5 Years That Altered the Ransomware Landscape WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.
What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
Vanity URLs Could Be Spoofed for Social Engineering Attacks Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
On the Air With Dark Reading News Desk at Black Hat Asia 2022 This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
Scammer Infects His Own Machine With Spyware, Reveals True Identity An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
NFTs Emerge as the Next Enterprise Attack Vector Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.
Critical Cisco VM-Escape Bug Threatens Host Takeover The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.
Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
Mastering the New CISO Playbook How can you safeguard your organization amid global conflict and uncertainty?
Breaking Down the Strengthening American Cybersecurity Act New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.
The Danger of Online Data Brokers Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
Colonial Pipeline 1 Year Later: What Has Yet to Change? The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed.
Microsoft Simplifies Security Patching Process for Exchange Server Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.
Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.
Ikea Canada Breach Exposes 95K Customer Records An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
