Dark Reading

Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign

06/23/2022
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.

Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS

06/23/2022
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.

How APTs Are Achieving Persistence Through IoT, OT, and Network Devices

06/23/2022
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.

80% of Legacy MSSP Users Planning MDR Upgrade

06/23/2022
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

06/23/2022
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.

Organizations Battling Phishing Malware, Viruses the Most

06/22/2022
Organizations may not frequently encounter malware targeting cloud systems or networking equipment, but the array of malware they do encounter just occasionally is no less disruptive or damaging. That is where the focus needs to be.

Microsoft 365 Users in US Face Raging Spate of Attacks

06/22/2022
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.

Synopsys Completes Acquisition of WhiteHat Security

06/22/2022
Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.

Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security

06/22/2022
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.

Neustar Security Services Launches Public UltraDNS Health Check Site

06/22/2022
Open service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names.

Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign

06/22/2022
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.

Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts

06/22/2022
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.

Getting a Better Handle on Identity Management in the Cloud

06/22/2022
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.

Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops

06/22/2022
partnership lets users access one-click ScreenMeet sessions from the Tanium platform.

Zscaler and AWS Expand Relationship

06/22/2022
Zscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS.

Zscaler Launches Posture Control Solution

06/22/2022
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.

Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange

06/22/2022
Organizations can strengthen their network defense with a number of intelligent security innovations.

Evolving Beyond the Password: Vanquishing the Password

06/22/2022
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)

The Risk of Multichannel Phishing Is on the Horizon

06/22/2022
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar

06/22/2022
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.