Dark Reading

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses

09/22/2022
Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

09/22/2022
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.

Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

09/21/2022
The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector.

Quantify Risk, Calculate ROI

09/21/2022
SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack.

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

09/21/2022
The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

09/21/2022
At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.

Hackers Paralyze 911 Operations in Suffolk County, NY

09/21/2022
Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls.

Data Scientists Dial Back Use of Open Source Code Due to Security Worries

09/21/2022
Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows.

Don't Wait for a Mobile WannaCry

09/21/2022
Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon.

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

09/21/2022
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

09/21/2022
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

15-Year-Old Python Flaw Slithers into Software Worldwide

09/21/2022
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

Ransomware: The Latest Chapter

09/21/2022
As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.

Microsoft Brings Zero Trust to Hardware in Windows 11

09/20/2022
A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat

09/20/2022
Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.

2-Step Email Attack Uses Powtoon Video to Execute Payload

09/20/2022
The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.

Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info

09/20/2022
The airline and the fintech giant both fell to successful phishing attacks against employees.

Cast AI Introduces Cloud Security Insights for Kubernetes

09/20/2022
The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability.