Dark Reading

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

05/12/2022
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

5 Years That Altered the Ransomware Landscape

05/12/2022
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

Nokia Opens Cybersecurity Testing Lab

05/12/2022
The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.

Google Will Use Mobile Devices to Thwart Phishing Attacks

05/12/2022
In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

On the Air With Dark Reading News Desk at Black Hat Asia 2022

05/12/2022
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.

PlainID Debuts Authorization-as-a-Service Platform

05/11/2022
Platform powered by policy-based access control (PBAC).

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

05/11/2022
The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.

Ready, IAM, Fire: How Weak IAM Makes You a Target

05/11/2022
Proper identity and access management configuration serves as an effective starting point for organizations looking to secure their cloud infrastructure.

Microsoft Simplifies Security Patching Process for Exchange Server

05/11/2022
Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.

Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlie

05/11/2022
Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.

NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

05/11/2022
International cybersecurity authorities issue guidance to help information and communications service providers secure their networks.

Quantum Ransomware Strikes Quickly, How to Prepare and Recover

05/11/2022
NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.

Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

05/11/2022
Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.

SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies

05/11/2022
Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

05/11/2022
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

The Danger of Online Data Brokers

05/11/2022
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Vanity URLs Could be Spoofed for Social Engineering Attacks

05/11/2022
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.

Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

05/11/2022
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.