Dark Reading

Flashpoint Releases Ransomware Prediction Model for Vulnerabilities

11/10/2022
Links individual vulnerabilities to those known to have been used in ransomware operations, helping vulnerability management teams prevent potential cyber extortion events with VulnDB.

Rezilion Expands Dynamic SBOM Capability to Support Windows Environments

11/10/2022
Technology consolidates Windows and Linux software risk together in one UI, helping teams manage vulnerabilities and comply with new regulatory standards.

Lacework Extends CNAPP Capabilities With Attack Path Analysis and Agentless Workload Scanning

11/10/2022
Greater insight into attack paths and runtime visibility helps customers reduce risk and improve cloud security posture.

Understanding the Rise of Risk-Based Vulnerability Management

11/10/2022
Risk-based vulnerability management solutions foster the convergence of risk management and vulnerability management. Andrew Braunberg explains what’s driving the emergence of RBVM.

Malicious Python Package Relies on Steganography to Download Malware

11/09/2022
The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

11/09/2022
Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery

11/09/2022
Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts.

How US Businesses Suffer From the Lack of Personal Data Privacy Laws

11/09/2022
The stalling of federal legislation and the continued expansion of data brokers are fueling a phishing epidemic.

Long Island Midterm Votes Delayed Due to Cyberattack Aftereffects

11/09/2022
Suffolk County had to hand deliver voting databases with ballot results to the county election headquarters.

Experian, T-Mobile Pay Up in Multimillion-Dollar Data Breach Settlements

11/09/2022
Massachusetts Attorney General announced settlements across multiple states for damages from Experian's 2012 and 2015 breaches that violated consumer protection and notification laws.

A Better Way to Resist Identity-Based Cyber Threats

11/09/2022
New approaches to identity access management are indispensable.

Cloud9 Malware Offers a Paradise of Cyberattack Methods

11/09/2022
The Swiss Army knife-like browser extension is heaven for attackers — and can be hell for enterprise users.

Compliancy Group Urges Healthcare Organizations to Complete Their HIPAA Security Risk Assessments

11/09/2022
An annual HIPAA security risk assessment is required to meet HIPAA requirements.

What We Really Mean When We Talk About ‘Cybersecurity’

11/09/2022
A lack of precision in our terminology leads to misunderstandings and confusion about the activities we engage in, the information we share, and the expectations we hold.

Research Finds Less Than a Quarter of Organizations Fully Confident Ex-Employees No Longer Have Access to Company Infras

11/09/2022
Teleport releases its second annual State of Infrastructure Access and Security report.

Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says

11/09/2022
The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.

Confidence in Data Recovery Tools Low

11/08/2022
IT practitioners are developing ransomware response plans, but many of them are not confident in their data resiliency tools.

The CIS Benchmarks Community Consensus Process

11/08/2022
The CIS Benchmarks are unique for many reasons. None compare to the community consensus process that forms their hardening guidance. Learn how to get involved.

Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday

11/08/2022
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

Extortion Economics: Ransomware's New Business Model

11/08/2022
Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialized roles in service of ill-gotten gains.