Dark Reading

Keep Today's Encrypted Data From Becoming Tomorrow's Treasure

09/16/2022
Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure.

DDoS Attack Against Eastern Europe Target Sets New Record

09/16/2022
The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.

Hacker Pwns Uber Via Compromised VPN Account

09/16/2022
A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

Highlights of the 2022 Pwnie Awards

09/16/2022
Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.

Business Application Compromise & the Evolving Art of Social Engineering

09/16/2022
Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.

Note to Security Vendors — Companies Are Picking Favorites

09/15/2022
A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition between cybersecurity vendors.

Malware on Pirated Content Sites a Major WFH Risk for Enterprises

09/15/2022
Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.

Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

09/15/2022
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.

Will the Cloud End the Endpoint?

09/15/2022
When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

5 Steps to Strengthening Cyber Resilience

09/15/2022
Organizations are thinking about their cyber resilience. Here are five steps security teams should take.

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

09/15/2022
Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.

5 Best Practices for Building Your Data Loss Prevention Strategy

09/15/2022
The entire security team should share in the responsibility to secure sensitive data.

Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management

09/15/2022
Oversubscribed round validates company's data-first approach to solving cloud security and privacy issues for global businesses thwarting data breaches and ransomwar

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

09/15/2022
Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.

White House Guidance Recommends SBOMs for Federal Agencies

09/14/2022
New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.

How to Use SSH Keys and 1Password to Sign Git Commits

09/14/2022
This Tech Tip walks through the steps to set up signed commits with SSH keys stored in 1Password.

SparklingGoblin Updates Linux Version of SideWalk Backdoor in Ongoing Cyber Campaign

09/14/2022
Researchers link the APT to an attack on a Hong Kong university, which compromised multiple key servers using advanced Linux malware.

Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly

09/14/2022
Interactive intrusion campaigns jumped nearly 50%, while the breakout time between initial access and lateral movement shrank to less than 90 minutes, putting pressure on defenders to react quickly.

To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline

09/14/2022
With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.