Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-03 21:25:43 |
How IT Teams Can Use \'Harm Reduction\' for Better Cybersecurity Outcomes (lien direct) |
Copado's Kyle Tobener will discuss a three-pronged plan at Black Hat USA for addressing human weaknesses in cybersecurity with this medical concept - from phishing to shadow IT. |
|
|
|
|
2022-08-03 20:23:45 |
Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks (lien direct) |
SMBs should patch CVE-2022-32548 now to avoid a host of horrors, including complete network compromise, ransomware, state-sponsored attacks, and more. |
|
|
|
|
2022-08-03 19:57:48 |
School Kid Uploads Ransomware Scripts to PyPI Repository as \'Fun\' Project (lien direct) |
The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times. |
Ransomware
Malware
|
|
|
|
2022-08-03 17:42:11 |
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets (lien direct) |
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets. |
|
|
|
|
2022-08-03 17:00:00 |
Zero-Day Defense: Tips for Defusing the Threat (lien direct) |
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust. |
Threat
|
|
|
|
2022-08-03 15:38:05 |
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO (lien direct) |
Serial entrepreneur, cybersecurity leader, and industry veteran joins ShiftLeft to drive growth and AI/ML innovation globally. |
Guideline
|
|
|
|
2022-08-03 15:33:00 |
Druva Introduces the Data Resiliency Guarantee of up to $10 Million (lien direct) |
The new program offers robust protection across all five data risk categories: cyber, human, application, operation, and environmental. |
|
|
|
|
2022-08-03 15:21:40 |
CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and \'Supercharge\' a Tech Career (lien direct) |
Todd Thibodeaux uses ChannelCon 2022 state of the industry remarks to unveil CompTIA's Project Agora; invites broad industry participation in the effort to fight for tech talent. |
|
|
|
|
2022-08-03 14:16:54 |
Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform (lien direct) |
Converged SASE platform provides AI-driven Zero trust security and simplified, optimized connectivity to any network location or device, including IoT. |
|
|
|
|
2022-08-03 14:00:00 |
5 Ways Chess Can Inspire Strategic Cybersecurity Thinking (lien direct) |
Rising interest in chess may feed the next generation of cybersecurity experts. |
|
|
|
|
2022-08-03 13:52:16 |
American Express, Snapchat Open-Redirect Vulnerabilities Exploited in Phishing Scheme (lien direct) |
Phishing operators are taking advantage of security bugs in the Amex and Snapchat websites (the latter is unpatched) to steer victims to phishing pages looking to harvest Google and Microsoft logins. |
|
|
|
|
2022-08-02 22:05:24 |
Thousands of Mobile Apps Leaking Twitter API Keys (lien direct) |
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year. |
|
|
★★★★★
|
|
2022-08-02 22:03:15 |
Large Language AI Models Have Real Security Benefits (lien direct) |
Complex neural networks, including GPT-3, can deliver useful cybersecurity capabilities such as explaining malware and quickly classifying websites, researchers find. |
Malware
|
|
★★★★
|
|
2022-08-02 21:04:50 |
Massive New Phishing Campaign Targets Microsoft Email Service Users (lien direct) |
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection. |
|
|
|
|
2022-08-02 20:30:17 |
From Babuk Source Code to Darkside Custom Listings - Exposing a Thriving Ransomware Marketplace on the Dark Web (lien direct) |
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices. |
Ransomware
|
|
★★★★★
|
|
2022-08-02 20:04:29 |
Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals (lien direct) |
Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed. |
|
|
★★★★
|
|
2022-08-02 19:31:09 |
Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges (lien direct) |
Launches industry's first ZTNA Migration Tool and ZTNA Buyback Program, setting the stage for migration away from ZTNA 1.0. |
Tool
|
|
|
|
2022-08-02 18:30:40 |
T-Mobile Store Owner Made $25M Using Stolen Employee Credentials (lien direct) |
Now-convicted phone dealer reset locked and blocked phones on various mobile networks. |
|
|
|
|
2022-08-02 17:05:52 |
Microsoft Intros New Attack Surface Management, Threat Intel Tools (lien direct) |
Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts. |
Threat
|
|
|
|
2022-08-02 17:00:00 |
Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk (lien direct) |
To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control. |
|
|
|
|
2022-08-02 16:00:00 |
VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware (lien direct) |
Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal. |
Malware
Threat
|
|
|
|
2022-08-02 15:24:02 |
Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps (lien direct) |
With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety. |
Threat
|
|
|
|
2022-08-02 14:50:20 |
Cybrary Lands $25 Million in New Funding Round (lien direct) |
Series C investment from BuildGroup and Gula Tech Adventures, along with appointment of Kevin Mandia to the board of directors, will propel a new chapter of company growth. |
|
|
|
|
2022-08-02 14:50:20 |
BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features (lien direct) |
In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification. |
Malware
|
|
|
|
2022-08-02 14:00:00 |
5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats (lien direct) |
From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure. |
|
|
|
|
2022-08-02 13:53:09 |
CREST Defensible Penetration Test Released (lien direct) |
CREST provides commercially defensible scoping, delivery, and sign-off
recommendations for penetration tests. |
|
|
|
|
2022-08-01 20:47:34 |
DoJ: Foreign Adversaries Breach US Federal Court Records (lien direct) |
A Justice Department official testifies to a House committee that the cyberattack is a "significant concern." |
|
|
|
|
2022-08-01 19:36:53 |
Ransomware Hit on European Pipeline & Energy Supplier Encevo Linked to BlackCat (lien direct) |
Customers across several European countries are urged to update credentials in the wake of the attack that affected a gas-pipeline operator and power company. |
|
|
|
|
2022-08-01 18:57:23 |
Credential Canaries Create Minefield for Attackers (lien direct) |
Canary tokens - also known as honey tokens - force attackers to second-guess their potential good fortune when they come across user and application secrets. |
|
|
|
|
2022-08-01 17:42:46 |
Chromium Browsers Allow Data Exfiltration via Bookmark Syncing (lien direct) |
"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment - or for sneaking in malicious code and attack tools. |
|
|
|
|
2022-08-01 16:41:05 |
(Déjà vu) Name That Edge Toon: Up a Tree (lien direct) |
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. |
|
|
|
|
2022-08-01 14:00:00 |
For Big Tech, Neutrality Is Not an Option - and Never Really Was (lien direct) |
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out. |
|
|
★★★
|
|
2022-07-29 20:56:01 |
AWS Focuses on Identity Access Management at re:Inforce (lien direct) |
Identity and access management was front and center at AWS re:inforce this week. |
|
|
|
|
2022-07-29 20:28:35 |
Attackers Have \'Favorite\' Vulnerabilities to Exploit (lien direct) |
While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed. |
|
|
|
|
2022-07-29 19:58:38 |
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More (lien direct) |
Dark Reading's digest of other "don't-miss" stories of the week - including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move. |
|
|
|
|
2022-07-29 18:33:45 |
Why Bug-Bounty Programs Are Failing Everyone (lien direct) |
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes. |
|
|
★★★
|
|
2022-07-29 16:56:27 |
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization (lien direct) |
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams. |
|
|
|
|
2022-07-29 16:55:15 |
Amazon Adds Malware Detection to GuardDuty TDR Service (lien direct) |
The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week. |
Malware
|
|
|
|
2022-07-29 15:43:19 |
Big Questions Remain Around Massive Shanghai Police Data Breach (lien direct) |
Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded? |
Data Breach
|
|
|
|
2022-07-29 14:06:33 |
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info (lien direct) |
The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository. |
Malware
|
|
|
|
2022-07-29 14:00:00 |
3 Tips for Creating a Security Culture (lien direct) |
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound. |
|
|
|
|
2022-07-28 18:22:00 |
Patch Now: Atlassian Confluence Bug Under Active Exploit (lien direct) |
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data. |
|
|
|
|
2022-07-28 16:41:06 |
APT-Like Phishing Threat Mirrors Landing Pages (lien direct) |
By dynamically mirroring an organization's login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels. |
Threat
|
|
|
|
2022-07-28 14:00:00 |
What Women Should Know Before Joining the Cybersecurity Industry (lien direct) |
Three observations about our industry that might help demystify security for women entrants. |
|
|
★★★★★
|
|
2022-07-28 09:00:00 |
In a Post-Macro World, Container Files Emerge as Malware-Delivery Replacement (lien direct) |
With Microsoft disabling Office macros by default, threat actors are increasingly using ISO, RAR, LNK, and similar files to deliver malware because they can get around Windows protections. |
Malware
Threat
|
|
|
|
2022-07-28 00:44:02 |
When Human Security Meets PerimeterX (lien direct) |
Dark Reading's analysis suggests that the merger between Human Security and PerimeterX will bring modern defense strategies to disrupt cybercrime and fraud. |
|
|
|
|
2022-07-27 23:31:55 |
OneTouchPoint, Inc. Provides Notice of Data Privacy Event (lien direct) |
. |
|
|
★★★★
|
|
2022-07-27 23:10:52 |
Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) |
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. |
Vulnerability
|
|
★★★★
|
|
2022-07-27 18:49:47 |
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (lien direct) |
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests. |
Tool
|
|
|
|
2022-07-27 17:42:03 |
US Offers $10M Double-Reward for North Korea Cyberattacker Info (lien direct) |
North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure. |
|
|
|