Dark Reading

Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report

05/25/2022
According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

05/25/2022
Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

Meet the 10 Finalists in the RSA Conference Innovation Sandbox

05/25/2022
This year's finalists tackle such vital security concerns as permissions management, software supply chain vulnerability, and data governance. Winners will be announced June 6.

Brexit Leak Site Linked to Russian Hackers

05/25/2022
Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.

Spring Cleaning Checklist for Keeping Your Devices Safe at Work

05/25/2022
Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.

CLOP Ransomware Activity Spiked in April

05/25/2022
In just one month, the ransomware group's activity rose by 2,100%, a new report finds.

Industry 4.0 Points Up Need for Improved Security for Manufacturers

05/25/2022
With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.

DDoS Extortion Attack Flagged as Possible REvil Resurgence

05/25/2022
A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.

DBIR Makes a Case for Passwordless

05/24/2022
Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.

'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

05/24/2022
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

05/24/2022
But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

New Attack Shows Weaponized PDF Files Remain a Threat

05/24/2022
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.

DeFi Is Getting Pummeled by Cybercriminals

05/24/2022
Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

New Connecticut Privacy Law Makes Path to Compliance More Complex

05/24/2022
As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.

XM Cyber Adds New Security Capability for Microsoft Active Directory

05/24/2022
Company to debut its AD capabilities at the 2022 RSA Conference.

Strong Password Policy Isn't Enough, Study Shows

05/24/2022
New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

05/24/2022
New features include context-aware, zero-trust data protection on local peripherals and devices.

Nisos Announces $15 Million in Series B Funding Round

05/24/2022
New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.

Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

05/24/2022
Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

Multiple Governments Buying Android Zero-Days for Spying: Google

05/23/2022
An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.