News Feed

• Best early Black Friday tech deals: Phones, laptops, smartwatches, more
  The most anticipated shopping event is starting early this year and we've rounded up the very best tech deals available right now.
• Best Buy Black Friday 2021 plans and the best deals available right now
  The electronics retailer is kicking things off today with an early Black Friday sale, while its official deals get started on November 19, a week before the actual Black Friday shopping day.
• Newegg's early Black Friday deals: PC parts, gaming chairs, more
  Bring new life to your computer setup with the freshest deals from Newegg.
• Airthings View Plus, hands on: Smart but pricey air quality monitoring
  This is a comprehensive air quality monitor with a handy display and wi-fi data sync that could enable automation.
• NI beefs up its electric vehicle, battery capabilities with two acquisitions
  The company said it acquired NH Research, which provides high power test and measurement applications, and outlined plans to buy the EV Systems business of Heinzinger GmbH.
• Samsung kicks off 'Samsung Week', joins early Black Friday festivities
  Samsung is bringing the Black Friday promotions early this year with daily deals, from Oct. 25 to Nov. 1.
• Salesforce adds tools to Field Service for more complex jobs
  The platform now has an improved Scheduling and Optimization Engine to help organizations handle jobs requiring multiple technicians or service phases.
• An Amazon rival reveals the only honest reason to get a video doorbell
  Is it to check that your Amazon parcels don't get stolen? Is it to help the police? No, this company is a little more truthful, and former Amazon employees founded it.
• Fairphone 4 5G review: A sustainable smartphone for ethical consumers
  You can get better specifications and performance for the price, but the Fairphone 4 5G offers an unrivalled combination of ethical sourcing, modular repairability and long-term software support.
• Best gifts for hackers 2021: Top cybersecurity presents
  From hobbyist hackers and programmers to professionals, people will love our picks for tech gifts this holiday season.
• Codenotary: Notarize and verify your software bill of materials
  What's really in that program? Codenotary can show your customers what's inside your software.
• Amazon's early Black Friday deals: Monitors, robot vacuums, more
  The commerce giant gets the Black Friday party started with deals on everyday gadgets and gizmos.
• Learn skills to kick off a lucrative cybersecurity career for only $20
  Entry-level IT professionals now have a quick, affordable way to boost their career opportunities by getting their foot in the door of a profitable cybersecurity career.
• Another cloud native SQL database unicorn: Yugabyte raises $188M Series C funding at $1.3B valuation
  A number of successive funding rounds have given Yugabyte unicorn status, while positioning the company to aim for a big piece of a growing pie in the shape-shifting database market
• BJ's unveils its Black Friday 2021 deals
  Though it's not starting its sales as early as some other retailers, the warehouse chain will begin its Black Friday discounts on November 4, including several on laptops, desktops and tablets.
• Cloud security in 2021: A business guide to essential tools and best practices
  Cloud applications have proved useful to enabling remote work. But cloud computing brings its own security risks.
• Ransomware: It's a 'golden era' for cyber criminals - and it could get worse before it gets better
  The ENISA Threat Landscape report details how ransomware has become the 'prime' cybersecurity threat facing organisations today.
• HTTPS threats grow more than 314% through 2021: Report
  Zscaler researchers are predicting an increase in ransomware attacks on e-commerce platforms during the holiday season.
• Qlik sets up fourth global cloud region in Singapore
  Business analytics vendor launches second Asia-Pacific cloud region in Singapore, and its fourth of such sites globally, as it looks to tap growing digital transformation efforts.
• Raspberry Pi Zero 2 W: New $15 board offers up to 5x the performance of its predecessor
  The ultra-cheap, ultra-hackable Raspberry Pi Zero 2 W offers a bump in both multi- and single-threading performance compared its 2015 namesake.

• 3 Security Lessons Learned From the Kaseya Ransomware Attack
  Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.
• You've Just Been Ransomed ... Now What?
  Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.
• HelpSystems Acquires Digital Guardian, Extends DLP Capabilities
  The acquisition strengthens HelpSystems’ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.
• Defenders Worry Orgs Are More Vulnerable Than Last Year
  Most IT and security leaders are confident their cybersecurity strategies are on the right track, but they still believe their organizations are as vulnerable as they were a year ago.
• QR Codes Help Attackers Sneak Emails Past Security Controls
  A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.
• Read Between the Lines: Finding Flaws in EPUB Reading Systems
  Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.
• Kaspersky Buys Brain4Net to Build SASE & XDR Tools
  Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.
• 6 Eye-Opening Statistics About Software Supply Chain Security
  The latest facts and figures on the state of software supply chain security in the enterprise.
• Cybercriminals Ramp Up Attacks on Web APIs
  As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.
• Identity-Focused Security Controls Prevail
  How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.
• Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvement in Building Cyber-Resilience
  This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.
• Cyber Readiness Institute Names Karen S. Evans as New Managing Director
  Former assistant secretary for cybersecurity, energy security, and emergency response at US Department of Energy and Homeland Security CIO to lead strategic vision and day-to-day operations.
• Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices
  Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.
• Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection
  Technology will be incorporated into Onfido’s Real Identity Platform.
• Avast Business Introduces Network Discovery for SMBs
  Avast's Network Discovery enables network administrators to easily analyze their entire IT network and deploy Avast Business security services.
• ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform
  Combination avails Secret Server customers to a range of SaaS services.
• Free Tool Helps Security Teams Measure Their API Attack Surface
  Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
• North Korea's Lazarus Group Turns to Supply Chain Attacks
  State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
• Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats
  Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.
• IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles
  IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.
• CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead
  As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.
• Gas Stations in Iran Downed by Cyberattack
  Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.
• Cybersecurity Talent Gap Narrows as Workforce Grows
  Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.
• DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation
  Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.
• Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised
  Growing up with computers and the Internet doesn't necessarily convey all the advantages often attributed to younger users.
• Pulling Back the Curtain on Bug Bounties
  It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.
• Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords
  Weaknesses in the current Wi-Fi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.
• OpenText Strengthens Ransomware Resilience
  New detection and alert functions within Carbonite Server increase data protection against ransomware.
• Forcepoint Completes Acquisition of Bitglass
  The acquisition of Bitglass will be the third technology acquisition for Forcepoint this year.
• Jumio Launches End-to-end Orchestration for its KYX Platform
  Platform combines digital identity proofing, compliance verification and anti-money laundering checks.
• SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
  Microsoft says the group has attacked more than 140 service providers and compromised 14 of them between May and October of this year.
• Industrial Goods & Services Tops Ransomware Targets in 2021
  While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.
• Who's In Your Wallet? Exploring Mobile Wallet Security
  Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
• 5 Ways CMMC Security Requirements May Impact Universities
  The Cybersecurity Maturity Model Certification puts research universities in a position where they must validate the effectiveness of their security controls before applying for a grant or bidding on a government contract.
• How We Can Narrow the Talent Shortage in Cybersecurity
  Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a "cybersecurity professional" and rewriting traditional job descriptions.
• Ransomware Rise Pushes Organizations to Prepare for Attack
  Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.
• aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team
  Software supply chain security experts to drive aggressive go-to-market strategy
• 'TodayZoo' Phishing Kit Cobbled Together From Other Malware
  Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.
• 7 Ways to Lock Down Enterprise Printers
  Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.
• What Does Better Insider Risk Management Look Like?
  Conventional data security tools do not address insider risk — a growing problem in today's remote-hybrid world. We need a better way to manage insider risk.
• What Squid Game Teaches Us About Cybersecurity
  When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.
• Google Buckles Down on Android Enterprise Security
  The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.
• Malware Abuses Core Features of Discord
  Researchers warn that Discord's bot framework can be easily weaponized.
• Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All
  Online cybersecurity professional development platform bolsters the Check Point Education Initiative.
• Security Teams Still Favor Prevention Over Detection
  Security leaders are adopting a multilayered approach to address new security threats and risks.
• Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware
  Guardicore's micro-segmentation products will be added to Akamai's portfolio of Zero Trust solutions.
• Plurilock to Acquire Assets of CloudCodes Software
  Transaction marks Plurilock’s second acquisition in 2021.
• Invicti Security Announces $625 Million Growth Investment Led by Summit Partners
  Web application security provider plans to leverage new investment to continue product expansion and support global growth.
• Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
  Response and recovery have significant impact on 58% of targeted businesses.
• Cohesity Announces Disaster Recovery as a Service, Providing Automated Disaster Recovery
  New offering can help businesses quickly recover from ransomware attacks, speed data recovery, and advance business continuity.
• Why Should My Organization Consider XDR?
  XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.
• Microsoft Launches Security Program for Nonprofits
  A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.
• Macs Still Targeted Mostly With Adware, Less With Malware
  The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.
• How Psychology Can Save Your Cybersecurity Awareness Training Program
  Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.
• Proposed HTTPA Protocol Uses TEEs to Secure the Web
  Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost Web security.
• Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students
  $10,000 to be awarded annually for four years each by Optiv’s Black Employee Network.
• Microsoft-Signed Rootkit Targets Gaming Environments in China
  FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process.
• Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges
  Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.
• MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services
  Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.
• CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations
  Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.
• Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme
  Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.
• Google: Phishing Campaign Targets YouTube Creators
  The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.
• Removing Friction for the Enterprise With Trusted Access
  Our work lives are supposed to be simpler and easier because of technology. At least that’s the promise.
• Passwordless Is the Future … but What About the Present?
  Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits — and drawbacks — to users.
• The Ransomware Payment Dilemma: Should Victims Pay or Not?
  It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.
• JavaScript Packing Found in More Than 25% of Malicious Sites
  Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.
• Deepfake Audio Scores $35M in Corporate Heist
  A combination of business email compromise and deepfake audio led a branch manager to transfer millions to scammers, in a case that serves as a warning to organizations.
• Penetration Testing in the Cloud Demands a Different Approach
  Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.
• Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign
  LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.
• Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises
  Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
• Enterprise Cybersecurity Strategies Are Getting More Attention
  Data in Dark Reading's "2021 Strategic Security Survey" report suggest organizations are taking the security challenge seriously.
• Query.ai Closes $15M Series A for Security Investigations Tool
  The funding will support product development for Query.AI's browser-based security investigations tool.
• Keysight Technologies Acquires SCALABLE Network Technologies
  Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio.
• 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored
  Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.
• CrowdStrike Invests in Microsoft AD Competitor JumpCloud
  Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.
• Candy Corn Maker Hit With Ransomware
  Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.
• Name That Toon: Bone Dry
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
• Privacy Management for Microsoft 365 Now Generally Available
  The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.
• Winners Announced for 2021 Infosec Inspire Security Awareness Awards
  Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.
• Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors
  Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.
• Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster
  Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.
• Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency
  Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.
• The Simmering Cybersecurity Risk of Employee Burnout
  Why understanding human behavior is essential to building resilient security systems.
• Damages Escalate Rapidly in Multiparty Data Breaches
  Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage.
• 7 Cross-Industry Technology Trends That Will Disrupt the World
  Recent McKinsey analysis examines which technologies will have the most momentum in the next 10 years. These are the trends security teams need to know to protect their organizations effectively.
• FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream
  New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies.
• Group With Potential Links to Iranian Threat Actor Resurfaces
  The Lyceum group has previously been linked to attacks on targets in the Middle East.
• Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud
  As retailers roll out more fulfillment options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.
• NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware
  Ransomware has become a "national security issue," NSA director said.
• (ISC)² Plans Entry-Level Certification for Aspiring Security Pros
  The certification aims to help new entrants to the security field with professional development and career paths early on.
• Sinclair Broadcast Group Confirms Ransomware Attack
  The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.
• In Cyberwar, Attribution Can Be Impossible — and That's OK
  Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
• 10 Hot Red Team Tools Set to Hit Black Hat Europe
  The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros.
• China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
  China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
• Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
  Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
• How Attackers Hack Humans
  Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.
• 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks
  Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.
• Evolution Equity Partners Close $400M for Cybersecurity Investments
  The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
• From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
  Why a passion for helping people is key to delivering effective cybersecurity solutions.
• How AI Can Stop Zero-Day Ransomware
  Ransomware attacks are unpredictable. AI is better at figuring out what looks malicious and abnormal than humans will ever be.

• 3 Security Lessons Learned From the Kaseya Ransomware Attack
  Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.
• You've Just Been Ransomed ... Now What?
  Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.
• HelpSystems Acquires Digital Guardian, Extends DLP Capabilities
  The acquisition strengthens HelpSystems’ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.
• Defenders Worry Orgs Are More Vulnerable Than Last Year
  Most IT and security leaders are confident their cybersecurity strategies are on the right track, but they still believe their organizations are as vulnerable as they were a year ago.
• QR Codes Help Attackers Sneak Emails Past Security Controls
  A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.
• Read Between the Lines: Finding Flaws in EPUB Reading Systems
  Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.
• Kaspersky Buys Brain4Net to Build SASE & XDR Tools
  Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.
• 6 Eye-Opening Statistics About Software Supply Chain Security
  The latest facts and figures on the state of software supply chain security in the enterprise.
• Cybercriminals Ramp Up Attacks on Web APIs
  As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.
• Identity-Focused Security Controls Prevail
  How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.
• Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvement in Building Cyber-Resilience
  This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.
• Cyber Readiness Institute Names Karen S. Evans as New Managing Director
  Former assistant secretary for cybersecurity, energy security, and emergency response at US Department of Energy and Homeland Security CIO to lead strategic vision and day-to-day operations.
• Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices
  Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.
• Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection
  Technology will be incorporated into Onfido’s Real Identity Platform.
• Avast Business Introduces Network Discovery for SMBs
  Avast's Network Discovery enables network administrators to easily analyze their entire IT network and deploy Avast Business security services.
• ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform
  Combination avails Secret Server customers to a range of SaaS services.
• Free Tool Helps Security Teams Measure Their API Attack Surface
  Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
• North Korea's Lazarus Group Turns to Supply Chain Attacks
  State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
• Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats
  Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.
• IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles
  IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.
• CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead
  As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.
• Gas Stations in Iran Downed by Cyberattack
  Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.
• Cybersecurity Talent Gap Narrows as Workforce Grows
  Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.
• DoJ & Europol Arrest 150 in Disruption of DarkNet Drug Operation
  Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.
• Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised
  Growing up with computers and the Internet doesn't necessarily convey all the advantages often attributed to younger users.
• Pulling Back the Curtain on Bug Bounties
  It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.
• Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords
  Weaknesses in the current Wi-Fi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.
• OpenText Strengthens Ransomware Resilience
  New detection and alert functions within Carbonite Server increase data protection against ransomware.
• Forcepoint Completes Acquisition of Bitglass
  The acquisition of Bitglass will be the third technology acquisition for Forcepoint this year.
• Jumio Launches End-to-end Orchestration for its KYX Platform
  Platform combines digital identity proofing, compliance verification and anti-money laundering checks.
• SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
  Microsoft says the group has attacked more than 140 service providers and compromised 14 of them between May and October of this year.
• Industrial Goods & Services Tops Ransomware Targets in 2021
  While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.
• Who's In Your Wallet? Exploring Mobile Wallet Security
  Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
• 5 Ways CMMC Security Requirements May Impact Universities
  The Cybersecurity Maturity Model Certification puts research universities in a position where they must validate the effectiveness of their security controls before applying for a grant or bidding on a government contract.
• How We Can Narrow the Talent Shortage in Cybersecurity
  Filling crucial roles in cybersecurity and addressing the talent shortage requires rethinking who qualifies as a "cybersecurity professional" and rewriting traditional job descriptions.
• Ransomware Rise Pushes Organizations to Prepare for Attack
  Ransomware attacks continue to grow in number and severity, data shows, but organizations are stepping up to prepare for the threat.
• aDolus Raises $2.5M to Secure Critical Infrastructure and Grow Sales and Marketing Team
  Software supply chain security experts to drive aggressive go-to-market strategy
• 'TodayZoo' Phishing Kit Cobbled Together From Other Malware
  Microsoft's analysis of a recent phishing attack shows how cybercriminals are mixing and matching to efficiently develop their attack frameworks.
• 7 Ways to Lock Down Enterprise Printers
  Following the PrintNightmare case, printer security has become a hot issue for security teams. Here are seven ways to keep printers secure on enterprise networks.
• What Does Better Insider Risk Management Look Like?
  Conventional data security tools do not address insider risk — a growing problem in today's remote-hybrid world. We need a better way to manage insider risk.
• What Squid Game Teaches Us About Cybersecurity
  When life inside the security operations center feels treacherous, here are some suggestions for getting out alive.
• Google Buckles Down on Android Enterprise Security
  The launch of Android 12 brings several new default security features, along with new security efforts for Android Enterprise.
• Malware Abuses Core Features of Discord
  Researchers warn that Discord's bot framework can be easily weaponized.
• Cybrary Launches New Partnership with Check Point Software to Make Cybersecurity Training Accessible to All
  Online cybersecurity professional development platform bolsters the Check Point Education Initiative.
• Security Teams Still Favor Prevention Over Detection
  Security leaders are adopting a multilayered approach to address new security threats and risks.
• Akamai Technologies Completes Acquisition of Guardicore to Extend Its Zero Trust Solutions to Help Stop Ransomware
  Guardicore's micro-segmentation products will be added to Akamai's portfolio of Zero Trust solutions.
• Plurilock to Acquire Assets of CloudCodes Software
  Transaction marks Plurilock’s second acquisition in 2021.
• Invicti Security Announces $625 Million Growth Investment Led by Summit Partners
  Web application security provider plans to leverage new investment to continue product expansion and support global growth.
• Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
  Response and recovery have significant impact on 58% of targeted businesses.
• Cohesity Announces Disaster Recovery as a Service, Providing Automated Disaster Recovery
  New offering can help businesses quickly recover from ransomware attacks, speed data recovery, and advance business continuity.
• Why Should My Organization Consider XDR?
  XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.
• Microsoft Launches Security Program for Nonprofits
  A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.
• Macs Still Targeted Mostly With Adware, Less With Malware
  The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.
• How Psychology Can Save Your Cybersecurity Awareness Training Program
  Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.
• Proposed HTTPA Protocol Uses TEEs to Secure the Web
  Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost Web security.
• Optiv Announces Second Annual $40,000 Scholarship for Black, African American Identifying STEM Students
  $10,000 to be awarded annually for four years each by Optiv’s Black Employee Network.
• Microsoft-Signed Rootkit Targets Gaming Environments in China
  FiveSys is the second publicly known rootkit since June that attackers have managed to sneak past Microsoft's driver certification process.
• Microsoft, Intel, and Goldman Sachs to Lead New TCG Work Group to Tackle Supply Chain Security Challenges
  Led by representatives from the three companies, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.
• MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services
  Offering to provide transparency into the capabilities of managed security service providers and and managed detection and response competencies.
• CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations
  Award recipients NPower and CyberWarrior recognized for development of cyber workforce training programs.
• Execs From Now-Defunct GigaTrust Arrested in $50M Fraud Scheme
  Email endpoint security-as-a-service company founder and two others indicted in an elaborate financial fraud scheme.
• Google: Phishing Campaign Targets YouTube Creators
  The attackers behind the campaign, which distributes cookie theft malware, are attributed to actors recruited in a Russian-speaking forum.
• Removing Friction for the Enterprise With Trusted Access
  Our work lives are supposed to be simpler and easier because of technology. At least that’s the promise.
• Passwordless Is the Future … but What About the Present?
  Password managers, single sign-on, and multifactor authentication each offers its own methodology and unique set of benefits — and drawbacks — to users.
• The Ransomware Payment Dilemma: Should Victims Pay or Not?
  It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect.
• JavaScript Packing Found in More Than 25% of Malicious Sites
  Obfuscation techniques are extremely prevalent, data shows, but they can't be used as a single indicator of compromise because legitimate websites use them.
• Deepfake Audio Scores $35M in Corporate Heist
  A combination of business email compromise and deepfake audio led a branch manager to transfer millions to scammers, in a case that serves as a warning to organizations.
• Penetration Testing in the Cloud Demands a Different Approach
  Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments.
• Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign
  LightBasin has displayed in-depth knowledge of telecom architectures and protocols in its attacks, security vendor warns.
• Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises
  Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
• Enterprise Cybersecurity Strategies Are Getting More Attention
  Data in Dark Reading's "2021 Strategic Security Survey" report suggest organizations are taking the security challenge seriously.
• Query.ai Closes $15M Series A for Security Investigations Tool
  The funding will support product development for Query.AI's browser-based security investigations tool.
• Keysight Technologies Acquires SCALABLE Network Technologies
  Simulation and modeling solutions augment Keysight's 5G and cybersecurity portfolio.
• 2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored
  Research by ThycoticCentrify shows a majority of organizations experienced a ransomware attack, while 93% are allocating special budget to fight growing threats.
• CrowdStrike Invests in Microsoft AD Competitor JumpCloud
  Closes out $225 million Series F with additional $66 million raised from Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and others.
• Candy Corn Maker Hit With Ransomware
  Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.
• Name That Toon: Bone Dry
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
• Privacy Management for Microsoft 365 Now Generally Available
  The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.
• Winners Announced for 2021 Infosec Inspire Security Awareness Awards
  Institute of International Education and Inflection Point Systems recognized for their advanced security awareness and training programs.
• Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors
  Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.
• Data Privacy API Company Skyflow Raises $45M Series B Funding to Help Fintech and Healthtech Companies Ship Faster
  Achieves 8x growth in last three quarters, and raises $70M in less than 18 months.
• Veritas Simplifies Data Backup to the Cloud While Helping Reduce Costs and Increase Ransomware Resiliency
  Introducing Veritas NetBackup Recovery Vault, a Veritas-managed cloud storage service.
• The Simmering Cybersecurity Risk of Employee Burnout
  Why understanding human behavior is essential to building resilient security systems.
• Damages Escalate Rapidly in Multiparty Data Breaches
  Analysis of the top-50 multiparty attacks over the past decade finds that nation-state-linked hackers focused on disruption and using stolen credentials cause the most damage.
• 7 Cross-Industry Technology Trends That Will Disrupt the World
  Recent McKinsey analysis examines which technologies will have the most momentum in the next 10 years. These are the trends security teams need to know to protect their organizations effectively.
• FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream
  New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies.
• Group With Potential Links to Iranian Threat Actor Resurfaces
  The Lyceum group has previously been linked to attacks on targets in the Middle East.
• Loss Prevention Teams Up With Cybersecurity to Address Retail Fraud
  As retailers roll out more fulfillment options, loss prevention professionals are increasingly shifting their attention from in-store theft to e-commerce fraud.
• NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware
  Ransomware has become a "national security issue," NSA director said.
• (ISC)² Plans Entry-Level Certification for Aspiring Security Pros
  The certification aims to help new entrants to the security field with professional development and career paths early on.
• Sinclair Broadcast Group Confirms Ransomware Attack
  The US television station operator has revealed certain servers and workstations, as well as office and operational networks, were disrupted in the attack.
• In Cyberwar, Attribution Can Be Impossible — and That's OK
  Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
• 10 Hot Red Team Tools Set to Hit Black Hat Europe
  The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros.
• China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
  China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
• Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
  Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
• How Attackers Hack Humans
  Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.
• 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks
  Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.
• Evolution Equity Partners Close $400M for Cybersecurity Investments
  The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
• From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
  Why a passion for helping people is key to delivering effective cybersecurity solutions.
• How AI Can Stop Zero-Day Ransomware
  Ransomware attacks are unpredictable. AI is better at figuring out what looks malicious and abnormal than humans will ever be.

Cyber Security Feed.