Dark Reading

The CISO Shortlist: Top Priorities at RSAC 2022

06/06/2022
The buzz on the show floor during RSA Conference is about aligning the organization's security priorities with the right technology. Will Lin, managing director and founding member at Forgepoint Capital, weighs in on the biggest security priorities for 2022 — and what kind of tech senior-level executives are looking for.

Are You Ready for a Breach in Your Organization's Slack Workspace?

06/06/2022
A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.

Name That Edge Toon: Hey, Batter Batter!

06/06/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Gathering Momentum: 3 Steps Forward to Expand SBoM Use

06/06/2022
New studies show less than a third of organizations use software bills of materials (SBoMs), but momentum is building to boost that number.

FDA: Patch Illumina DNA Sequencing Instruments, Stat

06/03/2022
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.

YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links

06/03/2022
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.

Iconium Software Releases DataLenz v1.3 for IBM zSystems

06/03/2022
DataLenz delivers real-time, machine learning-based breach detection with user behavior modeling for IBM zSystems.

Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium

06/03/2022
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims.

Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover

06/03/2022
An remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.

Why Network Object Management Is Critical for Managing Multicloud Network Security

06/03/2022
If you want your IT and security administrators to get buried in trivial workloads and productivity bottlenecks, having poor network object management is a great way to accomplish that.

For Ransomware, Speed Matters

06/03/2022
Someone interested in putting together a ransomware campaign has to consider several factors. The LockBit group touts its speed over competing families to attract potential buyers for its ransowmare-as-a-service.

Cerberus Sentinel Completes Acquisition of Creatrix, Inc.

06/02/2022
U.S. cybersecurity services firm expands security and identity management services with woman-owned business.

Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Lay

06/02/2022
79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments.

Intel Chipset Firmware Actively Targeted by Conti Group

06/02/2022
Conti threat actors are betting chipset firmware is updated less frequently than other software — and winning big, analysts say.

Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detectio

06/02/2022
Gurucul automating threat detection, investigation and response (TDIR) with advanced analytics, comprehensive threat content, and a flexible enterprise risk engine for hybrid and multi-cloud environments.

Phishers Having a Field Day on WhatsApp, Telegraph

06/02/2022
A pair of phishing campaigns against users of WhatsApp and Telegram's Telegraph expose them to extortion, credential harvesting, and even account takeover.

New Cloud Pricing and Products Proof of RSA’s Transformation

06/02/2022
RSA pivots to exclusive focus. Identity is once again the ‘beating heart’ of RSA.

Microsoft Philanthropies Collaborates With WiCyS to Help Close the Cybersecurity Skills Gap

06/02/2022
Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

US Sanctions Force Evil Corp to Change Tactics

06/02/2022
The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder.