Dark Reading

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

03/07/2023
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

Cyber Security Works to Rebrand As Securin Inc.

03/07/2023
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.

Machine Learning Improves Prediction of Exploited Vulnerabilities

03/06/2023
The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching.

Shein Shopping App Glitch Copies Android Clipboard Contents

03/06/2023
The Android app unnecessarily accessed clipboard device contents, which often includes passwords and other sensitive data.

NIST's Quantum-Proof Algorithm Has a Bug, Analysts Say

03/06/2023
A team has found that the Crystals-Kyber encryption algorithm is open to side-channel attacks, under certain implementations.

The Role of Verifiable Credentials In Preventing Account Compromise

03/06/2023
As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks.

Name That Edge Toon: Domino Effect

03/06/2023
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab

03/03/2023
The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research.

EV Charging Infrastructure Offers an Electric Cyberattack Opportunity

03/03/2023
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.

Indigo Books Refuses LockBit Ransomware Demand

03/03/2023
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats.

3 Ways Security Teams Can Use IP Data Context

03/03/2023
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.

Chick-fil-A Customers Have a Bone to Pick After Account Takeovers

03/03/2023
A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details.

It's Time to Assess the Potential Dangers of an Increasingly Connected World

03/03/2023
With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack.

IBM Contributes Supply Chain Security Tools to OWASP

03/02/2023
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard.

CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds

03/02/2023
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.

Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security

03/02/2023
The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.

BlackLotus Bookit Found Targeting Windows 11

03/02/2023
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find.

What GoDaddy's Years-Long Breach Means for Millions of Clients

03/02/2023
The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.

Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets

03/02/2023
Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service.

Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It?

03/02/2023
Overcoming the obstacles of this security principle can mitigate the damages of an attack.