Dark Reading

Holiday Scams Drive SMS Phishing Attacks

11/23/2021
Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well.

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

11/23/2021
The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.

Don't Help Cybercriminals Dash With Your Customers' Cash This Black Friday

11/23/2021
Each security step, no matter how small, can have great impact in detecting and deterring cyber theft.

Pentagon Partners With GreyNoise to Investigate Internet Scans

11/22/2021
With a new five-year, $30 million contract, GreyNoise Intelligence will assist multiple teams across the Department of Defense in a defensive capacity.

GoDaddy Breach Exposes SSL Keys of Managed WordPress Hosting Customers

11/22/2021
The incident, which affected 1.2 million users, raises concerns about domain impersonation attacks and other malicious activities.

CISA Urges Critical Infrastructure to Be Alert for Holiday Threats

11/22/2021
CISA and the FBI share steps organizations should take to better protect against security threats during holidays and weekends.

Bug Bounties Surge as Firms Compete for Talent

11/22/2021
Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.

10 Stocking Stuffers for Security Geeks

11/22/2021
Check out our list of gifts with a big impact for hackers and other techie security professionals.

Is it OK to Take Your CEO Offline to Protect the Network?

11/22/2021
Are you asking the right questions when developing your incident response playbook? What security tasks are you willing to automate?

Why the 'Basement Hacker' Stereotype Is Wrong — and Dangerous

11/22/2021
It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.

US Banks Will Be Required to Report Cyberattacks Within 36 Hours

11/19/2021
There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours.

3 Takeaways from the Gartner Risk Management Summit

11/19/2021
Security leaders can be treated as partners supporting the business and share accountability by establishing relationships with business stakeholders.

To Beat Ransomware, Apply Zero Trust to Servers Too

11/19/2021
The path out of the ransomware crisis is full inspection and protection of all traffic flows. That means zero trust everywhere — even between servers.

Zero Trust: An Answer to the Ransomware Menace?

11/19/2021
Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

US Indicts Iranian Nationals for Cyber-Enabled Election Interference

11/19/2021
Among other things, the pair pretended to be Proud Boys volunteers and sent in a fake video and emails to Republican lawmakers purporting to show Democratic Party attempts to subvert the 2020 presidential elections.

Search CT Logs for Misconfigured SSL Certificates

11/18/2021
Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.

Cloud Security Startup Lacework Gets a Boost With New $1.3B Funding

11/18/2021
Lacework's will use its $1.3 billion Series D to expand go-to-market strategies and its data-focused cloud security platform.

Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

11/18/2021
Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.

Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 US Pre

11/18/2021
An indictment was unsealed charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 US presidential election.

North Korean Hacking Group Targets Diplomats, Forgoes Malware

11/18/2021
The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware.