Dark Reading

Justice Dept. Creates Task Force to Stop Ransomware Spread

04/21/2021
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.

Zero-Day Flaws in SonicWall Email Security Tool Under Attack

04/21/2021
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.

Business Email Compromise Costs Businesses More Than Ransomware

04/21/2021
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.

How to Attack Yourself Better in 2021

04/21/2021
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.

Attackers Heavily Targeting VPN Vulnerabilities

04/21/2021
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

04/20/2021
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.

Foreign Spies Target British Nationals With Fake Social Media Profiles

04/20/2021
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.

Attackers Compromised Code-Checking Vendor's Tool for Two Months

04/20/2021
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

04/20/2021
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.

2020 Changed Identity Forever; What's Next?

04/20/2021
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.

7 Old IT Things Every New InfoSec Pro Should Know

04/20/2021
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.

Beware the Bug Bounty

04/20/2021
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

White House Scales Back Response to SolarWinds & Exchange Server Attacks

04/19/2021
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.

Attackers Test Weak Passwords in Purple Fox Malware Attacks

04/19/2021
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.

Lazarus Group Uses New Tactic to Evade Detection

04/19/2021
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.

SolarWinds: A Catalyst for Change & a Cry for Collaboration

04/19/2021
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Pandemic Drives Greater Need for Endpoint Security

04/16/2021
Endpoint security has changed. Can your security plan keep up?

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

04/16/2021
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Security Gaps in IoT Access Control Threaten Devices and Users

04/16/2021
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

How the Biden Administration Can Make Digital Identity a Reality

04/16/2021
A digital identity framework is the answer to the US government's cybersecurity dilemma.