Dark Reading

Novel npm Timing Attack Allows Corporate Targeting

10/13/2022
A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names.

Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments

10/13/2022
The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.

Tanium Benchmark Sets New Standard for Tracking and Improving Security and Operational Metrics

10/13/2022
Company enables organizations to mark endpoint performance and take immediate action to mitigate risk.

QAKBOT Attacks Spike Amid Concerning Cybercriminal Collaborations

10/13/2022
The QAKBOT group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta.

DFIN DealMaker Meter: Surge in 'Dark Data' Represents Growing Danger for Corporations

10/13/2022
This legacy of corporations' appetite for data is not worth the risk, leaders say, emphasizing the need to find, secure and redact records

Orange Bank Deploys Real-Time Sanctions Screening with SAS and Neterium

10/13/2022
SAS and Neterium partnered to deliver Neterium’s next-gen screening capabilities on SAS’ analytics platform.

Nudge Security Launches Platform With Humans in Mind

10/13/2022
SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely.

The Playbook for Human-Operated Ransomware

10/13/2022
Ransomware attacks are on the rise, but organizations also have access to advanced tools and technologies they can use to fight back.

What You Need for a Strong Security Posture

10/13/2022
From the basics to advanced techniques, here's what you should know.

Cyberattackers Spoof Google Translate in Unique Phishing Tactic

10/13/2022
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.

State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem

10/13/2022
Despite dozens of tools and external vendors, 2 in 3 organizations believe their data strategy isn't sustainable beyond three years, which could leave businesses vulnerable.

Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report

10/13/2022
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.

What the Uber Breach Verdict Means for CISOs in the US

10/13/2022
Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.

Thoma Bravo to Acquire ForgeRock in $2.3B Deal

10/12/2022
This marks the third identity and access management (IAM) company acquired by Thoma Bravo in just the past few months.

WhatsApp Users Beware: Dangerous Mobile Trojan Being Distributed via Malicious Mod

10/12/2022
Among other things, users who download the app could end up having their WhatsApp account details stolen.

KnowBe4 to Be Acquired for $4.6B by Private Equity Firm Vista

10/12/2022
Vista Equity Partners plans take the publicly traded security-awareness training vendor private.

Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild

10/12/2022
Drone-based cyberattacks to spy on corporate targets are no longer hypothetical, one incident from this summer shows.

Key Takeaways From Omdia's IGA Market Radar

10/12/2022
Identity governance administration (IGA) started life as a tool for organizations to meet a sudden surge of legal and regulatory requirements, but it has grown into a key enabler of security.

Cyolo Receives Investment from IBM Ventures for Zero Trust Secure Access Platform

10/12/2022
The investment by IBM Ventures enables further collaboration to accelerate the adoption of modernized, identity-based connectivity for today's digital organizations.

Android Leaks Wi-Fi Traffic Even When VPN Protection Features Are On

10/12/2022
The platform lets network connectivity data escape outside of the secure tunnel when connected to a public network, posing a "privacy concern" for users with "certain threat models," researchers said.