Dark Reading

I Built a Cheap 'Warshipping' Device in Just Three Hours — And So Can You

07/06/2022
Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.

Marriott Data Breach Exposes PII, Credit Cards

07/06/2022
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.

How to Keep EVs From Taking Down the Electrical Grid

07/06/2022
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.

Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'

07/06/2022
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.

Identity Access Management Is Set for Exploding Growth, Big Changes — Report

07/06/2022
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.

The Cyber-Asset Management Playbook for Supply Chain Modernization

07/06/2022
Organizations must balance the risk and reward of new cyber-asset management technologies.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

07/06/2022
Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

NIST Picks Four Quantum-Resistant Cryptographic Algorithms

07/05/2022
The US Department of Commerce's National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.

HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain

07/05/2022
Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe.

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

07/05/2022
A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.

Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk

07/05/2022
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

07/05/2022
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024

07/05/2022
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.

Name That Edge Toon: On Guard

07/05/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

07/01/2022
Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

OpenSea NFT Marketplace Faces Insider Hack

07/01/2022
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

Time Constraints Hamper Security Awareness Programs

07/01/2022
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.

Criminals Use Deepfake Videos to Interview for Remote Work

07/01/2022
The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware

07/01/2022
The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

When It Comes to SBOMs, Do You Know the Ingredients in Your Ingredients?

07/01/2022
Transitive dependencies can complicate the process of developing software bills of materials.