Dark Reading

Cyberattack Costs for US Businesses up by 80%

Cyberattacks keep inflicting more expensive damage, but firms are responding decisively to the challenge.

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Tackling Financial Fraud With Machine Learning

Financial services firms need to learn how — and when — to put machine learning to use.

Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign.

Keep Today's Encrypted Data From Becoming Tomorrow's Treasure

Building quantum resilience requires C-suite commitment, but it doesn't have to mean tearing out existing infrastructure.

DDoS Attack Against Eastern Europe Target Sets New Record

The target has been under relentless DDoS attack, which ultimately set a new packets-per-second record for Europe.

Hacker Pwns Uber Via Compromised VPN Account

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

Highlights of the 2022 Pwnie Awards

Since 2007, the Pwnies have celebrated the good, the bad, and the wacky in cybersecurity. Enjoy some of the best moments of this year's ceremony.

Business Application Compromise & the Evolving Art of Social Engineering

Be wary of being pestered into making a bad decision. As digital applications proliferate, educating users against social engineering attempts is a key part of a strong defense.

Note to Security Vendors — Companies Are Picking Favorites

A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition between cybersecurity vendors.

Malware on Pirated Content Sites a Major WFH Risk for Enterprises

Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.

Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.

Will the Cloud End the Endpoint?

When an organization fully embraces the cloud, traditional endpoints become disposable. Organizations must adapt their security strategy for this reality.

5 Steps to Strengthening Cyber Resilience

Organizations are thinking about their cyber resilience. Here are five steps security teams should take.

Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.

5 Best Practices for Building Your Data Loss Prevention Strategy

The entire security team should share in the responsibility to secure sensitive data.

Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management

Oversubscribed round validates company's data-first approach to solving cloud security and privacy issues for global businesses thwarting data breaches and ransomwar

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.

White House Guidance Recommends SBOMs for Federal Agencies

New executive order stops short of mandating NIST's guidelines, but recommends SBOMs for federal agencies across government.