Dark Reading

Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot

03/31/2022
The exploit requires a specific nonstandard configuration to work, limiting the danger it poses, but future research could turn up more broadly usable attacks.

Ransomware: Should Companies Ever Pay Up?

03/31/2022
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?

Companies Going to Greater Lengths to Hire Cybersecurity Staff

03/31/2022
The cybersecurity market is red-hot. But with so many still-unfilled positions, companies may be more willing to bend or break some hiring rules.

Global BEC Crackdown Nets 65 Suspects

03/31/2022
FBI and international law enforcement agencies execute "Operation Eagle Sweep."

U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network

03/31/2022
The Academic Engagement Network is designed to advance cybersecurity in four areas.

Protecting Your Organization Against a New Class of Cyber Threats: HEAT

03/31/2022
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.

Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

03/31/2022
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.

Zero-Day Vulnerability Discovered in Java Spring Framework

03/30/2022
A proof-of-concept exploit allows remote compromises of Spring Web applications.

CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices

03/30/2022
Take UPS management interfaces off the Internet "immediately," agencies say.

Smart Cities: Secure by Design? It Takes a Village

03/30/2022
Smart-city security breaches have potentially very serious consequences — they can be economically devastating and even life-threatening, if handled wrong.

Cybercriminals Fighting Over Cloud Workloads for Cryptomining

03/30/2022
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.

Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk

03/30/2022
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.

How Security Complexity Is Being Weaponized

03/30/2022
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.

How to Prevent the Next Log4j-Style Zero-Day Vulnerability

03/30/2022
An interactive static analyzer gives developers information on potential risks arising from user inputs while they code. This could be a game-changer.

Log4j Attacks Continue Unabated Against VMware Horizon Servers

03/29/2022
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.

Understanding Private 5G LANs in the Enterprise

03/29/2022
As the technology matures and costs begin to drop, 5G LAN looks more like a realistic replacement for corporate Wi-Fi networks.

Precursor Malware is a Early Warning Sign for Ransomware

03/29/2022
Ransomware typically rely on malware downloaders and other delivery mechanisms. Detecting and removing precursor malware improves the odds that a ransomware attack has been blocked.

Private Equity Firm Led by Mnuchin Acquires Mobile Security Vendor Zimperium

03/29/2022
Liberty Strategic Capital to pay $525 million for mobile security vendor.

CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender

03/29/2022
Latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to respond to breaches stemming from user account-based attacks.

Biden Requests Nearly $11B for Federal Cybersecurity Spending

03/29/2022
The administration's 2023 IT budget for civilian agencies includes $500 million more for CISA.