Dark Reading

Microsoft Intros New Attack Surface Management, Threat Intel Tools

08/02/2022
Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts.

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

08/02/2022
To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.

VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

08/02/2022
Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal.

Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps

08/02/2022
With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety.

BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features

08/02/2022
In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification.

Cybrary Lands $25 Million in New Funding Round

08/02/2022
Series C investment from BuildGroup and Gula Tech Adventures, along with appointment of Kevin Mandia to the board of directors, will propel a new chapter of company growth.

DoJ: Foreign Adversaries Breach US Federal Court Records

08/01/2022
A Justice Department official testifies to a House committee that the cyberattack is a "significant concern."

Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat

08/01/2022
Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company.

Credential Canaries Create Minefield for Attackers

08/01/2022
Canary tokens — also known as honey tokens — force attackers to second-guess their potential good fortune when they come across user and application secrets.

Chromium Browsers Allow Data Exfiltration via Bookmark Syncing

08/01/2022
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.

Name That Edge Toon: Up a Tree

08/01/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

For Big Tech, Neutrality Is Not an Option — and Never Really Was

08/01/2022
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.

AWS Focuses on Identity Access Management at re:Inforce

07/29/2022
Identity and access management was front and center at AWS re:inforce this week.

Attackers Have 'Favorite' Vulnerabilities to Exploit

07/29/2022
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.

ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More

07/29/2022
Dark Reading's digest of other "don't-miss" stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.

Why Bug-Bounty Programs Are Failing Everyone

07/29/2022
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.

Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization

07/29/2022
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.

Amazon Adds Malware Detection to GuardDuty TDR Service

07/29/2022
The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week.

Big Questions Remain Around Massive Shanghai Police Data Breach

07/29/2022
Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded?

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

07/29/2022
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.