Dark Reading

Sophos Cuts Jobs to Focus on Cybersecurity Services

01/18/2023
Layoffs intended to cut costs, help company shift its focus on cybersecurity services, Sophos says.

ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

01/18/2023
The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

01/18/2023
New module introduces shadow SaaS application discovery, monitoring, and remediation to protect businesses from supply chain attacks.

KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

01/18/2023
KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects.

ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

01/18/2023
From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks.

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

01/18/2023
Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.

Perception Point Launches Advanced Threat Protection and Rapid Remediation for Zendesk Customers

01/18/2023
The integration provides crucial protection for businesses’ most vulnerable departments — help desks and customer support teams — preventing the most advanced threats sent by online users.

Cybersecurity and the Myth of Quiet Quitting

01/18/2023
People are working harder than ever, but they're not happy about it — and the insider threat is all too real.

Lares Research Highlights Top 5 Penetration Test Findings From 2022

01/18/2023
Range of Addressable Concerns Includes "Brute Forcing Accounts with Weak Passwords" and "Excessive File System Permissions."

Okta Expands No-Code Offerings for Identity Cloud

01/17/2023
With Actions Integrations, Okta is expanding its no-code offerings to help administrators manage and customize their identity workflow.

Initial Access Broker Market Booms, Posing Growing Threat to Enterprises

01/17/2023
A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks.

Secrets Rotation Recommended After CircleCI Security Incident

01/17/2023
Companies are being urged to update 0Auth, runner, and project API tokens, along with other secrets stashed with CircleCI.

VIPRE Security Group Launches New Endpoint Detection and Response (EDR) Technology Built for SMEs

01/17/2023
VIPRE Endpoint Detection & Response (EDR) delivers streamlined, sophisticated, high-performing cloud-based EDR management in a single, easy-to-navigate console.

Unpatched Zoho MangeEngine Products Under Active Cyberattack

01/17/2023
The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.

A New Era Is Dawning in Cybersecurity, but Only the Best Algorithms Will Win

01/17/2023
Open source AI is lowering the barrier of entry for cybercriminals. Security teams must consider the right way to apply defensive AI to counter this threat.

Why Businesses Need to Think Like Hackers This Year

01/17/2023
Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal."

Cygna Labs Introduces Entitlement and Security for Active Directory

01/17/2023
Standalone product provides permission insights for Active Directory security and compliance.

Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

01/17/2023
Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them.

5 Cybersecurity Tips for Higher Education Institutions

01/17/2023
Following these basic cybersecurity hygiene policies can help make data more secure and protect colleges and universities from becoming the next ransomware headline. The steps aren't complicated, and they won't break the bank.

3 Lessons Learned in Vulnerability Management

01/17/2023
In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.