Dark Reading

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

09/22/2022
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

09/22/2022
NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.

Malicious npm Package Poses as Tailwind Tool

09/22/2022
Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses

09/22/2022
Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

09/22/2022
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.

Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

09/21/2022
The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector.

Quantify Risk, Calculate ROI

09/21/2022
SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack.

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

09/21/2022
The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

09/21/2022
At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.

Hackers Paralyze 911 Operations in Suffolk County, NY

09/21/2022
Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls.

Data Scientists Dial Back Use of Open Source Code Due to Security Worries

09/21/2022
Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows.

Don't Wait for a Mobile WannaCry

09/21/2022
Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon.

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

09/21/2022
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

09/21/2022
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

15-Year-Old Python Flaw Slithers into Software Worldwide

09/21/2022
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

Ransomware: The Latest Chapter

09/21/2022
As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.

Microsoft Brings Zero Trust to Hardware in Windows 11

09/20/2022
A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat

09/20/2022
Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.