Dark Reading

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

08/16/2022
South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company.

Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

08/16/2022
Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.

Name That Toon: Vicious Circle

08/16/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

With Plunge in Value, Cryptocurrency Crimes Decline in 2022

08/16/2022
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.

Windows Vulnerability Could Crack DC Server Credentials Open

08/16/2022
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Lessons From the Cybersecurity Trenches

08/16/2022
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.

DEF CON 30: Hackers Come Home to Vibrant Community

08/15/2022
After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.

Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

08/15/2022
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.

Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management

08/15/2022
ZTNA brings only marginal benefits unless you ensure that the third parties you authorize are not already compromised.

How and Why to Apply OSINT to Protect the Enterprise

08/15/2022
Here's how to flip the tide and tap open source intelligence to protect your users.

Cybercriminals Weaponizing Ransomware Data for BEC Attacks

08/12/2022
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

08/12/2022
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

08/12/2022
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

The Time Is Now for IoT Security Standards

08/11/2022
Industry standards would provide predictable and understandable IoT security frameworks.

New Open Source Tools Launched for Adversary Simulation

08/10/2022
The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.

New HTTP Request Smuggling Attacks Target Web Browsers

08/10/2022
Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

08/10/2022
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.

Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

08/10/2022
Many of the technologies and services that organizations are using to isolate Internet traffic from the internal network lack session validation mechanisms, security startup says.

Rethinking Software in the Organizational Hierarchy

08/10/2022
Least privilege is a good defense normally applied only to users. What if we limited apps' access to other apps and network resources based on their roles and responsibilities?