Dark Reading

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

09/20/2022
It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks

09/20/2022
Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals.

How to Dodge New Ransomware Tactics

09/20/2022
The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves.

No Enterprise Push for Quantum Without Regulatory Push

09/20/2022
What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.

ThreatQuotient Enhances Data-Driven Automation Capabilities With New ThreatQ TDR Orchestrator Features

09/20/2022
Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.

SASE Bucks Economic Uncertainty With Over 30% Growth in 2Q 2022, According to Dell'Oro Group

09/20/2022
Overall SASE Spend on Pace to Top $6 Billion in 2022.

Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code

09/20/2022
The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

Byos Releases Free Assessment Tool to Provide Companies With Tailored Network Security Recommendations

09/20/2022
Assessment tool instantly generates a detailed report breaking down a company’s current network security maturity and recommended next steps.

Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure

09/20/2022
A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward.

CrowdStrike Investment Spotlights API Security

09/19/2022
The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.

Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack

09/19/2022
The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.

Rockstar Games Confirms 'Grand Theft Auto 6' Breach

09/19/2022
The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.

Cyberattackers Make Waves in Hotel Swimming Pool Controls

09/19/2022
Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more.

5 Ways to Improve Fraud Detection and User Experience

09/19/2022
If we know a user is legitimate, then why would we want to make their user experience more challenging?

TPx Introduces Penetration Scanning, Expands Security Advisory Services

09/19/2022
TPx, a leading nationwide managed services provider (MSP) delivering cybersecurity, managed networks, and cloud communications, today announced the addition of penetration scanning to its Security Advisory Services portfolio.

Cyberattack Costs for US Businesses up by 80%

09/19/2022
Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge.

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

09/16/2022
Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Tackling Financial Fraud With Machine Learning

09/16/2022
Financial services firms need to learn how — and when — to put machine learning to use.

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

09/16/2022
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.