Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

08/04/2022
In the last month, "Pl0xP" cloned several GitHub repositories, adding malicious code to the forks that would attempt to infect developer systems and steal sensitive files that included software keys.

Ping Identity to Go Private After $2.8B Acquisition

08/04/2022
The identity-services company is being acquired by Thoma Bravo software investment for cash, before being delisted.

Startup Footprint Tackles Identity Verification

08/03/2022
Early-stage startup Footprint's goal is to provide tools that change how enterprises verify, authentication, authorize, and secure identity.

How IT Teams Can Use 'Harm Reduction' for Better Cybersecurity Outcomes

08/03/2022
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept — from phishing to shadow IT.

Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

08/03/2022
SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more.

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project

08/03/2022
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.

Cyberattackers Drain Nearly $6M From Solana Crypto Wallets

08/03/2022
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.

Zero-Day Defense: Tips for Defusing the Threat

08/03/2022
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.

ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO

08/03/2022
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally.

Druva Introduces the Data Resiliency Guarantee of up to $10 Million

08/03/2022
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental.

CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Caree

08/03/2022
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIA’s Project Agora; invites broad industry participation in the effort to fight for tech talent.

Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

08/03/2022
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT.

American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme

08/03/2022
Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins.

Thousands of Mobile Apps Leaking Twitter API Keys

08/02/2022
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.

Large Language AI Models Have Real Security Benefits

08/02/2022
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities, such as explaining malware and quickly classifying websites, researchers find.

Massive New Phishing Campaign Targets Microsoft Email Service Users

08/02/2022
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.

From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

08/02/2022
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices.

Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other V

08/02/2022
Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.

Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges

08/02/2022
Launches industry’s first ZTNA migration tool and ZTNA buyback program, setting the stage for migration away from ZTNA 1.0.

T-Mobile Store Owner Made $25M Using Stolen Employee Credentials

08/02/2022
Now-convicted phone dealer reset locked and blocked phones on various mobile networks.