Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
Follow Dark Reading:
 September 29, 2022
LATEST SECURITY NEWS & COMMENTARY
Most Attackers Need Less Than 10 Hours to Find Weaknesses
Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11
With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.
Fast Company CMS Hack Raises Security Questions
The company's website remains offline after hackers used its compromised CMS to send out racist messages.
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules
The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.
FBI Helping Australian Authorities Investigate Massive Optus Data Breach: Reports
Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.
BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic
Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say.
Fake Sites Siphon Millions of Dollars in 3-Year Scam
A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges.
Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play
The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.
Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market
Funding has been somewhat lower than last year, but investment remains healthy, analysts say, amid thirst for cloud security in particular.
App Developers Increasingly Targeted via Slack, DevOps Tools
Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.
Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps
Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.
Developer Leaks LockBit 3.0 Ransomware-Builder Code
Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.
Time to Change Our Flawed Approach to Security Awareness
Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.
4 Data Security Best Practices You Should Know
There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.
Should Hacking Have a Code of Conduct?
For white hats who play by the rules, here are several ethical tenets to consider.
Microsoft Rolls Out Passwordless Sign-on for Azure Virtual Desktop
Azure says cloud-native single sign-on with a passwordless option is most-requested new AVD feature in the product's history.
CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
7 Metrics to Measure the Effectiveness of Your Security Operations
SOC metrics will allow stakeholders to track the current state of a program and how it's supporting business objectives.

Neglecting Open Source Developers Puts the Internet at Risk
From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

MORE
EDITORS' CHOICE
Sophisticated Covert Cyberattack Campaign Targets Military Contractors
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.
LATEST FROM THE EDGE

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls
After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.
LATEST FROM DR TECHNOLOGY

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking
Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.
WEBINARS
  • Threat Hunting Today: The Tools and Techniques That Get You Out in Front of Criminals

    Proactive "threat hunting" is becoming a more common practice for organizations who know it is no longer enough to detect threats and defend against them. Security teams are increasingly taking a more proactive approach--seeking out potential threats using analytical tools. ...

  • Using Zero Trust to Protect Remote and Home Workers

    When COVID-19 hit, many organizations attempted to implement Zero Trust environments to protect their data from online threats presented by unsecured home office equipment. But these efforts were often temporary and not particularly effective. In this webinar, experts offer a ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Malwarebytes Expands OneView Platform for MSPs
Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface
Jamf Announces Intent to Acquire ZecOps, to Provide a Market-Leading Security Solution for Mobile Devices as Targeted Attacks Continue to Grow
Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods According to NETSCOUT Report
Netography Upgrades Platform to Provide Scalable, Continuous Network Security and Visibility
Samsung Fails Consumers in Preventable Back-to-Back Data Breaches, According to Federal Lawsuit
Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA Research Reveals
Cyber Threat Alliance Extends Membership to 6+ Leading Cybersecurity Companies
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Machine Learning, AI & Deep Learning Improve Cybersecurity
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022   |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us