Dark Reading

TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls

09/14/2022
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.

Key Takeaways From the Twitter Whistleblower's Testimony

09/13/2022
Twitter did not know what data it had or who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing.

Bishop Fox Releases Cloud Enumeration Tool CloudFox

09/13/2022
CloudFox is a command-line tool to help penetration testers understand unknown cloud environments.

Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

09/13/2022
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

U-Haul Customer Contract Search Tool Compromised

09/13/2022
Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

ShadowPad Threat Actors Return With Fresh Government Strikes, Updated Tools

09/13/2022
Cyber spies are using legitimate apps for DLL sideloading, deploying an updated range of malware, including the new "Logdatter" info-stealer.

Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign

09/13/2022
Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers.

Name That Toon: Shiver Me Timbers!

09/13/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes

09/13/2022
Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk

Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems

09/13/2022
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.

Business Security Starts With Identity

09/13/2022
How identity-centric security can support business objectives.

Attackers Can Compromise Most Cloud Data in Just 3 Steps

09/13/2022
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.

How Machine Learning Can Boost Network Visibility for OT Teams

09/12/2022
Opswat says its new tool uses neural networks to protect critical environments through AI-assisted asset discovery, network visibility, and risk management.

Google Releases Pixel Patches for Critical Bugs

09/12/2022
Unpatched Pixel devices are at risk for escalation of privileges, Google warns.

Federal Privacy Bill That Would Preempt State Privacy Laws Faces Uncertain Future

09/12/2022
The American Data Privacy and Protection Act would provide federal-level protections that don't exist in most states, but override existing, stronger state protections.

Cisco Data Breach Attributed to Lapsus$ Ransomware Group

09/12/2022
Analysis shows attackers breached employee credentials with voice phishing and were preparing a ransomware attack against Cisco Systems.

Cybersecurity Awareness Campaigns: How Effective Are They in Changing Behavior?

09/12/2022
Your chance to be a part of a ground-breaking study.

Google Completes Acquisition of Mandiant

09/12/2022
The threat-intelligence and cyberdefense company company will join Google Cloud and retain its brand name.