Dark Reading

Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists

07/20/2022
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.

How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures

07/20/2022
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.

Tackling the Cybersecurity Workforce Challenge With Apprentices

07/19/2022
One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.

Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants

07/19/2022
More than 311 local eateries have been breached through online ordering platforms MenuDrive, Harbortouch, and InTouchPOS, impacting 50K records — and counting.

Post-Breakup, Conti Ransomware Members Remain Dangerous

07/19/2022
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.

Startup Aims to Secure AI, Machine Learning Development

07/19/2022
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.

Okta Exposes Passwords in Clear Text for Possible Theft

07/19/2022
Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.

Will Your Cyber-Insurance Premiums Protect You in Times of War?

07/19/2022
Multiple cyber-insurance carriers have adopted act-of-war exclusions due to global political instability and are seeking to stretch the definition of war to deny coverage.

Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees

07/19/2022
The Curricula platform uses behavioral science with a simplified approach to train and educate users — and marks another step forward in Huntress’ mission to secure the 99%.

Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles with Disruption

07/19/2022
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.

GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution

07/19/2022
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.

Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map

07/19/2022
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.

Protecting Against Kubernetes-Borne Ransomware

07/19/2022
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.

Software Supply Chain Concerns Reach C-Suite

07/19/2022
Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.

Trojanized Password Crackers Targeting Industrial Systems

07/18/2022
Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Retbleed Fixed in Linux Kernel, Patch Delayed

07/18/2022
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

FBI: Beware of Scam Cryptocurrency Investment Apps

07/18/2022
Law enforcement estimates campaign has already bilked cryptocurrency investors out of $42.7 million.

WordPress Page Builder Plug-in Under Attack, Can't Be Patched

07/18/2022
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.

Name That Toon: Modern-Day Fable

07/18/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Ransomware Attempts Flag as Payments Also Decline

07/18/2022
Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often.