Dark Reading

Why Layer 8 Is Great

07/25/2022
To help discern legitimate traffic from fraud, it helps to understand user intent as shown through their behavior.

Qakbot Is Back With a New Trick: DLL Sideloading

07/25/2022
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.

Aqua Launches Out-of-the-Box Runtime Security with Advanced Protection against the Most Sophisticated Threats

07/25/2022
Security professionals can now achieve real-time protection for their workloads in minutes.

Getting Ahead of Supply Chain Attacks

07/25/2022
Attackers are willing to replicate entire networks, purchase domains, and persist for months, not to mention spend significantly to make these campaigns successful.

Critical Filewave MDM Vulnerabilities Allow Attackers Full Mobile Device Control

07/25/2022
Two previously unknown critical vulnerabilities within FileWave’s multiplatform MDM system could grant malicious actors access to the platform's most privileged user account.

Understanding Proposed SEC Rules Through an ESG Lens

07/22/2022
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.

ICYMI: Neopets & the Gaming Problem; SolarWinds Hackers Are Back; Google Ads Abused

07/22/2022
Dark Reading's weekly roundup of all the OTHER important stories of the week.

Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open

07/22/2022
A hardcoded password associated with the Questions for Confluence app has been publicly released, which will likely lead to exploit attempts that give cyberattackers access to all Confluence content.

Google Chrome Zero-Day Weaponized to Spy on Journalists

07/22/2022
Candiru attackers breached a news agency employee website to target journalists with DevilsTongue spyware, researchers say.

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

07/22/2022
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Phishing Bonanza: Social-Engineering Savvy Skyrockets as Malicious Actors Cash In

07/22/2022
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.

Thales Expands Cybersecurity Portfolio With OneWelcome Acquisition

07/22/2022
With more staff working remotely, identity, authentication, and access have never been more important.

What Firewalls Can — and Can't — Accomplish

07/22/2022
Understanding the limitations of firewalls is important to protecting the organization from evolving threats.

Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene

07/21/2022
The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.

Equitable Digital Identity Verification Requires Moving Past Flawed Legacy Systems

07/21/2022
Data science can be used to improve access to government assistance while reducing fraud.

Google Becomes First Cloud Operator to Join Healthcare ISAC

07/21/2022
Google Cloud pledges experts and other resources to Health Information Sharing and Analysis Center, a community of healthcare infrastructure operators and owners.

The Market Is Teeming: Bargains on Dark Web Give Novice Cybercriminals a Quick Start

07/21/2022
A study of the unregulated dark markets shows that the vast majority of malware, exploits, and attacker tools sell for less than $10, giving would-be criminals a fast entry point.

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

07/21/2022
Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments.

Cybercrime Group TA4563 Targets DeFi Market With Evolving Evilnum Backdoor

07/21/2022
The cyber campaign, aimed at siphoning funds, uses an improved version of the malware, which can adjust infection paths based on recognized antivirus software.

Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration

07/20/2022
New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with