Dark Reading

Prevention Takes Priority Over Response

07/06/2022
Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action.

North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs

07/06/2022
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

07/06/2022
Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.

I Built a Cheap 'Warshipping' Device in Just Three Hours — And So Can You

07/06/2022
Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.

Marriott Data Breach Exposes PII, Credit Cards

07/06/2022
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.

How to Keep EVs From Taking Down the Electrical Grid

07/06/2022
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.

Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'

07/06/2022
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.

Identity Access Management Is Set for Exploding Growth, Big Changes — Report

07/06/2022
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.

The Cyber-Asset Management Playbook for Supply Chain Modernization

07/06/2022
Organizations must balance the risk and reward of new cyber-asset management technologies.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

07/06/2022
Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

NIST Picks Four Quantum-Resistant Cryptographic Algorithms

07/05/2022
The US Department of Commerce's National Institute of Standards and Technology (NIST) announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.

HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain

07/05/2022
Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe.

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

07/05/2022
A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.

Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk

07/05/2022
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.

Google Chrome WebRTC Zero-Day Faces Active Exploitation

07/05/2022
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.

3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024

07/05/2022
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.

Name That Edge Toon: On Guard

07/05/2022
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

07/01/2022
Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

OpenSea NFT Marketplace Faces Insider Hack

07/01/2022
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

Time Constraints Hamper Security Awareness Programs

07/01/2022
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.