Dark Reading

SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform

08/31/2022
Next-gen platform delivers adaptive and robust, continuous authentication with identity orchestration and a frictionless user experience.

New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries

08/30/2022
New graph-based tool offers a better alternative to current approaches for finding vulnerabilities in JavaScript code, they note.

Malicious Chrome Extensions Plague 1.4M Users

08/30/2022
Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.

Chinese Hackers Target Energy Sector in Australia, South China Sea

08/30/2022
The phishing campaign deploying a ScanBox reconnaissance framework has targeted the Australian government and companies maintaining wind turbines in the South China Sea.

Security Culture: An OT Survival Story

08/30/2022
The relationship between information technology and operational technology will need top-down support if a holistic security culture is to truly thrive.

Cohesity Research Reveals that Reliance on Legacy Technology Is Undermining How Organizations Respond to Ransomware

08/30/2022
Nearly half of respondents say their company relies on outdated backup and recovery infrastructure — in some cases dating back to the 1990s, before today's sophisticated cyberattacks.

Phishing Campaign Targets PyPI Users to Distribute Malicious Code

08/30/2022
The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.

Building a Strong SOC Starts With People

08/30/2022
A people-first approach reduces fatigue and burnout, and it empowers employees to seek out development opportunities, which helps retention.

Google Expands Bug Bounties to Its Open Source Projects

08/30/2022
The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects — with a focus on critical software such as Go and Angular.

Cerberus Sentinel Announces Acquisition of CUATROi

08/30/2022
US cybersecurity services firm expands services in Latin America.

A Peek Into CISA's Post-Quantum Cryptography Roadmap

08/29/2022
To help organizations with their plans, NIST and the Department of Homeland Security developed the Post-Quantum Cryptography Roadmap.

Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web

08/29/2022
Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

3 Ways No-Code Developers Can Shoot Themselves in the Foot

08/29/2022
Low/no-code tools allow citizen developers to design creative solutions to address immediate problems, but without sufficient training and oversight, the technology can make it easy to make security mistakes.

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

08/29/2022
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.

NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

08/29/2022
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

The 3 Questions CISOs Must Ask to Protect Their Sensitive Data

08/29/2022
CISOs must adopt a new mindset to take on the moving targets in modern cybersecurity.

LastPass Suffers Data Breach, Source Code Stolen

08/26/2022
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.

'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2

08/26/2022
Microsoft and others say they have observed nation-state actors, ransomware purveyors, and assorted cybercriminals pivoting to an open source attack-emulation tool in recent campaigns.

'No-Party' Data Architectures Promise More Control, Better Security

08/26/2022
Consumers gain control of their data while companies build better relationships with their customers — but third-party ad-tech firms will likely continue to stand in the way.

How DevSecOps Empowers Citizen Developers

08/26/2022
DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.