Apple brass discussed disclosing 128-million iPhone hack, then decided not to
Emails entered into Epic Games lawsuit show execs contradicting Apple talking points.
08-05-2021 16:10

Ajit Pai promised cheaper Internet—real prices rose 19 percent instead
Home-Internet prices rose four times faster than inflation in Trump era.
07-05-2021 18:50

How North Korean APT Kimsuky Is Evolving Its Tactics
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
07-05-2021 15:54

Three US healthcare providers suffer data breach
Following a ransomware attack on the administrative services company, CaptureRx, at least three US healthcare providers suffered a data breach. The attach occurred on February 6, and an investigation was launched almost two weeks later, discovering that
07-05-2021 15:41

Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
07-05-2021 14:42

Risk to Financial Services and Insurance Organisations increased by 125% in 2020, report reveals
Despite the increased use of mobile device management (MDM), mobile phishing among financial services was at an all-time high last year. A report conducted by endpoint security expert, Lookout, revealed a 125% increase in exposure to considerable risk in
07-05-2021 13:35

Obrela teams up with ABS to boost industrial defences against cyberattacks
The recent cyber-attack against Oldsmar Water Plant in Florida has increased concerns over cybercriminals targeting industrial organisations and highlighted that the cyber-physical attacks that have been predicted for years, are now happening. In Februar
07-05-2021 13:34

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity
The report provides additional details on tactics of Russia's Foreign Intelligence Service following public attribution of the group to last year's SolarWinds attack.
07-05-2021 13:25

The Edge Pro Quote: Password Empowerment
Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account.
07-05-2021 10:15

NCSC provides guidance on cybersecurity for smart cities
The National Cyber Security Centre (NCSC) has released a set of security principles for local authorities to help protect smart city technology from cyber threats. Along with the guidance, it is warning that compromise of a single system in a smart city
07-05-2021 10:09

Defending Against Web Scraping Attacks
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
07-05-2021 10:00

11 Reasons Why You Sorta Love Passwords
We asked you to tell the truth about why you secretly love passwords. From the heartfelt to the hilarious, here's what you had to say.
07-05-2021 09:03

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
07-05-2021 08:30

Troy Hunt: Organizations Make Security Choices Tough for Users
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
06-05-2021 18:15

US physics lab Fermilab exposes proprietary data for all to see
Exposed systems paved way for researchers to access code, messages, passwords, and more.
06-05-2021 17:22

New Techniques Emerge for Abusing Windows Services to Gain System Control
Organizations should apply principles of least privilege to mitigate threats, security researcher says.
06-05-2021 17:20

Google Plans to Automatically Enable Two-Factor Authentication
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
06-05-2021 17:12

CISA Publishes Analysis on New 'FiveHands' Ransomware
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
06-05-2021 14:40

It’s World Password Day – Here’s what the experts say
Passwords essentially are the gateways to our digital lives. From business accounts, social media, shopping, banking – you name it – if they’re compromised, it can have big implications. To mark the day, we’ve compiled the advice of some of the world’s l
06-05-2021 13:07

Securing the Internet of Things in the Age of Quantum Computing
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
06-05-2021 13:00

Cloud-Native Businesses Struggle With Security
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
06-05-2021 13:00

Belgium’s parliament suffer DDoS attack
On Tuesday the internet service provider Belnet fell victim to a cyberattack. The attack took place at 11:00am CEST when the company experienced a distributed denial of service (DDoS) attack. This resulted in Belnet’s servers being overloaded and p
06-05-2021 11:42

Fix for critical Qualcomm chip flaw is making its way to Android devices
Higher-end devices made by Google, Samsung, LG, Xiaomi, and OnePlus are affected.
06-05-2021 10:00

Biden's Supply Chain Initiative Depends on Cybersecurity Insights
Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
06-05-2021 10:00

How to Move Beyond Passwords and Basic MFA
It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
06-05-2021 09:30

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security
Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
06-05-2021 02:00

Severe vulnerabilities in Dell firmware update driver found and fixed
Dell firmware update driver 2.3 can be exploited to gain kernel-level privilege.
05-05-2021 23:39

Twitter’s latest robo-nag will flag “harmful” language before you post
Follows Twitter's effort to make you read the news before you share it.
05-05-2021 23:10

Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse
Faulty API let anyone grab users’ private data, including weight and gender.
05-05-2021 20:59

Attackers Seek New Strategies to Improve Macros' Effectiveness
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
05-05-2021 18:40

21Nails: Multiple Critical Vulnerabilities in Exim Mail Server
Researchers from Qualys released a study that found 21 unique vulnerabilities in the Exim mail server. Some of these can be linked together to obtain full remote unauthenticated code execution and gain root privileges. In a blog post, the Qualys Research
05-05-2021 16:38

Deja Vu: Apple macOS needs updating again to sort vulnerabilities
Just last week, Apple notified customers about a serious security vulnerability that was patched in macOS 11.3. And just a week later, it’s now warning over another bug fix in a macOS 11.3.1 release that corrects two separate issues which, if explo
05-05-2021 16:29

Gap Between Security and Networking Teams May Hinder Tech Projects
Professionals in each field describe a poor working relationship between the two teams
05-05-2021 16:11

DoD Lets Researchers Target All Publicly Accessible Info Systems
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
05-05-2021 15:45

Starlink can serve 500,000 users easily, several million “more of a challenge”
The "only limitation is high density of users in urban areas," Musk said.
05-05-2021 15:29

Wanted: The (Elusive) Cybersecurity 'All-Star'
Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
05-05-2021 15:05

Debating Law Enforcement's Role in the Fight Against Cybercrime
The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
05-05-2021 14:20

Will 2021 Mark the End of World Password Day?
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
05-05-2021 10:00

Netflix IT exec forced employees to use products from vendors that bribed him
Jury finds ex-Netflix VP guilty of awarding tech contracts in exchange for bribes.
04-05-2021 20:57

New Spectre attack once again sends Intel and AMD scrambling for a fix
A new transient execution variant is the first exploit micro-ops caches.
04-05-2021 19:07

Newer Generic Top-Level Domains a Security 'Nuisance'
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.
04-05-2021 18:35

Frontier exits bankruptcy, claims it will double fiber-to-the-home footprint
Frontier plans 3 million new fiber lines—but 8M others would be stuck on copper.
04-05-2021 17:49

Apple Issues Patches for Webkit Security Flaws
The vulnerabilities may already be under active attack, Apple says in an advisory.
04-05-2021 17:21

Synopsys Launches New Tool for Automated Application Security
Synopsys has today announced it will showcase the Software Integrity Group’s new Intelligent Orchestration solution at RSA Conference on May 17th – 20th. Intelligent Orchestration is a dedicated application security automation pipeline, optimized f
04-05-2021 17:16

Planning Our Passwordless Future
All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
04-05-2021 15:35

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
04-05-2021 15:15

More Companies Adopting DevOps & Agile for Security
Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
04-05-2021 15:00

Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities
SPONSORED CONTENT. While organizations may be more vulnerable than ever to supply chain hacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, said Jon Check, a senior director in Raytheon's cyber protection solut
04-05-2021 15:00

Scripps Health Responds to Cyberattack
The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
04-05-2021 13:02

Can Organizations Secure Remote Workers for the Long Haul?
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
04-05-2021 13:00

It's Time to Ditch Celebrity Cybersecurity
High-profile attacks and solutions are shiny objects that can distract from the defenses that afford the greatest protection.
04-05-2021 10:00

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices
Webkit flaws in just-released iOS 14.5 lets attackers execute malicious code.
03-05-2021 20:24

Researchers Explore Active Directory Attack Vectors
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
03-05-2021 17:25

Verizon agrees to sell Yahoo and AOL to private-equity firm for $5 billion
Apollo to buy Yahoo/AOL for $5B, didn't have much competition from other bidders.
03-05-2021 15:48

Name That Edge Toon: Magical May
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
03-05-2021 14:20

Imperva to Buy API Security Firm CloudVector
The deal is intended to expand Imperva's API security portfolio, officials say.
03-05-2021 14:12

Buer Malware Variant Rewritten in Rust Programming Language
Researchers suggest a few reasons why operators rewrote Buer in an entirely new language
03-05-2021 14:00

Researchers Find Bugs Using Single-Codebase Inconsistencies
A Northeastern University research team finds code defects -- and some vulnerabilities -- by detecting when programmers used different code snippets to perform the same functions.
03-05-2021 11:30

Dark Reading Celebrates 15th Anniversary
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
03-05-2021 10:36

Stopping the Next SolarWinds Requires Doing Something Different
Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
03-05-2021 10:00

The Edge Pro Tip: Protect IoT Devices
As Internet-connected devices become more prevalent in organizations, security issues increase as well.
03-05-2021 09:45

An ambitious plan to tackle ransomware faces long odds
Heavyweight task force proposes framework to tackle a major cybersecurity problem.
01-05-2021 11:05

Ford’s ever-smarter robots are speeding up the assembly line
A transmission factory shows how AI may gradually creep into industrial processes
01-05-2021 10:15

More US agencies potentially hacked, this time with Pulse Secure exploits
Zeroday vulnerability under attack has a severity rating of 10 out of 10.
30-04-2021 22:00

Ransomware Task Force Publishes Framework to Fight Global Threat
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
30-04-2021 16:55

New Threat Group Carrying Out Aggressive Ransomware Campaign
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
30-04-2021 16:20

MITRE Adds MacOS, More Data Types to ATT&CK Framework
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
30-04-2021 15:05

Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
30-04-2021 13:45

Ghost Town Security: What Threats Lurk in Abandoned Offices?
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
30-04-2021 11:30

The Ticking Time Bomb in Every Company's Code
Developers must weigh the benefits and risks of using third-party code in Web apps.
30-04-2021 10:00

7 Modern-Day Cybersecurity Realities
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
30-04-2021 10:00

Dorset police investigating data breach
ITV reports on how Dorset police are investigating a “serious data breach” involving pupils from two schools in Christchurch. This is after information about an alleged race hate crime was sent by mistake to a man from Wimborne who had initia
30-04-2021 07:57

Microsoft identifies critical code execution flaws in IoT and OT devices
The 25 security flaws are known collectively as BadAlloc and affect Internet of Things (IoT) devices and Operational Technology (OT) industrial systems. The flaws are caused by memory allocation Integer Overflow or Wraparound bugs. Threat actors can expl
30-04-2021 07:46

BBC reports on the Ransomware surge ruining lives
Technology giants Microsoft and Amazon, as well as the FBI and the UK’s National Crime Agency have joined the Ransomware Task Force (RTF) to give governments nearly 50 recommendations on how to take action against ransomware, according to a BBC rep
30-04-2021 07:38

XDR Pushing Endpoint Detection and Response Technologies to Extinction
Ironically, EDR's success has spawned demand for technology that extends beyond it.
29-04-2021 19:00

Researchers Connect Complex Specs to Software Vulnerabilities
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
29-04-2021 17:55

Verizon tries to sell Yahoo and AOL after spending $9 billion on fallen giants
After spending $9 billion combined, Verizon may sell units for $4 billion or so.
29-04-2021 16:21

API Hole on Experian Partner Site Exposes Credit Scores
Student researcher is concerned security gap may exist on many other sites.
29-04-2021 15:49

'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
29-04-2021 14:54

Your Digital Identity's Evil Shadow
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
29-04-2021 13:00

Adobe Open Sources Tool for Anomaly Research
The One-Stop Anomaly Shop (OSAS) project packages machine-learning algorithms into a Docker container for finding anomalies in security log data.
29-04-2021 13:00

The Challenge of Securing Non-People Identities
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
29-04-2021 11:55

Lloyds Bank tells customers to beware of text message scam
Lloyds Bank customers are under attack by cybercriminals again. This time, text messages are being used to bait people into thinking there is a security issue with their bank accounts. An example message reads: “LLOYDS-SECURITY: You have successfully sch
29-04-2021 08:07

Warning over illegally streaming football on websites “riddled with malware”
A report from cybersecurity firm Webroot shows that almost all (92%) illegal football streaming websites contain some form of malicious content, from malware and phishing lures to social engineering scams. This puts fans at considerable risk In fact, Web
29-04-2021 07:52

Student researcher discovered Experian API flaw that exposed credit scores of “most Americans”
Credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity learned. Though the flaw has been fixed accord
29-04-2021 07:42

Office default Calibri will join Clippy, Internet Explorer in Windows retirement
"Calibri in Office" could almost drive (15 years old), but a new sans serif will soon emerge.
28-04-2021 22:25

Verizon “leads” all US carriers in mmWave 5G availability at 0.8%
Phones capable of using mmWave 5G access it less than 1% of the time.
28-04-2021 21:59

Chipmaker says it will ramp up production of older 28nm chips
Fourth-largest contract chipmaker aiming at supply problems for carmakers, others.
28-04-2021 19:36

FluBot Malware's Rapid Spread May Soon Hit US Phones
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
28-04-2021 16:11

74% of Financial Institutions See Spike in COVID-Related Threats
Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000.
28-04-2021 15:46

FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
28-04-2021 14:13

How to Secure Employees' Home Wi-Fi Networks
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
28-04-2021 13:00

Ransomware crooks threaten to ID informants if cops don’t pay up
The FBI is investigating claim hackers obtained 250GB of police department data.
28-04-2021 12:04

Cartoon Caption Winner: Rough Patch?
And the winner of The Edge's April cartoon caption contest is ...
28-04-2021 11:30

Is Your Cloud Raining Sensitive Data?
Learn common Kubernetes vulnerabilities and ways to avoid them.
28-04-2021 10:00

Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
28-04-2021 09:00

FCC lets SpaceX cut satellite altitude to improve Starlink speed and latency
Rival satellite companies opposed change that cuts altitude in half, to 540 km.
27-04-2021 20:05

Do Cyberattacks Affect Stock Prices? It Depends on the Breach
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
27-04-2021 17:55

Cable-chewing beavers take out town’s Internet in “uniquely Canadian” outage
Beavers dug 3-foot hole, chewed through fiber conduit and the cable itself.
27-04-2021 16:27

Emotet Malware Uninstalled From Infected Devices
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
27-04-2021 15:52

source : arstechnica, darkreading, itsecurityguru