Dark Reading

Outpost24 Announces Expansion of Penetration Testing Offerings to North America

10/11/2022
Pen testing solutions to empower businesses to proactively address application security vulnerabilities amid surging threats.

High-Value Targets: String of Aussie Telco Breaches Continues

10/11/2022
Australian IT services provider Dialog has announced a breach, making it the third telecom company in the area compromised in less than a month.

Proposed SEC Disclosure Rules Could Transform Cyber-Incident Response

10/11/2022
It's not too early for firms to start preparing for change.

US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet

10/10/2022
Killnet calls on other groups to launch similar attacks against US civilian infrastructure, including marine terminals and logistics facilities, weather monitoring centers, and healthcare systems.

Emotet Rises Again With More Sophistication, Evasion

10/10/2022
An analysis of the malware and its infection strategies finds nearly 21,000 minor and 139 major variations on the malware — complexity that helps it dodge analysis.

Zimbra RCE Bug Under Active Attack

10/10/2022
A flaw in unpatched Zimbra email servers could allow attackers to obtain remote code execution by pushing malicious files past filters.

6 Things Every CISO Should Do the First 90 Days on the Job

10/10/2022
A CISO's responsibilities have evolved immensely in recent years, so their first three months on the job should look a different today than they might have several years ago.

Email Defenses Under Siege: Phishing Attacks Dramatically Improve

10/08/2022
About 1 in 5 phishing email messages reach workers' inboxes, as attackers get better at dodging Microsoft's platform defenses and defenders run into processing limitations.

Credential Harvesting Is Retail Industry's Top Threat

10/07/2022
Why bother with new tactics and exploits when the old tricks are still effective?

Cybersecurity Will Account for Nearly One-Quarter of AI Software Market Through 2025

10/07/2022
A boom in artificial intelligence-powered detection and remediation tools pushes security spending to the top of the AI market, according to Forrester.

Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

10/07/2022
Some 400 mobile apps have posed as legitimate software on Google Play and the Apple App Store over the past year, and were designed to steal Facebook user credentials.

State Bar of Georgia Notifies Members and Employees of Cybersecurity Incident

10/07/2022
Current and former employees and members are being offered complimentary credit monitoring and identity protection services as some personal information may have been accessed.

Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln

10/07/2022
Fortinet issued a customer advisory urging customers to apply its update immediately.

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

10/07/2022
The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

We Can Save Security Teams From Crushing Workloads. Will We?

10/07/2022
Today, the processing of mountain-high stacks of alarms is considered "security." That system is failing customers and the cybersecurity workforce.

CyberRatings.org Invites Industry Participation in Forthcoming Enterprise Firewall and Data Center Firewall Tests

10/07/2022
Test methodologies published today, and their scope includes security effectiveness, performance, stability and reliability, and total cost of ownership.

Sharing Knowledge at 44CON

10/06/2022
The infosec conference named after the UK's calling code returned this year with a focus on building a healthy community.

macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks

10/06/2022
Exploit allows unsigned and unnotarized macOS applications to bypass Gatekeeper and other security, without notifying the user.

Russian Hackers Shut Down US State Government Websites

10/06/2022
Russian-speaking cyberattackers boast they are behind disruption of Colorado, Kentucky, and Mississippi government websites.