Dark Reading

Software Supply Chain Concerns Reach C-Suite

07/19/2022
Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.

Trojanized Password Crackers Targeting Industrial Systems

07/18/2022
Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Retbleed Fixed in Linux Kernel, Patch Delayed

07/18/2022
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.

FBI: Beware of Scam Cryptocurrency Investment Apps

07/18/2022
Law enforcement estimates campaign has already bilked cryptocurrency investors out of $42.7 million.

WordPress Page Builder Plug-in Under Attack, Can't Be Patched

07/18/2022
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.

Name That Toon: Modern-Day Fable

07/18/2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Ransomware Attempts Flag as Payments Also Decline

07/18/2022
Telecom and business services see the highest level of attacks, but the two most common ransomware families, which continue to be LockBit and Conti, are seen less often.

Building Guardrails for Autonomic Security

07/18/2022
AI's potential for automating security has promise, but there are miles to go in establishing decision-making boundaries.

Watch Out for User Impersonation in Low-Code/No-Code Apps

07/18/2022
How a well-meaning employee could unwittingly share their identity with other users, causing a whole range of problems across IT, security, and the business.

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

07/15/2022
IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.

What Are the Risks of Employees Going on a 'Hybrid Holiday'?

07/15/2022
As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub

07/15/2022
Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

07/15/2022
Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine

07/15/2022
Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

How Hackers Create Fake Personas for Social Engineering

07/15/2022
And some ways to up your game for identifying fabricated online profiles of people who don't exist.

Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners

07/14/2022
Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

07/14/2022
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

New Phishing Kit Hijacks WordPress Sites for PayPal Scam

07/14/2022
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.

Scribe Security Releases Code Integrity Validator Alongside Github Security Open Source Project

07/14/2022
Developers can now rest assured that the code they are using, as well as their GitHub accounts, are safe.

AEI HorizonX Ventures Joins Shift5 Series B Funding Round

07/14/2022
Investment bolsters Shift5’s traction within commercial aerospace and defense industries.