into all aspects of busine
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks.
Crypto-driven GPU crash makes Nvidia miss Q2 projections by $1.4 billion
Cheaper GPUs are good for gamers but bad for Nvidia's bottom line.
Excel esports on ESPN show world the pain of format errors
Where one sheet link can be the difference between success or elimination.
Attack on Supplier Leaves NHS Recovering Services
A cyberattack, first identified last Thursday, has caused a “major” computer system outage affecting companies within the NHS, including the 111 call line. Reportedly, a number of health and care systems delivered by business software and ser
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War
A rising tide of threats — from API exploits to deepfakes to extortionary ransomware attacks — is threatening to overwhelm IT security teams.
HYAS Infosec Announces General Availability of Cybersecurity Solution for Production Environments
HYAS Confront provides total visibility into your production environment, giving you insight into potential issues like cyber threats before they become problems.
We Have the Tech to Scale Up Open Source Vulnerability Fixes — Now It's Time to Leverage It
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation.
What Adjustable Dumbbells Can Teach Us About Risk Management
A new workout leads to five smart lessons about the importance of converging security and fraud into a unified risk function.
Pipeline Operators Are Headed in the Right Direction, With or Without TSA's Updated Security Directives
A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better.
How You Can Hack Your Senses to Work Better
Cybersecurity has never been a low-stress field. The industry attracts dedicated, highly-skilled perfectionists who are all too willing to shoulder the burden of a company’s cybersecurity without complaint. Yet, increased threats of ransomware and cybera
Multiple Health and Care Systems Provided by Advanced Hit by Outages
Reportedly, a number of health and care systems delivered by business software and services provider Advanced are currently experiencing major outages. Advanced has 26 NHS clients, according to Digital Health Intelligence. The company supply services to
Slack Resets Passwords After Hashes Exposed When Invitations Shared
Slack has notified roughly 0.5% of its users that it reset their passwords after fixing a bug that exposed salted password hashes when creating or revoking shared invitation links for workspaces. Reported by BleepingComputer, Slack said “when a use
North Korea Allegedly Stole Millions of Dollars Worth of Crypto Assets
According to a confidential United Nations (UN) report seen by Reuters on Thursday, North Korea stole hundreds of millions of dollars worth of crypto assets in at least one major hack. Also, the document allegedly suggests that the US previously accused
Cyberattack on Albanian government suggests new Iranian aggression
Tehran-linked hack of a NATO member is a significant escalation.
What Worries Security Teams About the Cloud?
What issues are cybersecurity professionals concerned about in 2022? You tell us!
Genesis IAB Market Brings Polish to the Dark Web
As the market for initial access brokers matures, services like Genesis — which offers elite access to compromised systems and slick, professional services — are raising the bar in the underground economy.
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.
A Digital Home Has Many Open Doors
Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.
How to Resolve Permission Issues in CI/CD Pipelines
This Tech Tip outlines how DevOps teams can address security integration issues in their CI/CD pipelines.
Dark Reading News Desk: Live at Black Hat USA 2022
Coming soon: Dark Reading News Desk at Black Hat USA 2022
Gaming Cyberattacks Increase by 167% in Last Year
Research by cybersecurity firm Akamai shows that Cyberattacks in the gaming sector have increased by 167% in the last year. The report, titled Gaming Respawned, found that the US is the main target for attackers, followed by Switzerland, India, Japan, an
Ukrainian Law Enforcement Shut Down Large Russian Bot Farm
Law enforcement in Ukraine claim to have dismantled a large bot farm used by the Russian special services to spread disinformation and propaganda within the country. The Secret Service of Ukraine (SSU) said that an audience of over 400,000 Ukrainians wer
“Huge flaw” threatens US emergency alert system, DHS researcher warns
Hackers can disrupt legit warnings or issue fake ones of their own.
Cyberattackers Increasingly Target Cloud IAM as a Weak Link
At Black Hat USA, Igal Gofman plans to address how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM, amid escalating attention from attackers.
Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST
A month after the algorithms were revealed, some companies have already begun incorporating the future standards into their products and services.
Time to Patch VMware Products Against a Critical New Vulnerability
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines.
Bug in Kaspersky VPN Client Allows Privilege Escalation
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.
How Email Security Is Evolving
Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.
CREST membership body announces OWASP Verification Standard programme
CREST, the international not-for-profit, membership body representing the global cyber security industry, in consultation with the Open Web Application Security Project (OWASP), has launched the OWASP Verification Standard (OVS), a new quality assurance
Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible
Users can identify risks across five domains, work on multiple projects, and take advantage of exclusive community benefits.
The Myth of Protection Online — and What Comes Next
It's a myth that consuming and processing alerts qualifies as security. Today's technology allows better detection and prevention, rather than accepting the low bar for protection set by ingrained incident response reactions.
Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale
Agentless approach meets the attacker earlier to protect financial services and other large enterprises from an underserved attack vector.
35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?
In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys.
Ping Identity to Go Private After $2.8B Acquisition
The identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted.
T-Mobile Retailer Found Guilty of $25m Fraud Scheme
The former owner of a T-Mobile store has been found guilty of a multimillion-dollar scheme to illegally unlock and unblock mobile devices. Argishti Khudaverdyan, 44, from Burbank, was found guilty of 14 federal charges including wire fraud, money launder
Increase in Fake Tickets Being Sold by Cybercriminals on Social Media
Football fans have been warned to exercise caution when online shopping after it has emerged that fraudsters are increasingly taking to social media to sell non-existent tickets for events. According to Lloyds Bank data revealed that incidents surged bet
Startup Footprint Tackles Identity Verification
Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity.
North Korea-backed hackers have a clever way to read your Gmail
SHARPEXT has slurped up thousands of emails in the past year and keeps getting better.
How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks
SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more.
School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.
Zero-Day Defense: Tips for Defusing the Threat
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.
Intel’s loss is AMD’s gain as EPYC server CPUs benefit from Intel’s delays
Success in laptops, game consoles, and servers leads to record quarter for AMD.
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.
Druva Introduces the Data Resiliency Guarantee of up to $10 Million
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.
APIs attacked in 94% of companies in past year
Salt Security, the API security company, today released the Salt Labs State of API Security Report, Q3 2022. In its latest edition, the bi-annual report found that 94% of survey respondents experienced security problems in production APIs in the past yea
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIA’s Project Agora; invites broad industry participation in the effort to fight for tech talent.
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking
Rising interest in chess may feed the next generation of cybersecurity experts.
American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme
Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins.
Conservative Party Leadership Election Warned of Potentially Malicious Efforts to Alter the Result of Upcoming Election
Security researchers in the UK warn of potentially malicious efforts to alter the result of the upcoming Conservative Party leadership election. The next Prime Minister of the country will be decided by around 160,000 party members when they decide betwe
Taiwan Hit By Multiple DDoS Attacks Following Arrival of Pelosi
Several government websites in Taiwan suffered intermittent outages due to multiple distributed denial of service (DDoS) attacks yesterday following the arrival of senior US lawmaker, Nancy Pelosi. The visit has angered Beijing, which claims Taiwan as it
Thousands of Mobile Apps Leaking Twitter API Keys
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
Large Language AI Models Have Real Security Benefits
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find.
Massive New Phishing Campaign Targets Microsoft Email Service Users
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
source : arstechnica, darkreading, itsecurityguru