Dark Reading Daily -- September 28, 2022

Follow Dark Reading:

September 28, 2022

LATEST SECURITY NEWS & COMMENTARY

BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic

Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say.

FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

Most Attackers Need Less Than 10 Hours to Find Weaknesses

Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.

Amid Sweeping Change, Cyber Defenders Face Escalating Visibility — and Pressure

Why cyber teams are now front and center for business enablement within organizations, and the significant challenges they face.

7 Metrics to Measure the Effectiveness of Your Security Operations

SOC metrics will allow stakeholders to track the current state of a program and how it's supporting business objectives.

4 Data Security Best Practices You Should Know

There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.

Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop

Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.

MITRE's FiGHT Focuses on 5G Networks

MITRE's new FiGHT framework describes adversary tactics and techniques used against 5G systems and networks.

Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Previously observed using fake Coinbase jobs, the North Korea-sponsored APT has expanded into using Crypo.com gigs as cover to distribute malware.

(Sponsored Article) IaC Scanning: A Fantastic, Overlooked Learning Opportunity

Infrastructure as code can help teams build more consistently in the cloud. But who owns it? Are teams getting the insights they need from your IaC security tool?

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11 With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference. Should Hacking Have a Code of Conduct? For white hats who play by the rules, here are several ethical tenets to consider. App Developers Increasingly Targeted via Slack, DevOps Tools Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks. MORE

EDITORS' CHOICE

Fake Sites Siphon Millions of Dollars in 3-Year Scam

A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges.

LATEST FROM THE EDGE

Tackling Financial Fraud With Machine Learning

Financial services firms need to learn how — and when — to put machine learning to use.

LATEST FROM DR TECHNOLOGY

Lessons From the GitHub Cybersecurity Breach

This Tech Tip outlines three steps security teams should take to protect information stored in Salesforce.

WEBINARS

Strategies for DDoS Resilience and Response
There are few things more disruptive than a distributed denial-of-service (DDoS) attack. The criminals behind these attacks have one objective: to bring everything to a stop so you can't conduct business as usual. How can you ensure business continuity during ...
Using Zero Trust to Protect Remote and Home Workers
When COVID-19 hit, many organizations attempted to implement Zero Trust environments to protect their data from online threats presented by unsecured home office equipment. But these efforts were often temporary and not particularly effective. In this webinar, experts offer a ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

Breaches Prompt Changes to Enterprise IR Plans and Processes
6 Elements of a Solid IoT Security Strategy
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods According to NETSCOUT Report

Netography Upgrades Platform to Provide Scalable, Continuous Network Security and Visibility

Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA Research Reveals

MORE PRODUCTS & RELEASES

CURRENT ISSUE

How Machine Learning, AI & Deep Learning Improve Cybersecurity
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.