Venmo gets more private—but it’s still not fully safe
Until it offers privacy by default, it remains a liability for many of its users.
An explosive spyware report shows limits of iOS, Android security
Amnesty International sheds alarming light on an NSO Group surveillance tool.
CASE STUDY: Archroma: designing security into company processes with Edgescan
What were the challenges Archroma was facing from a security perspective? We are a relatively young company, and we brought Edgescan on board quite early on, so rather than transitioning from another vulnerability management solution it was more a case
European Commission proposes changes to EU law to increase cryptocurrency transaction transparency
European Commission regulators have proposed changes to EU law that would force companies that transfer Bitcoin or other crypto-assets to collect details on the recipient and sender. The proposals would make crypto-assets more traceable, the EU Commissio
Departing employees pose significant cloud security risks, report finds
This week, cybersecurity provider Netskope released the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-e
Gartner MQ for PAM regards One Identity as a Leader in 2021
One Identity, an identity-centric security provider, has been named a Leader in the 2021 Gartner Magic Quadrant for Privileged Access Management (PAM) as the company continues to deliver on its next-generation PAM vision. One Identity helps businesses ad
Biden Administration Responds to Geopolitical Cyber Threats
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
Five steps to password policy compliance
Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on othe
Kaseya gets master decryptor to help customers still suffering from REvil attack
REvil ransomware struck as many as 1,500 networks, but a master key is now available.
AT&T nightmare: Woman had to wait 3+ months for broadband at new home
AT&T, the only ISP available, kept canceling installs until she contacted news media.
Saudi Aramco confirms data leak after $50 million cyber ransom demand
World’s largest oil producer says some company files were compromised.
Ars AI headline experiment finale—we came, we saw, we used a lot of compute time
Turns out it's really hard to make a machine-learning model to evaluate headlines.
7 Hot Cyber Threat Trends to Expect at Black Hat
A sneak peek of some of the main themes at Black Hat USA next month.
Authlogics announces enhancements to its Password Security Management Product
Authlogics has announced the latest enhancements to its dynamic Password Security Management (PSM) product. The new features will help enterprises ‘level up’ their password policies in order to ensure heightened security. Instead of traditional costly po
Home and office routers come under attack by China state hackers, France warns
Compromised routers give the hackers anonymity in ongoing large-scale attacks.
Back to work: Onslaught of personal devices could pose serious cybersecurity risk
A nationwide survey of 2,000 UK employees conducted by Censuswide on behalf of Armis, the unified asset visibility and security platform provider, analyses the new working culture and security of personal devices before the inevitable return to the offic
Lyft ditches Google Maps for Here, partners with Argo AI
Argo and Ford will deploy driverless cars on Lyft's network in Miami and Austin.
Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling
Both OSes have flaws that allow attackers with a toehold to elevate access.
Our AI headline experiment continues: Did we break the machine?
In part three of four, we look at what's gone right, and what's gone... less than right.
Apple under pressure over iPhone security after NSO spyware claims
Apple urged to work with rivals after alleged surveillance of journalists, activists.
Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)
Armis has announced its official participation in MITRE Engenuity’s initial round of ATT&CK® Evaluations for industrial control systems (ICS). In these tests, MITRE Engenuity used the MITRE ATT&CK® knowledge base to emulate the tactics and techni
Dish switching network to AT&T after calling T-Mobile anticompetitive
10-year deal will make AT&T the primary network provider for Dish MVNO business.
“Clickless” exploits from Israeli firm hacked activists’ fully updated iPhones
NSO Group says its spyware targets only criminals and terrorists. Critics disagree.
US warns China over state-sponsored hacking, citing mass attacks on Exchange
US: Chinese state-backed hackers perpetrated "massive cyber espionage operation."
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
How Gaming Attack Data Aids Defenders Across Industries
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
NSO Group Spyware Used On Journalists & Activists Worldwide
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
Netflix password crackdown: why users should be arguing for stronger measures
It was long overdue, but Netflix has finally started to explore ways to address its password problem. By prompting viewers to prove that they live with the holder of that account by receiving a code, sent via text or email, they are hoping to weed out pa
Combatting ransomware: a holistic approach
Although cybercrime as a whole has seen a rise during the pandemic, arguably ransomware has been one of the more successful and lucrative attack types. According to the World Economic Forum 2020 Global Risk Report, ransomware was the third most common, a
The new ransomware threat: triple extortion
By the time you have finished reading this sentence, an organisation somewhere in the world will have fallen victim to a ransomware attack and had at least some of its corporate data encrypted. Globally, on average, the criminals behind ransomware attack
Preparing for the ever-growing threat of ransomware
Ransomware is a growing threat to every organisation on the planet; it seems we can’t go a day without seeing another high-profile ransomware attack being detailed in mainstream media. Cyber-criminals are innovating at a phenomenal pace in this growing ‘
It’s time to get ahead of weaponised vulnerabilities
It comes as no surprise that the Covid-19 pandemic has resulted in an increase in security gaps. The global crisis revealed a multitude of nascent cyber-security shortcomings, including a lack of agility to support homeworking and an overreliance on on-p
When Ransomware Comes to (Your) Town
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
Hackers got past Windows Hello by tricking a webcam
Researchers used infrared photos and third-party hardware to best facial-recognition tech.
Facebook catches Iranian spies catfishing US military targets
Hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Disable the Windows print spooler to prevent hacks, Microsoft tells customers
The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Researchers Create New Approach to Detect Brand Impersonation
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
OneLogin Eases Adoption of Zero Trust Framework with Delegated Administration
OneLogin has announced the launch of its Delegated Administration offering, which enables organizations to adopt the Zero Trust principle of least privilege access. By empowering IT administrators to easily delegate access on a granular level, organizati
4 Future Integrated Circuit Threats to Watch
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
How to Attract More Computer Science Grads to the Cybersecurity Field
With 465,000 cybersecurity job openings in the United States, why is recruiting so difficult? A recent college graduate offers his take.
For years, a backdoor in popular KiwiSDR product gave root to project developer
Users are rattled after learning their devices and networks were exposed.
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
TSMC signals global chip crunch may be easing
Semiconductor group says carmakers can expect upturn in supplies over coming weeks.
CISA Launches New Website to Aid Ransomware Defenders
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
Feeding the machine: We give an AI some headlines and see what it does
In part two of our series, we attempt to learn the ways of the machine.
How to Bridge On-Premises and Cloud Identity
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
What to Look for in an Effective Threat Hunter
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.
Amazon bought Facebook’s satellite team to help build Starlink competitor
Amazon's Project Kuiper got some new employees as Facebook ended satellite project.
iOS zero-day let SolarWinds hackers compromise fully updated iPhones
Flaw was exploited when government officials clicked on links in LinkedIn messages.
SonicWall: 'Imminent' Ransomware Attack Targets Older Products
The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.
Google to Bring HTTPS-First Mode to Chrome Browser
Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS.
Security and HR phishing scams are luring employees, KnowBe4 report finds
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has revealed the results of its Q2 2021 top-clicked phishing report. There has been a significant rise in phishing email attacks related to HR topic
Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
Did the Cybersecurity Workforce Gap Distract Us From the Leak?
Cyber games can play a critical role in re-engaging our workforce and addressing the employee retention crisis.
10 Mistakes Companies Make In Their Ransomware Responses
Hit by ransomware? These missteps can take a bad scenario and make it even worse.
Outpost24 acquires threat intelligence provider Blueliv
Outpost24 has acquired Blueliv, one of the world’s leading cyber threat intelligence companies which will create one of the largest cybersecurity providers in Europe. The objective: to provide the most advanced threat landscape monitoring solution
Outpost24 acquires threat intelligence provider Blueliv
Outpost24 has announced the acquisition of Blueliv, a leading cyber threat intelligence company from Spain. This combination will create one of the largest cybersecurity providers in Europe and provide the most advanced threat landscape monitoring soluti
4 Integrated Circuit Security Threats and How to Protect Against Them
Little-understood threats involving the IC supply chain are putting organizations around the world at risk.
SolarWinds 0-day gave Chinese hackers privileged access to customer servers
Hackers IDed as DEV-0322 have a fondness for defense contractors and software-makers.
How much do you pay your ISP? Consumer Reports wants to see your bill
Your bill and a speed test can help Consumer Reports analyze Internet prices.
New Phishing Campaign Targets Individuals of Interest to Iran
TA453 group spoofed two scholars at University of London to try and gain access to email inboxes belonging to journalists, think tank personnel, academics, and others, security vendor says.
Microsoft Patches 3 Windows Zero-Days Amid 117 CVEs
The July Patch Tuesday release also includes the out-of-band fix for the Windows Print Spooler remote code execution flaw under attack.
AT&T will let unlimited-data customers pay more to avoid the slow lane
AT&T says users can soon "stay in the fast lane" on its priciest unlimited plan.
Top 5 features of a secure password reset solution
Passwords are the first line of defense when it comes to digital security. For most businesses, each employee is going to have at least one username and password that they need to remember. In many cases, there will be many. This is, of course, is in add
Is our machine learning? Ars takes a dip into artificial intelligence
In the first part of a new series, we look at matching the problem to the tool.
DoD-Validated Data Security Startup Emerges From Stealth
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
Why We Need to Raise the Red Flag Against FragAttacks
Proliferation of wireless devices increases the risk that corporate networks will be attacked with this newly discovered breed of Wi-Fi-based cyber assault.
Enterprises Altering Their Supply Chain Defenses on Heels of Latest Breaches
More than half of enterprises surveyed for Dark Reading's State of Malware Threats report indicate they are making at least a few changes to their supply chain security defenses following recent attacks on software vendors such as SolarWinds.
Can Government Effectively Help Businesses Fight Cybercrime?
From the Biden administration's pledge to take action to INTERPOL's focus on ransomware as a global threat, governments are looking to help businesses cope with cyberattacks. But can it really work?
Armis discloses critical vulnerability that allows remote takeover of Schneider Electric industrial controllers
Researchers at Armis, the unified asset visibility and security platform provider, have disclosed the discovery of an authentication bypass vulnerability in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-e
The Trouble With Automated Cybersecurity Defenses
While there's enormous promise in AI-powered tools and machine learning, they are very much a double-edged sword.
Tool Sprawl & False Positives Hold Security Teams Back
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
Microsoft discovers critical SolarWinds zero-day under active attack
Flaws allow attackers to run malicious code on machines hosting Serv-U products.
SolarWinds Discloses Zero-Day Under Active Attack
The company confirms this is a new vulnerability that is not related to the supply chain attack discovered in December 2020.
Microsoft Confirms Acquisition of RiskIQ
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.
Kaseya Releases Security Patch as Companies Continue to Recover
Estimates indicate the number of affected companies could grow, while Kaseya faces renewed scrutiny as former employees reportedly criticize its lack of focus on security.
AI and Cybersecurity: Making Sense of the Confusion
Artificial intelligence is a maturing area in cybersecurity, but there are different concerns depending on whether you're a defender or an attacker.
Navigating Active Directory Security: Dangers and Defenses
Microsoft Active Directory, ubiquitous across enterprises, has long been a primary target for attackers seeking network access and sensitive data.
Feds indict “The Bull” for allegedly selling insider stock info on the dark web
Data allegedly sold individually or through weekly or monthly subscriptions.
How Dangerous is Malware? New Report Finds It's Tough to Tell
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.
Security professionals wish cloud providers would deliver specific security improvements, survey reveals
Of the 73% of security professionals with responsibility for the security of public cloud who operate in a multi-cloud environment, 98% think these more complex environments pose greater security challenges, a survey conducted for Tripwire by Dimensional
CISA Analysis Reveals Successful Attack Techniques of FY 2020
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
New Framework Aims to Describe & Address Complex Social Engineering Attacks
As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.
It's in the Game (but It Shouldn't Be)
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
Cartoon Caption Winner: Sight Unseen
And the winner of Dark Reading's June contest is ...
Morgan Stanley discloses data breach that resulted from Accellion FTA hacks
Financial services firm says data was stolen by exploiting flaws discovered in December.
Morgan Stanley Discloses Data Breach
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
New WildPressure Malware Capable of Targeting Windows and MacOS
The Trojan sends information back to the attackers' servers about the programming language of a target device.
Kaseya Hacked via Authentication Bypass
The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
The NSA's 'New' Mission: Get More Public With the Private Sector
The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work wit
What Colonial Pipeline Means for Commercial Building Cybersecurity
Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
source : arstechnica, darkreading, itsecurityguru