- How to use AirPlay to stream from your iPhone to your TVDiscover how to easily display your videos and photos from your iPhone straight to your TV.
- How to download YouTube videosDo you want to be a bit piggy? Well, do you? Because we're going to show you how to download all the YouTube video bits you can eat. Be forewarned: there are legal and ethical considerations that go beyond our discussion of how to get it done.
- Here's what's coming in iOS 15.5Don't set your hopes too high.
- Are period tracking apps safe?Opinion: The convenience isn't worth the risk.
- Complete the MSCHF puzzle for a chance to win $1,000,000This jigsaw puzzle is fun, and the potential reward is even better!
- CISA 'temporarily' removes Windows vulnerability from its must-patch listMicrosoft warned CISA that one of its May 10 2022 updates for a flaw that was being exploited could cause authentication failures.
- This phishing attack delivers three forms of malware. And they all want to steal your dataCybersecurity researchers issue warning about a phishing campaign designed to look like it comes from a trusted source.
- How to pair your AirPods and AirPods Pro with just about any deviceApple did a great job of making the process of pairing its iconic earbuds a simple one. This quick guide details the easy steps required to connect your AirPods (regardless of their generation) and AirPods Pro to your iPhone, Mac, iPad, Windows 10 PCs, and Android phones and tablets.
- Microsoft warns: This botnet has new tricks to target Linux and Windows systemsMicrosoft is warning admins of a botnet that employs multiple exploits and steals database credentials.
- Google: Here comes our 'Open Source Maintenance Crew'The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues.
- Researchers warn of APTs, data leaks as serious threats against UK financial sectorResearchers say geopolitical threats are far from the only concern.
- Musk fallout continues as Twitter CEO Parag Agrawal fires executivesMusk claimed Twitter told him he is in violation of an NDA while the site's 'lame-duck' CEO addressed personnel changes at the company.
- Nasty Zyxel remote execution bug is being exploitedShadowserver says it can see over 20,000 Zyxel firewalls vulnerable to unauthenticated remote code execution via CVE-2022-30525.
- Labor makes AU$1 billion election promise to support local industriesBuilding new capabilities in transport, defence, resources, agriculture and food processing, medical science, renewables and low emissions technologies manufacturing are on the cards for the Opposition party.
- Australian Taxation Office issues capital gains warning for crypto and NFT sellersHeaded to the moon in the midst of a crash? The tax man would like to take his share.
- Remote work or back to the office? The calculation just shifted againManagers who rely on old assumptions about how jobs get done are going to be badly disappointed.
- Study for Microsoft certifications with over 120 hours of training for $59This $59 e-learning bundle contains an entire career's worth of Microsoft training.
- Get a refurbished 11.6-inch HP Chromebook with 4GB RAM for just $74If you use the cloud correctly right, there's no reason to buy heavy expensive laptops with large storage capacities.
- Apple fired her. She still thinks Windows computers are awfulIs it still the case that Macs are more intuitive? If so, could this be why the Mac attracting so many new users? Or could it be something else?
- Does Best Buy tackle crime differently from Apple? I had to askA video shows an extraordinary defensive performance against a shoplifter from Best Buy employees. But is this company policy? I asked till I got an answer.

- Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized FutureA decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
- US National Cyber Director: Toward a New Cybersecurity Social ContractIn a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
- How to Turn a Coke Can Into an Eavesdropping DeviceCyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
- US Agrees to International Electronic Cybercrime Evidence SwapThe Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.
- CISO Shares Top Strategies to Communicate Security's Value to the BizIn a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.
- Black Hat Asia: Democracy's Survival Depends on Taming TechnologyThe conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.
- Linux, OpenSSF Champion Plan to Improve Open Source SecurityThe White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.
- Log4Shell Exploit Threatens Enterprise Data Lakes, AI PoisoningA brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.
- Data Transformation: 3 Sessions to Attend at RSA 2022Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.
- How to Avoid Falling Victim to PayOrGrief's Next RebrandThe group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.
- Transforming SQL Queries Bypasses WAF SecurityA team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
- Black Hat Asia: Firmware Supply Chain Woes Plague Device SecurityThe supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.
- 3 Predictors of Cybersecurity Startup SuccessBefore investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.
- Egnyte Enhances Program for Managed Service ProvidersEnhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.
- StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security TestingRound co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.
- Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft LawsuitCloud competitor found liable for breaking into Appian back-end systems to steal company secrets.
- Needs Improvement: Scoring Biden's Cyber Executive OrderOne year after it was issued, has President Biden's Cyber Executive Order had an impact?
- How Can Your Business Defend Itself Against Fraud-as-a-Service?By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.
- Known macOS Vulnerabilities Led Researcher to Root Out New FlawsResearcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
- 5 Years That Altered the Ransomware LandscapeWannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.
- On the Air With Dark Reading News Desk at Black Hat Asia 2022This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
- PlainID Debuts Authorization-as-a-Service PlatformPlatform powered by policy-based access control (PBAC).
- Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing ComesThe technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.
- Ready, IAM, Fire: How Weak IAM Makes You a TargetProper identity and access management configuration serves as an effective starting point for organizations looking to secure their cloud infrastructure.
- Microsoft Simplifies Security Patching Process for Exchange ServerDelivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.
- Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues EarlierEnterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.
- Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme.
- Fraudulent 'Bot-driven' College Enrollment up 50%, New Study Finds.
- NSA Warns Managed Service Providers Are Now Prime Targets for CyberattacksInternational cybersecurity authorities issue guidance to help information and communications service providers secure their networks.
- Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).
- Top 6 Security Threats Targeting Remote WorkersRemote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.
- Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical DataRound of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.
- Breaking Down the Strengthening American Cybersecurity ActNew federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.
- Quantum Ransomware Strikes Quickly, How to Prepare and RecoverNYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.
- Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google EmailFounders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.
- SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to CompaniesAnalysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.
- Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange ServersIceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
- The Danger of Online Data BrokersEnterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
- Vanity URLs Could Be Spoofed for Social Engineering AttacksAttackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
- Google Will Use Mobile Devices to Thwart Phishing AttacksIn an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.
- Novel Nerbian RAT Lurks Behind Faked COVID Safety EmailsMalicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
- What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain ControllersMicrosoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
- US Pledges to Help Ukraine Keep the Internet and Lights OnUS State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.
- Lincoln College Set to Close After Crippling CyberattackCOVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.
- Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print SpoolerKaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.
- Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence ReportingNew research-focused division focused on advancing innovation in the field of security operations.
- 5-Buck DCRat Malware Foretells a Worrying Cyber FutureThe Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.
- Onapsis Announces New Offering to Jumpstart Security for SAP CustomersCompany delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .
- Mastering the New CISO PlaybookHow can you safeguard your organization amid global conflict and uncertainty?
- Nokia Opens Cybersecurity Testing LabThe end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.
- How to Check If Your F5 BIG-IP Device Is VulnerableThis Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.
- Joker, Other Fleeceware Surges Back Into Google PlayThe infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services.
- Costa Rica Declares State of Emergency Under Sustained Conti CyberattacksConti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.
- 5 Tips to Protect Your Career Against a NarcissistWhen you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.
- NFTs Emerge as the Next Enterprise Attack VectorCybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.
- Deloitte Launches Expanded Cloud Security Management PlatformThe CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services.
- Security Stuff Happens: Where Do You Go From Here?Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.)
- Post-Quantum Cryptography Set to Replace RSA, ECCIn the next 10 years, public-key encryption needs to be replaced by post-quantum techniques that can stand up to the new challenges.
- Ikea Canada Breach Exposes 95K Customer RecordsAn unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
- What We've Learned in the 12 Months Since the Colonial Pipeline AttackThe attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?
- Scammer Infects His Own Machine With Spyware, Reveals True IdentityAn operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
- White House Moves to Shore Up US Post-Quantum Cryptography PostureBiden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.
- AT&T Expands Access to Advanced Secure Edge and Remote Workforce CapabilitiesAT&T SASE with Cisco Meraki offers fully integrated network and security tools for convenient, high-performing, and protected access from anywhere
- Passwords: Do Actions Speak Louder Than Words?For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it.
- Colonial Pipeline 1 Year Later: What Has Yet to Change?The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed.
- Microsoft, Apple, and Google Promise to Expand Passwordless FeaturesThe passwordless future just became closer to reality, as Microsoft, Apple, and Google pledge to make the standard possible across operating systems and browsers.
- Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account CredentialsThe same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.
- NIST Issues Guidance for Addressing Software Supply-Chain RiskAmid ongoing software supply-chain jitters, the US' top tech division is offering a finalized, comprehensive cybersecurity control framework for managing risk.
- A Third of Americans Use Easy-to-Guess Pet PasswordsFar too many turn to Jingles, Mittens, or Bella for password inspiration, given that these are some of the easiest passwords to crack.
- Critical Cisco VM-Escape Bug Threatens Host TakeoverThe vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.
- FBI: Bank Losses From BEC Attacks Top $43BLaw enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.
- Magnet Forensics Acquires Cybersecurity Software Firm Comae TechnologiesThe company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions
- Cisco Announces Cloud Controls Framework Is Now Available to PublicThe Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.
- Multichannel Phishing Concerns Cybersecurity Leaders in 2022With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.
- 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its SkinResearcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
- Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up AttacksCloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
- Why Security Matters Even More in Online GamingAs the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.
- GitHub to Developers: Turn on 2FA or Lose AccessAll active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.
- China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage AttackOperation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.
- Microsoft Releases Defender for SMBsMicrosoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.
- Q&A: How China Is Exporting Tech-Based Authoritarianism Across the WorldThe US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.
- VHD Ransomware Variant Linked to North Korean Cyber ArmyResearchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.
- Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached?A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)
- AI for Cybersecurity Shimmers With Promise, but Challenges AboundCompanies see AI-powered cybersecurity tools and systems as the future, but at present nearly 90% of them say they face significant hurdles in making use of them.
- What Star Wars Teaches Us About ThreatsThe venerable film franchise shows us how to take threats in STRIDE.
- AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps PlatformAutoRABIT intends to direct the funding toward growth initiatives and product development.
- Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) CapabilitiesAlso adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.
- SAC Health System Impacted By Security IncidentSix boxes of paper documents were removed from the facility without authorization in early March.
- Aryaka, Carnegie Mellon’s CyLab to Research New Threat Mitigation TechniquesThe security research partnership will focus on developing new techniques and releasing them as open source.
- What Should I Know About Defending IoT Attack Surfaces?The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.
- API Security Company Traceable AI Lands $60 Million Series BLatest round led by IVP values the company at $450 million.
- SolarWinds Attackers Gear Up for Typosquatting AttacksThe same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
- Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps ResearchersThe security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.
- REvil Revival: Are Ransomware Gangs Ever Really Gone?The infamous ransomware group appears to be back from the dead — maybe — and using the old brand, but experts question whether a reconstituted gang will have much success.
- Syxsense Launches Unified Endpoint Security and Management PlatformSyxsense Enterprise delivers real-time vulnerability monitoring and remediation for all endpoints across an organization’s entire network.
- Third-Party App Access Is the New Executable FileBy providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.
- How to Create a Cybersecurity Mentorship ProgramAs the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.
- Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector BusinessTiger Global Management invests $35 million in SkyHawk Security to accelerate growth.
- Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture PartnersFunding follows dramatic revenue growth as identity-based access requirements skyrocket.
- OccamSec Unveils New Cybersecurity PlatformProviding continuous penetration testing with context, and a host of other features, the Incenter platform is built to give organizations what they need to effectively secure their environment.

- Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized FutureA decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
- US National Cyber Director: Toward a New Cybersecurity Social ContractIn a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
- How to Turn a Coke Can Into an Eavesdropping DeviceCyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
- US Agrees to International Electronic Cybercrime Evidence SwapThe Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.
- CISO Shares Top Strategies to Communicate Security's Value to the BizIn a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.
- Black Hat Asia: Democracy's Survival Depends on Taming TechnologyThe conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.
- Linux, OpenSSF Champion Plan to Improve Open Source SecurityThe White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.
- Log4Shell Exploit Threatens Enterprise Data Lakes, AI PoisoningA brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.
- Data Transformation: 3 Sessions to Attend at RSA 2022Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.
- How to Avoid Falling Victim to PayOrGrief's Next RebrandThe group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.
- Transforming SQL Queries Bypasses WAF SecurityA team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
- Black Hat Asia: Firmware Supply Chain Woes Plague Device SecurityThe supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.
- 3 Predictors of Cybersecurity Startup SuccessBefore investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.
- Egnyte Enhances Program for Managed Service ProvidersEnhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.
- StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security TestingRound co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.
- Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft LawsuitCloud competitor found liable for breaking into Appian back-end systems to steal company secrets.
- Needs Improvement: Scoring Biden's Cyber Executive OrderOne year after it was issued, has President Biden's Cyber Executive Order had an impact?
- How Can Your Business Defend Itself Against Fraud-as-a-Service?By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.
- Known macOS Vulnerabilities Led Researcher to Root Out New FlawsResearcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
- 5 Years That Altered the Ransomware LandscapeWannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.
- On the Air With Dark Reading News Desk at Black Hat Asia 2022This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
- PlainID Debuts Authorization-as-a-Service PlatformPlatform powered by policy-based access control (PBAC).
- Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing ComesThe technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.
- Ready, IAM, Fire: How Weak IAM Makes You a TargetProper identity and access management configuration serves as an effective starting point for organizations looking to secure their cloud infrastructure.
- Microsoft Simplifies Security Patching Process for Exchange ServerDelivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.
- Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues EarlierEnterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.
- Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme.
- Fraudulent 'Bot-driven' College Enrollment up 50%, New Study Finds.
- NSA Warns Managed Service Providers Are Now Prime Targets for CyberattacksInternational cybersecurity authorities issue guidance to help information and communications service providers secure their networks.
- Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).
- Top 6 Security Threats Targeting Remote WorkersRemote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.
- Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical DataRound of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.
- Breaking Down the Strengthening American Cybersecurity ActNew federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.
- Quantum Ransomware Strikes Quickly, How to Prepare and RecoverNYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.
- Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google EmailFounders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.
- SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to CompaniesAnalysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.
- Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange ServersIceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
- The Danger of Online Data BrokersEnterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
- Vanity URLs Could Be Spoofed for Social Engineering AttacksAttackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
- Google Will Use Mobile Devices to Thwart Phishing AttacksIn an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.
- Novel Nerbian RAT Lurks Behind Faked COVID Safety EmailsMalicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
- What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain ControllersMicrosoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
- US Pledges to Help Ukraine Keep the Internet and Lights OnUS State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.
- Lincoln College Set to Close After Crippling CyberattackCOVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.
- Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print SpoolerKaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.
- Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence ReportingNew research-focused division focused on advancing innovation in the field of security operations.
- 5-Buck DCRat Malware Foretells a Worrying Cyber FutureThe Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.
- Onapsis Announces New Offering to Jumpstart Security for SAP CustomersCompany delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .
- Mastering the New CISO PlaybookHow can you safeguard your organization amid global conflict and uncertainty?
- Nokia Opens Cybersecurity Testing LabThe end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.
- How to Check If Your F5 BIG-IP Device Is VulnerableThis Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.
- Joker, Other Fleeceware Surges Back Into Google PlayThe infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services.
- Costa Rica Declares State of Emergency Under Sustained Conti CyberattacksConti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.
- 5 Tips to Protect Your Career Against a NarcissistWhen you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.
- NFTs Emerge as the Next Enterprise Attack VectorCybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.
- Deloitte Launches Expanded Cloud Security Management PlatformThe CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services.
- Security Stuff Happens: Where Do You Go From Here?Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.)
- Post-Quantum Cryptography Set to Replace RSA, ECCIn the next 10 years, public-key encryption needs to be replaced by post-quantum techniques that can stand up to the new challenges.
- Ikea Canada Breach Exposes 95K Customer RecordsAn unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.
- What We've Learned in the 12 Months Since the Colonial Pipeline AttackThe attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?
- Scammer Infects His Own Machine With Spyware, Reveals True IdentityAn operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.
- White House Moves to Shore Up US Post-Quantum Cryptography PostureBiden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.
- AT&T Expands Access to Advanced Secure Edge and Remote Workforce CapabilitiesAT&T SASE with Cisco Meraki offers fully integrated network and security tools for convenient, high-performing, and protected access from anywhere
- Passwords: Do Actions Speak Louder Than Words?For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it.
- Colonial Pipeline 1 Year Later: What Has Yet to Change?The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed.
- Microsoft, Apple, and Google Promise to Expand Passwordless FeaturesThe passwordless future just became closer to reality, as Microsoft, Apple, and Google pledge to make the standard possible across operating systems and browsers.
- Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account CredentialsThe same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.
- NIST Issues Guidance for Addressing Software Supply-Chain RiskAmid ongoing software supply-chain jitters, the US' top tech division is offering a finalized, comprehensive cybersecurity control framework for managing risk.
- A Third of Americans Use Easy-to-Guess Pet PasswordsFar too many turn to Jingles, Mittens, or Bella for password inspiration, given that these are some of the easiest passwords to crack.
- Critical Cisco VM-Escape Bug Threatens Host TakeoverThe vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.
- FBI: Bank Losses From BEC Attacks Top $43BLaw enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.
- Magnet Forensics Acquires Cybersecurity Software Firm Comae TechnologiesThe company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions
- Cisco Announces Cloud Controls Framework Is Now Available to PublicThe Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.
- Multichannel Phishing Concerns Cybersecurity Leaders in 2022With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.
- 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its SkinResearcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
- Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up AttacksCloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
- Why Security Matters Even More in Online GamingAs the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.
- GitHub to Developers: Turn on 2FA or Lose AccessAll active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.
- China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage AttackOperation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.
- Microsoft Releases Defender for SMBsMicrosoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.
- Q&A: How China Is Exporting Tech-Based Authoritarianism Across the WorldThe US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.
- VHD Ransomware Variant Linked to North Korean Cyber ArmyResearchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.
- Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached?A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)
- AI for Cybersecurity Shimmers With Promise, but Challenges AboundCompanies see AI-powered cybersecurity tools and systems as the future, but at present nearly 90% of them say they face significant hurdles in making use of them.
- What Star Wars Teaches Us About ThreatsThe venerable film franchise shows us how to take threats in STRIDE.
- AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps PlatformAutoRABIT intends to direct the funding toward growth initiatives and product development.
- Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) CapabilitiesAlso adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.
- SAC Health System Impacted By Security IncidentSix boxes of paper documents were removed from the facility without authorization in early March.
- Aryaka, Carnegie Mellon’s CyLab to Research New Threat Mitigation TechniquesThe security research partnership will focus on developing new techniques and releasing them as open source.
- What Should I Know About Defending IoT Attack Surfaces?The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.
- API Security Company Traceable AI Lands $60 Million Series BLatest round led by IVP values the company at $450 million.
- SolarWinds Attackers Gear Up for Typosquatting AttacksThe same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
- Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps ResearchersThe security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.
- REvil Revival: Are Ransomware Gangs Ever Really Gone?The infamous ransomware group appears to be back from the dead — maybe — and using the old brand, but experts question whether a reconstituted gang will have much success.
- Syxsense Launches Unified Endpoint Security and Management PlatformSyxsense Enterprise delivers real-time vulnerability monitoring and remediation for all endpoints across an organization’s entire network.
- Third-Party App Access Is the New Executable FileBy providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.
- How to Create a Cybersecurity Mentorship ProgramAs the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.
- Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector BusinessTiger Global Management invests $35 million in SkyHawk Security to accelerate growth.
- Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture PartnersFunding follows dramatic revenue growth as identity-based access requirements skyrocket.
- OccamSec Unveils New Cybersecurity PlatformProviding continuous penetration testing with context, and a host of other features, the Incenter platform is built to give organizations what they need to effectively secure their environment.
Cyber Security Feed.
You must be logged in to post a comment.