Venmo gets more private—but it’s still not fully safe
Until it offers privacy by default, it remains a liability for many of its users.
25-07-2021 10:50

An explosive spyware report shows limits of iOS, Android security
Amnesty International sheds alarming light on an NSO Group surveillance tool.
24-07-2021 09:30

CASE STUDY: Archroma: designing security into company processes with Edgescan
What were the challenges Archroma was facing from a security perspective?  We are a relatively young company, and we brought Edgescan on board quite early on, so rather than transitioning from another vulnerability management solution it was more a case
23-07-2021 16:30

European Commission proposes changes to EU law to increase cryptocurrency transaction transparency
European Commission regulators have proposed changes to EU law that would force companies that transfer Bitcoin or other crypto-assets to collect details on the recipient and sender. The proposals would make crypto-assets more traceable, the EU Commissio
23-07-2021 16:19

Departing employees pose significant cloud security risks, report finds
This week, cybersecurity provider Netskope released the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-e
23-07-2021 16:09

Gartner MQ for PAM regards One Identity as a Leader in 2021
One Identity, an identity-centric security provider, has been named a Leader in the 2021 Gartner Magic Quadrant for Privileged Access Management (PAM) as the company continues to deliver on its next-generation PAM vision. One Identity helps businesses ad
23-07-2021 15:40

Biden Administration Responds to Geopolitical Cyber Threats
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
23-07-2021 14:50

Five steps to password policy compliance
Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on othe
23-07-2021 13:39

Kaseya gets master decryptor to help customers still suffering from REvil attack
REvil ransomware struck as many as 1,500 networks, but a master key is now available.
22-07-2021 20:12

AT&T nightmare: Woman had to wait 3+ months for broadband at new home
AT&T, the only ISP available, kept canceling installs until she contacted news media.
22-07-2021 17:18

Saudi Aramco confirms data leak after $50 million cyber ransom demand
World’s largest oil producer says some company files were compromised.
22-07-2021 16:56

Ars AI headline experiment finale—we came, we saw, we used a lot of compute time
Turns out it's really hard to make a machine-learning model to evaluate headlines.
22-07-2021 15:00

7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
22-07-2021 12:45

Authlogics announces enhancements to its Password Security Management Product
Authlogics has announced the latest enhancements to its dynamic Password Security Management (PSM) product. The new features will help enterprises ‘level up’ their password policies in order to ensure heightened security. Instead of traditional costly po
22-07-2021 12:05

Home and office routers come under attack by China state hackers, France warns
Compromised routers give the hackers anonymity in ongoing large-scale attacks.
21-07-2021 21:57

Back to work: Onslaught of personal devices could pose serious cybersecurity risk
A nationwide survey of 2,000 UK employees conducted by Censuswide on behalf of Armis, the unified asset visibility and security platform provider, analyses the new working culture and security of personal devices before the inevitable return to the offic
21-07-2021 14:46

Lyft ditches Google Maps for Here, partners with Argo AI
Argo and Ford will deploy driverless cars on Lyft's network in Miami and Austin.
21-07-2021 13:49

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
Both OSes have flaws that allow attackers with a toehold to elevate access.
20-07-2021 21:17

Our AI headline experiment continues: Did we break the machine?
In part three of four, we look at what's gone right, and what's gone... less than right.
20-07-2021 15:00

Apple under pressure over iPhone security after NSO spyware claims
Apple urged to work with rivals after alleged surveillance of journalists, activists.
20-07-2021 13:59

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)
Armis has announced its official participation in MITRE Engenuity’s initial round of ATT&CK® Evaluations for industrial control systems (ICS). In these tests, MITRE Engenuity used the MITRE ATT&CK® knowledge base to emulate the tactics and techni
20-07-2021 10:56

Dish switching network to AT&T after calling T-Mobile anticompetitive
10-year deal will make AT&T the primary network provider for Dish MVNO business.
19-07-2021 22:12

“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones
NSO Group says its spyware targets only criminals and terrorists. Critics disagree.
19-07-2021 20:44

US warns China over state-sponsored hacking, citing mass attacks on Exchange
US: Chinese state-backed hackers perpetrated "massive cyber espionage operation."
19-07-2021 19:02

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
19-07-2021 17:24

US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
19-07-2021 16:40

How Gaming Attack Data Aids Defenders Across Industries
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
19-07-2021 16:30

NSO Group Spyware Used On Journalists & Activists Worldwide
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
19-07-2021 14:53

Netflix password crackdown: why users should be arguing for stronger measures
It was long overdue, but Netflix has finally started to explore ways to address its password problem. By prompting viewers to prove that they live with the holder of that account by receiving a code, sent via text or email, they are hoping to weed out pa
19-07-2021 14:33

Combatting ransomware: a holistic approach
Although cybercrime as a whole has seen a rise during the pandemic, arguably ransomware has been one of the more successful and lucrative attack types. According to the World Economic Forum 2020 Global Risk Report, ransomware was the third most common, a
19-07-2021 14:25

The new ransomware threat: triple extortion
By the time you have finished reading this sentence, an organisation somewhere in the world will have fallen victim to a ransomware attack and had at least some of its corporate data encrypted. Globally, on average, the criminals behind ransomware attack
19-07-2021 14:20

Preparing for the ever-growing threat of ransomware
Ransomware is a growing threat to every organisation on the planet; it seems we can’t go a day without seeing another high-profile ransomware attack being detailed in mainstream media. Cyber-criminals are innovating at a phenomenal pace in this growing ‘
19-07-2021 13:59

It’s time to get ahead of weaponised vulnerabilities
It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-p
19-07-2021 13:49

When Ransomware Comes to (Your) Town
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
19-07-2021 13:25

Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
19-07-2021 10:00

7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
19-07-2021 10:00

Hackers got past Windows Hello by tricking a webcam
Researchers used infrared photos and third-party hardware to best facial-recognition tech.
18-07-2021 13:30

Facebook catches Iranian spies catfishing US military targets
Hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
17-07-2021 10:45

Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
16-07-2021 20:38

Researchers Create New Approach to Detect Brand Impersonation
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
16-07-2021 16:29

Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
16-07-2021 14:20

OneLogin Eases Adoption of Zero Trust Framework with Delegated Administration
OneLogin has announced the launch of its Delegated Administration offering, which enables organizations to adopt the Zero Trust principle of least privilege access. By empowering IT administrators to easily delegate access on a granular level, organizati
16-07-2021 10:08

4 Future Integrated Circuit Threats to Watch
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
16-07-2021 10:00

How to Attract More Computer Science Grads to the Cybersecurity Field
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
16-07-2021 09:30

For years, a backdoor in popular KiwiSDR product gave root to project developer
Users are rattled after learning their devices and networks were exposed.
15-07-2021 19:22

Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
15-07-2021 18:35

State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
15-07-2021 17:10

TSMC signals global chip crunch may be easing
Semiconductor group says carmakers can expect upturn in supplies over coming weeks.
15-07-2021 16:50

CISA Launches New Website to Aid Ransomware Defenders provides information to help organizations protect against, and respond to, ransomware attacks.
15-07-2021 15:58

Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
15-07-2021 15:54

IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
15-07-2021 15:36

Feeding the machine: We give an AI some headlines and see what it does
In part two of our series, we attempt to learn the ways of the machine.
15-07-2021 15:00

How to Bridge On-Premises and Cloud Identity
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
15-07-2021 13:00

What to Look for in an Effective Threat Hunter
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.
15-07-2021 10:00

Amazon bought Facebook’s satellite team to help build Starlink competitor
Amazon's Project Kuiper got some new employees as Facebook ended satellite project.
14-07-2021 21:09

iOS zero-day let SolarWinds hackers compromise fully updated iPhones
Flaw was exploited when government officials clicked on links in LinkedIn messages.
14-07-2021 20:04

SonicWall: 'Imminent' Ransomware Attack Targets Older Products
The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.
14-07-2021 17:42

Google to Bring HTTPS-First Mode to Chrome Browser
Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS.
14-07-2021 17:00

Security and HR phishing scams are luring employees, KnowBe4 report finds
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has revealed the results of its Q2 2021 top-clicked phishing report. There has been a significant rise in phishing email attacks related to HR topic
14-07-2021 16:22

Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
14-07-2021 16:20

Did the Cybersecurity Workforce Gap Distract Us From the Leak?
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
14-07-2021 13:00

10 Mistakes Companies Make In Their Ransomware Responses
Hit by ransomware? These missteps can take a bad scenario and make it even worse.
14-07-2021 12:15

Outpost24 acquires threat intelligence provider Blueliv
Outpost24 has acquired Blueliv, one of the world’s leading cyber threat intelligence companies which will create one of the largest cybersecurity providers in Europe. The objective: to provide the most advanced threat landscape monitoring solution
14-07-2021 11:34

Outpost24 acquires threat intelligence provider Blueliv
Outpost24 has announced the acquisition of Blueliv, a leading cyber threat intelligence company from Spain. This combination will create one of the largest cybersecurity providers in Europe and provide the most advanced threat landscape monitoring soluti
14-07-2021 11:19

4 Integrated Circuit Security Threats and How to Protect Against Them
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
14-07-2021 10:00

SolarWinds 0-day gave Chinese hackers privileged access to customer servers
Hackers IDed as DEV-0322 have a fondness for defense contractors and software-makers.
14-07-2021 02:20

How much do you pay your ISP? Consumer Reports wants to see your bill
Your bill and a speed test can help Consumer Reports analyze Internet prices.
13-07-2021 21:08

New Phishing Campaign Targets Individuals of Interest to Iran
TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
13-07-2021 18:00

Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs
The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.
13-07-2021 17:25

AT&T will let unlimited-data customers pay more to avoid the slow lane
AT&T says users can soon "stay in the fast lane" on its priciest unlimited plan.
13-07-2021 16:58

Top 5 features of a secure password reset solution
Passwords are the first line of defense when it comes to digital security. For most businesses, each employee is going to have at least one username and password that they need to remember. In many cases, there will be many. This is, of course, is in add
13-07-2021 16:14

Is our machine learning? Ars takes a dip into artificial intelligence
In the first part of a new series, we look at matching the problem to the tool.
13-07-2021 15:00

DoD-Validated Data Security Startup Emerges From Stealth
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
13-07-2021 14:34

Why We Need to Raise the Red Flag Against FragAttacks
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
13-07-2021 13:00

13-07-2021 11:30

Enterprises Altering Their Supply Chain Defenses on Heels of Latest Breaches
More than half of enterprises surveyed for Dark Reading's State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds.
13-07-2021 11:30

Can Government Effectively Help Businesses Fight Cybercrime?
From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?
13-07-2021 11:00

Armis discloses critical vulnerability that allows remote takeover of Schneider Electric industrial controllers
Researchers at Armis, the unified asset visibility and security platform provider, have disclosed the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-e
13-07-2021 10:29

The Trouble With Automated Cybersecurity Defenses
While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
13-07-2021 10:00

Tool Sprawl & False Positives Hold Security Teams Back
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
13-07-2021 08:30

Microsoft discovers critical SolarWinds zero-day under active attack
Flaws allow attackers to run malicious code on machines hosting Serv-U products.
12-07-2021 19:25

SolarWinds Discloses Zero-Day Under Active Attack
The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
12-07-2021 16:47

Microsoft Confirms Acquisition of RiskIQ
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.
12-07-2021 14:26

Kaseya Releases Security Patch as Companies Continue to Recover
Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
12-07-2021 11:35

AI and Cybersecurity: Making Sense of the Confusion
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
12-07-2021 10:00

Navigating Active Directory Security: Dangers and Defenses
Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.
12-07-2021 09:30

Feds indict “The Bull” for allegedly selling insider stock info on the dark web
Data allegedly sold individually or through weekly or monthly subscriptions.
09-07-2021 22:30

How Dangerous is Malware? New Report Finds It's Tough to Tell
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
09-07-2021 16:11

Security professionals wish cloud providers would deliver specific security improvements, survey reveals
Of the 73% of security professionals with responsibility for the security of public cloud who operate in a multi-cloud environment, 98% think these more complex environments pose greater security challenges, a survey conducted for Tripwire by Dimensional
09-07-2021 15:59

CISA Analysis Reveals Successful Attack Techniques of FY 2020
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
09-07-2021 15:04

New Framework Aims to Describe & Address Complex Social Engineering Attacks
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
09-07-2021 14:59

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.
09-07-2021 10:30

It's in the Game (but It Shouldn't Be)
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
09-07-2021 10:00

Cartoon Caption Winner: Sight Unseen
And the winner of Dark Reading's June contest is ...
09-07-2021 09:10

Morgan Stanley discloses data breach that resulted from Accellion FTA hacks
Financial services firm says data was stolen by exploiting flaws discovered in December.
08-07-2021 23:16

Morgan Stanley Discloses Data Breach
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
08-07-2021 16:56

New WildPressure Malware Capable of Targeting Windows and MacOS
The Trojan sends information back to the attackers' servers about the programming language of a target device.
08-07-2021 15:44

Kaseya Hacked via Authentication Bypass
The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
08-07-2021 11:00

The NSA's 'New' Mission: Get More Public With the Private Sector
The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work wit
08-07-2021 10:30

What Colonial Pipeline Means for Commercial Building Cybersecurity
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
08-07-2021 10:00

source : arstechnica, darkreading, itsecurityguru