Dark Reading

Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams

03/23/2023
Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.

New Android Malware Targets Customers of 450 Financial Institutions Worldwide

03/23/2023
"Nexus" is the latest in a vast and growing array of Trojans targeting mobile banking and cryptocurrency applications.

Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

03/23/2023
With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns.

The Board of Directors Will See You Now

03/23/2023
Help the board understand where the business is vulnerable, where controls end, and where exposure begins.

Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals

03/23/2023
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.

MITRE Rolls Out Supply Chain Security Prototype

03/23/2023
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.

Human Detection and Response: A New Approach to Building a Strong Security Culture

03/23/2023
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.

Okta Post-Exploitation Method Exposes User Passwords

03/23/2023
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

03/23/2023
DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.

Are You Talking to a Carbon, Silicon, or Artificial Identity?

03/23/2023
In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.

CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

03/22/2023
The advisory comes the same week as a warning from the EU's ENISA about potential for ransomware attacks on OT systems in the transportation sector.

10 Vulnerabilities Types to Focus On This Year

03/22/2023
A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

$36M BEC Fraud Attempt Narrowly Thwarted by AI

03/22/2023
With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.

Chinese Warships Suspected of Signal-Jamming Passenger Jets

03/22/2023
Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.

Pipeline Cybersecurity Rules Show the Need for Public-Private Partnerships

03/22/2023
The government should not issue infrastructure regulations without the involvement of the industries it's regulating.

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

03/22/2023
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

BreachForums Shuts Down in Wake of Leader's Arrest

03/22/2023
Administrator shutters the forum on fears that it had been breached by federal authorities but assured members it's not the end for the popular underground hacking site.

How to Keep Incident Response Plans Current

03/22/2023
Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data.

Cyberpion Rebrands As IONIX

03/21/2023
IONIX illuminates exploitable risks across the real attack surface and its digital supply chain providing security teams with critical focus to accelerate risk reduction.

.NET Devs Targeted With Malicious NuGet Packages

03/21/2023
In a possible first for the NuGet repository, more than a dozen components in the .NET code repository run a malicious script upon installation, with no warning or alert.