The RSA conference in San Francisco always feels like drinking from a fire hose but especially this year at the first in-person RSA since the pandemic began.
Rogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud.…
Networks expose users to hijack.
Accused of hacking cover up.
Hackers' plunder drops substantially in value.
Store giant brands watchdog's lawsuit 'factually misguided, legally flawed' The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."…
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.
Can act as digital ID exchange.
Over privacy complaint.
Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.
Researchers this week said they had observed criminals using a new and improved version of the prolific malware, barely three months after its authors announced they were quitting.
The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.
Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
Protection starts with having the right network design, says Rockwell Automation Sponsored Feature Malware targeting operational technology (OT) and industrial controls systems (ICS) doesn't come along very often. But when it does, it's worth paying clo ...
Relatively cybercrime newbies not clear on whether it's alleging to have gigabits or gigabytes of chip biz's data If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the pr ...
Researchers say that China has 'crossed the line' again with the new online campaign.
Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They're also much harder for defenders to detect and block.
Codenotary's new service enables you to monitor what's running in your Kubernetes-managed container clusters -- vital knowledge for security.
Join this webinar to find out how to block them Webinar What does your tech infrastructure look like to the outside world? You might think it looks like an impenetrable fortress or a black box. You're probably wrong.…
Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks.
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.
Ransomware attacks 'strike hard and fast', warns NCSC chief.
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the ...
Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.
Could it be Beijing was right about games being bad for China? Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform.…
Now those are some phishing boats Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive personal information on customers and employees was accessed in a string of cyber attacks. ...
Helpfully announced extension on deadline day India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduc ...
Creates three-year strategy to improve control 'maturity'.
Researcher discovery sparks vulnerability controversy.
Bugcrowd now open to all.
NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.
Though severity up for debate, and limited chips affected, broken tests hold back previous patch from distribution The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, ...
Uncle Sam tells of crooks exploiting Pride Month The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.…
Balancing public service with fraud prevention requires rule revisions and public trust.
LockBit 3.0 promises to 'Make Ransomware Great Again!' with a side of cybercrime crowdsourcing.
Seeks public views.
Retailers dispute 'characterisation
39; of technology.
Cerby platform emerges from stealth mode to let users automate security for applications outside of the standard IT purview.
Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.
DSM is now the third acquisition by Thrive in Florida in the past six months.
If you haven't properly addressed the issue, you're already behind. But even if you've had a false start, it's never too late to get back up.
Zero trust troubles and more ransomware regulation also make tech analyst Gartner's list of factors you need to plan for.
I did not attend WEIS this year, but Ross Anderson was there and liveblogged all the talks.
Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details In brief A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 resid ...
It's easy to see why – the question is, why now? China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.…
Exposed substantial amounts of sensitive customer data.
But welcomes fast cross-border payments in central bank digital currencies In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has wa ...
Start your training here for a career in penetration testing and "white hat" hacking.
These tutorials cover NIST and all the best practices for government cybersecurity.
Posted by Dave Aitel via Dailydave on Jun 24People think that finding vulnerabilities is about finding holes in code. But at some level it's not really about that. It's about understanding that the code itself is a hole in the swirling chaos of the world ...
Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
'A humbling and unfortunate reminder' that monsters lurk under bridges Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.…
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guide ...
CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.
A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
The US government's cyber insurance only covers certain events and maybe not ones that could destroy IT systems.
Continuous monitoring is key to keeping up with software-as-a-service changes, but that's not all you'll need to get better visibility into your SaaS security.
Hermit highlights a wider issue concerning our privacy and freedom.
We have a tech innovation problem, not a staff retention (or recruitment) problem.
Scalpers are snapping up public service appointments and selling them on.
Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.
Patch your systems, says cybersecurity agency, because attackers are using these flaws.
Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space. Nothing in that letter is out of the ordinary, and is in line with what I wrote ...
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
Got a tech question? Ed Bott and ZDNet's squad of editors and experts probably have the answer.
Watching people's every move and collecting their info – not on our watch, says web ads giant Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular ne ...
Google offers up better password management for Chrome on iOS to appeal to iPhone users who stick with Safari.
Asks for feedback on state-based scheme.
They're not lying when they say 'We stole your data' – the lie is about which data they lifted A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Sec ...
Patch now, because all endpoints are vulnerable.
The "Miracle Exploit" left unpatched for six months.
Powerful command line interface essential to securing Windows.
EU Parliamentary hears how RCS Labs tactics are used to target victims.
Bronze Starlight’s use of multiple ransomware families and its victim-targeting suggest there’s more to the group’s activities than just financial gain, security vendor says.
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.
ShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
The concept might make us sharp and realistic, but it's not enough on its own.
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
The Fortune 500 electronics manufacturer was an early adopter of Google Cloud, which led to a search for a new security architecture Matt Ramberg is the vice president of information security at Sanmina, a sprawling electronics manufacturer with close to ...
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.
Weaknesses in operational technology systems need to be addressed.
Five ransomware strains have been linked to Bronze Starlight activities.
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.
Nadiya Kostyuk and Susan Landau wrote an interesting paper: “Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process“: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST ...
PowerShell is often abused by attackers but defenders should not switch off the Windows command-line tool, warn cybersecurity agencies.
Criminals still like using email to phish credentials but ransomware delivered by email has tapered off.
I like driving in my car, hope my data's not gone far UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.…
Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows ...
Victims lured into handing over online banking logins, police say Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.…
Organizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be.
Boffins devise five attacks to expose private files Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can on ...
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.
Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.
Bugs potentially useful for rogue insiders, admin account hijackers Cisco has alerted customers to four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. …
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.
Open service generates free report detailing potential gaps in compliance, configuration, and security for a user’s multiple domain names.
Cyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.
The Linux Foundation and Snyk's report, The State of Open Source Security, finds open source security faces hard challenges even as it becomes more popular than ever.
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.
Source remains unclear, plenty suspect Iran Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. …
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.
partnership lets users access one-click ScreenMeet sessions from the Tanium platform.
Zscaler also announced innovations built on Zscaler’s Zero Trust architecture and AWS.
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.
Organizations can strengthen their network defense with a number of intelligent security innovations.
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.
Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.
Blockchain not as decentralised as many assume, finds Pentagon sponsored research US government sponsored research is casting new light on the security of blockchain technology, including the assertion that a subset of a distributed ledger's participants ...
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.