Dark Reading

3 Reasons Why BEC Scams Work in Real Estate

09/29/2022
Identity verification could be the key to fighting back and building trust in an industry beset with high-stakes fraud.

(ISC)² Recruits More Than 55,000 Cybersecurity Candidates in First 30 Days of New Programs to Address Workforce Gap

09/29/2022
2,700 cybersecurity career pursuers have already passed the (ISC)2 Certified in Cybersecurity℠ exam, with more than 53,000 more people registered for a free course and exam.

Capital One Phish Showcases Growing Bank-Brand Targeting Trend

09/29/2022
Capital One lures leveraged the bank's new partnership with Authentify, showing that phishers watch the headlines, and take advantage.

Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange

09/29/2022
APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.

XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data

09/29/2022
Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.

What Lurks in the Shadows of Cloud Security?

09/29/2022
Organizations looking to get ahead in cloud security have gone down the path of deploying CSPM tooling with good results. Still, there’s a clear picture that data security and security operations are next key areas of interest.

Fake Accounts Are Not Your Friends!

09/28/2022
Inflated user bases and fake engagement cause more harm than good, especially when the artificial accounts are based on stolen human identities.

Plug Your Data Leaks: Integrating Data Loss Prevention into Your Security Stack

09/28/2022
The average cost of a data-exposing cybersecurity incident is $4.35 million. If your business can’t avoid to pay, make sure you’ve got a strong data loss prevention practice in place.

Google Quashes 5 High-Severity Bugs With Chrome 106 Update

09/28/2022
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.

Sophisticated Covert Cyberattack Campaign Targets Military Contractors

09/28/2022
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.

Fast Company CMS Hack Raises Security Questions

09/28/2022
The company's website remains offline after hackers used its compromised CMS to send out racist messages.

Container Supply Chain Attacks Cash In on Cryptojacking

09/28/2022
Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.

Google Cloud DORA: Securing the Supply Chain Begins With Culture

09/28/2022
The team's annual survey finds that the right development culture is better than technical measures when it comes to shoring up software supply chain security practices. An additional benefit: Less burnout.

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

09/28/2022
Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.

The Countdown to DORA

09/28/2022
With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

09/28/2022
The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

09/28/2022
Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.

Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted At

09/28/2022
ZecOps extends Jamf's mobile security capabilities by adding advanced detections and incident response.

Time to Change Our Flawed Approach to Security Awareness

09/28/2022
Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.

When Will Cybersecurity Get Its Bloomberg Terminal?

09/28/2022
The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it.