Dark Reading

RSA 2022: Omdia Research Take Aways

07/01/2022
The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.

Microsoft Going Big on Identity with the Launch of Entra

07/01/2022
With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.

Patch Now: Linux Container-Escape Flaw in Azure Service Fabric

06/29/2022
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.

ZuoRAT Hijacks SOHO Routers From Cisco, Netgear

06/29/2022
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.

Broken Authentication Vuln Threatens Amazon Photos Android App

06/29/2022
The now-patched bug allows an attacker to gain full access to a user's Amazon files.

How to Master the Kill Chain Before Your Attackers Do

06/29/2022
In the always-changing world of cyberattacks, preparedness is key.

What's Your AppSec Personality?

06/29/2022
It's time to decide which role to play to best serve your organization's security needs: an auditor, a lawyer, or a developer.

Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing

06/29/2022
External attacks focused on vulnerabilities are still the most common ways that companies are successfully attacked, according to incident data.

Shifting the Cybersecurity Paradigm From Severity-Focused to Risk-Centric

06/29/2022
Embrace cyber-risk modeling and ask security teams to pinpoint the risks that matter and prioritize remediation efforts.

5 Surprising Cyberattacks AI Stopped This Year

06/29/2022
See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures — but were busted by AI.

Kaspersky Reveals Phishing Emails That Employees Find Most Confusing

06/29/2022
Results from phishing simulation campaigns highlight the five most effective types of phishing email.

Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign

06/28/2022
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.

Google Analytics Continues to Lose SEO Visibility as Bans Continue

06/28/2022
Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.

'Raccoon Stealer' Scurries Back on the Scene After Hiatus

06/28/2022
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.

China-Backed APT Pwns Building-Automation Systems with ProxyLogon

06/28/2022
The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.

Atlassian Confluence Exploits Peak at 100K Daily

06/28/2022
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.

Can Zero-Knowledge Cryptography Solve Our Password Problems?

06/28/2022
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.

A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset

06/28/2022
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.

Ransomware Volume Nearly Doubles 2021 Totals in a Single Quarter

06/28/2022
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).

How to Find New Attack Primitives in Microsoft Azure

06/28/2022
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.