Secure email group Proton wins Swiss appeal over surveillance rules

Ruling says email services not subject to data retention rules.

Ransomware Rise Pushes Organizations to Prepare for Attack

Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.

aDolus raises $2.5 million to secure critical infrastructure and grow sales and marketing team

Software supply chain security experts to drive aggressive go-to-market strategy

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure 'pen-testing' company.

What Does Better Insider Risk Management Look Like?

Conventional data security tools do not address insider risk — a growing problem in today's remote-hybrid world. We need a better way to manage insider risk.

Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

Researcher spots RSA tell-tale lurking in plain sight on VirusTotal Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the m ...

Gigabyte Allegedly Hit By AvosLocker Ransomware

Cisco SD-WAN Security Bug Allows Root Code Execution

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.

Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations

The second vanishing of the cybergang... for now As we noted a few days back, notorious ransomware gang REvil "disappeared" again this week. Recent reports have now shed light on why that may be.…

How your phone, laptop, or watch can be tracked by their Bluetooth transmissions

Unique fingerprints lurk in radio signals more often than not, it seems Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy (BLE) protocol and this turns out to be a somewhat significant privacy risk.…

YouTubers fell for shady 'sponsors' who seized, then sold, accounts

Vid-slingers had been asking how this happened for years, even while their channels were spruiking dodgy crypto After years of complaints from YouTubers, Google has pinpointed the root cause of a series of account hijackings: software sponsorship deals th ...

Security Teams Still Favor Prevention Over Detection

Security leaders are adopting a multilayered approach to address new security threats and risks.

Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware

Guardicore's micro-segmentation products will be added to Akamai's portfolio of Zero Trust solutions.

Plurilock to Acquire Assets of CloudCodes Software

Transaction marks Plurilock’s second acquisition in 2021.

Invicti Security Announces $625 Million Growth Investment Led by Summit Partners

Web application security provider plans to leverage new investment to continue product expansion and support global growth.

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.

Microsoft Launches Security Program for Nonprofits

A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.

Gigabyte Allegedly Hit by AvosLocker Ransomware

If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.

Duo Sentenced For Roles In Running Bulletproof Hosting Service

Sim Swapper Doxes And SWATs His Accomplice

How Psychology Can Save Your Cybersecurity Awareness Training Program

Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.

Why is Cybersecurity Failing Against Ransomware?

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.

Proposed HTTPA Protocol Uses TEEs to Secure the Web

Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost web security.

Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students

$10,000 to be awarded annually for four years each by Optiv’s Black Employee Network.

Microsoft-Signed Rootkit Targets Gaming Environments in China

FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process.

Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges

Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.

Google: Phishing Campaign Targets YouTube Creators

The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.

Removing Friction for the Enterprise With Trusted Access

Trusted access can help reduce friction so that your team can get work done.

Google Crushes YouTube Cookie-Stealing Channel Hijackers

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. 

We don’t want to be critical, but humans alone aren’t enough to protect your ICS

If you want to know the solution, join this Regcast Sponsored  We know for sure that ransomware attackers and sundry dark forces want to break into critical infrastructure. Ransomware attacks on industrial environments have increased by 500 per cent sinc ...

Hackers Are Disguising Their Malicious JavaScript With A Trick

Google Finally Strips File Transfer Protocol Code From Chrome Browser

The Ransomware Payment Dilemma: Should Victims Pay or Not?

It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.

JavaScript Packing Found In More Than 25% of Malicious Sites

Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.

Centre for Computing History apologises to customers for 'embarrassing' breach

Website patched following phishing scam, no financial data exposed The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was ...

When it comes to ransomware, every second hurts

Fortinet seeks to make EDR easy for non-specialists Sponsored  For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 tha ...

Crims target telcos' Linux and Solaris boxes, which don't get enough infosec love

CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have f ...

Acer servers cracked in India and Taiwan – including systems with customer data

Gang says it grabbed internal info, could do the same to Acer elsewhere Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data.…

Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises

Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp.

Enterprise Cybersecurity Strategies Are Getting More Attention

Data in Dark Reading's 2021 Strategic Security Survey report suggest organizations are taking the security challenge seriously.

Query.ai Closes $15M Series A for Security Investigations Tool

The funding will support product development for Query.AI's browser-based security investigations tool.

CrowdStrike Invests in Microsoft AD Competitor JumpCloud

Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.

Candy Corn Maker Hit With Ransomware

Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.

Name That Toon: Bone Dry

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Privacy Management for Microsoft 365 Now Generally Available

The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.

Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors

Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.

Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster

Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.

Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency

Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.

UK competition watchdog unveils principles to make a kinder antivirus business

Treat customers fairly when it comes to auto-renewal. Or else The UK's Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms.…

A Guide to Doing Cyberintelligence on a Restricted Budget

Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.

The Simmering Cybersecurity Risk of Employee Burnout

Why understanding human behavior is essential to building resilient security systems.

Feds Warn BlackMatter Ransomware Gang is Poised to Strike

An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.

Damages Escalate Rapidly in Multi-Party Data Breaches

Analysis of the top-50 multi-party attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage.

FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream

New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies.

Group With Potential Links to Iranian Threat Actor Resurfaces

The Lyceum group has previously been linked to attacks on targets in the Middle East.

Time to Build Accountability Back into Cybersecurity

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.

Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud

As retailers roll out more "buy online, pickup in-store" options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.

Sinclair Broadcast Group Confirms Ransomware Attack

The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.

Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse

Infosec pro: 'OneDrive abuse has been going on for years' Microsoft has been branded as "the world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security research ...

Twitter Suspends Accounts Used to Snare Security Researchers

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.

In Cyberwar, Attribution Can Be Impossible — and That's OK

Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.

Chinese tech minister says he's 'dealt with' 73,000 websites that breached the law

Ongoing crackdown saw apps 1.83 million apps tested, 4,200 told to clean up their act, pop-up ads popped China's Minister of Industry and Information Technology, Xiao Yaqing, has given a rare interview in which he signalled the nation's crackdown on the i ...

Whatever sort of disaster we’re talking about, if your backups are fried, you’re not going to recover

Here’s how zero trust and immutability can save you Sponsored  When you’re putting your enterprise security and data management strategy in place, should you worry more about ransomware or natural disasters?…

US gov claims ransomware 'earned' $590m in the first half of 2021 alone – mostly in Bitcoin

Names and bars crypto exchange SUEX, warns paying ransoms could spell trouble Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone – more than the $416 million tracked in all of 2020, ...

10 Hot Red Team Tools Set to Hit Black Hat Europe

The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros.

Amazon textbook rental service scammed for $1.5m

Michigan man arrested for borrowing costly textbooks and selling them A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them.…

China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes

China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.

Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move

Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.

Evolution Equity Partners Close $400M for Cybersecurity Investments

The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.

Critical Infrastruture Security Dubbed Abysmal By Researchers

Malware Botnet Gang Steals Millions With Simple Trick

Sunderland University Cyber Attack Fix Date Unknown