Dark Reading

Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang

12/14/2022
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.

Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware

12/14/2022
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.

CSAF Is the Future of Vulnerability Management

12/14/2022
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.

Apple Zero-Day Actively Exploited on iPhone 15

12/14/2022
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.

Proofpoint Nabs Illusive, Signaling a Sunset for Deception Tech

12/14/2022
Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).

Automated Cybercampaign Creates Masses of Bogus Software Building Blocks

12/14/2022
The proliferation of automated cyberattacks against npm, NuGet, and PyPI underscores the growing sophistication of threat actors and the threats to open source software supply chains.

How Our Behavioral Bad Habits Are a Community Trait and Security Problem

12/14/2022
Learn to think three moves ahead of hackers so you're playing chess, not checkers. Instead of reacting to opponents' moves, be strategic, and disrupt expected patterns of vulnerability.

Royal Ransomware Puts Novel Spin on Encryption Tactics

12/14/2022
An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.

Analysis Shows Attackers Favor PowerShell, File Obfuscation

12/14/2022
Aiming to give threat hunters a list of popular attack tactics, a cybersecurity team analyzed collections of real-world threat data to find attackers' most popular techniques.

Cybersecurity Drives Improvements in Business Goals

12/13/2022
Deloitte's Future of Cyber study highlights the fact that cybersecurity is an essential part of business success and should not be limited to just mitigating IT risks.

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

12/13/2022
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

Google Launches Scanner to Uncover Open Source Vulnerabilities

12/13/2022
OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

12/13/2022
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.

Accelerating Vulnerability Identification and Remediation

12/13/2022
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.

Security Flaw in Atlassian Products Affecting Multiple Companies

12/13/2022
Jira, Confluence,Trello, and BitBucket affected.

Niels Provos Joins Lacework as Head of Security Efficacy

12/13/2022
Former Head of Security at Stripe and Distinguished Security Engineer at Google joins cloud security leader to help scale security excellence across customer base.

Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce

12/13/2022
Enterprises can now adopt the industry's most comprehensive Zero Trust Network Access 2.0 to secure access to all applications from any device.

Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis

12/13/2022
1Password's annual State of Access report reveals that distracted employees are twice as likely to do the bare minimum for security at work.

Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest

12/13/2022
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.