Dark Reading

New Chaos Malware Variant Ditches Wiper for Encryption

05/27/2022
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.

ChromeLoader Malware Hijacks Browsers With ISO Files

05/27/2022
The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.

Physical Security Teams' Impact Is Far-Reaching

05/27/2022
Here's how physical security teams can integrate with the business to identify better solutions to security problems.

Taking the Danger Out of IT/OT Convergence

05/27/2022
The Colonial Pipeline attack highlighted the risks of convergence. Unified security provides a safer way to proceed.

Microsoft Unveils Dev Box, a Workstation-as-a-Service

05/26/2022
Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.

Broadcom Snaps Up VMware in $61B Deal

05/26/2022
Massive merger will put Broadcom's Symantec and VMware's Carbon Black under one roof.

Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector

05/26/2022
Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.

Twitter Fined $150M for Security Data Misuse

05/26/2022
Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.

The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

05/26/2022
The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.

VMware, Airline Targeted as Ransomware Chaos Reigns

05/26/2022
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

05/26/2022
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Act Now: Leveraging PCI Compliance to Improve Security

05/26/2022
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Quanta Servers Caught With 'Pantsdown' BMC Vulnerability

05/26/2022
Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

Most Common Threats in DBIR

05/25/2022
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.

Is Your Data Security Living on the Edge?

05/25/2022
Gartner's security service edge fundamentally changes how companies should be delivering data protection in a cloud and mobile first world.

Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig

05/25/2022
A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.

JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

05/25/2022
Open source software community initiative utilizes blockchain technology.

Mastercard Launches Cybersecurity “Experience Centre”

05/25/2022
Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.

Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

05/25/2022
Company will detail enhancements to Vulnerability Management, Detection and Response solution next month.

Corelight Announces New SaaS Platform for Threat Hunting

05/25/2022
Corelight Investigator aids threat hunting and investigation through intelligent alert aggregation, built-in queries and scalable search