Dark Reading

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

09/02/2022
Thousands of corporate mobile apps developed by businesses for use by their customers contain hardcoded AWS tokens that can be easily extracted and used to access the full run of corporate data stored in cloud buckets.

The Makings of a Successful Threat-Hunting Program

09/02/2022
Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers.

Ragnar Locker Brags About TAP Air Portugal Breach

09/02/2022
TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info.

Ghost Data Increases Enterprise Business Risk

09/01/2022
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.

Neopets Hackers Had Network Access for 18 Months

09/01/2022
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.

Threat Actor Phishing PyPI Users Identified

09/01/2022
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.

Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams

09/01/2022
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.

New Guidelines Spell Out How to Test IoT Security Products

09/01/2022
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.

Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

09/01/2022
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.

Apple Quietly Releases Another Patch for Zero-Day RCE Bug

09/01/2022
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.

(ISC)(2) Launches 'Certified in Cybersecurity' Entry-Level Certification to Address Global Workforce Gap

09/01/2022
After a rigorous pilot program, the association's newest certification is officially operational. More than 1,500 pilot participants who passed the exam are on the path to full certification.

Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation

09/01/2022
Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.)

Closing the Security Gap Opened by the Rise of No-Code Tools

08/31/2022
No-code startups such as Mine PrivacyOps say they offer best of both worlds — quick development and compliance with privacy laws.

Google Fixes 24 Vulnerabilities with New Chrome Update

08/31/2022
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.

James Webb Telescope Images Loaded With Malware Are Evading EDR

08/31/2022
New Golang cyberattacks use deep space images and a new obfuscator to target systems — undetected.

The Pros and Cons of Managed Firewalls

08/31/2022
Managed firewalls are increasingly popular. This post examines the strengths and weaknesses of managed firewalls to help your team decide on the right approach.

OpenText Goes All-in on Cybersecurity Size and Scale With Micro Focus Purchase

08/31/2022
OpenText makes a $6 billion bet that bigger is better in security and that cybersecurity platform plays are the future.

(ISC)² Opens Global Enrollment for '1 Million Certified in Cybersecurity' Initiative

08/31/2022
(ISC)² pledges to expand and diversify the cybersecurity workforce by providing free "(ISC)² Certified in Cybersecurity" education and exams to 1 million people worldwide.

TikTok for Android Bug Allows Single-Click Account Hijack

08/31/2022
A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns.

The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks

08/31/2022
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)