Dark Reading: Attacks/Breaches
Ransomware Strikes 49 School Districts & Colleges in 2019
Fri, 20 Sep 2019 15:15:00 EDT
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
Thu, 19 Sep 2019 18:30:00 EDT
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Deconstructing an iPhone Spearphishing Attack
Thu, 19 Sep 2019 14:00:00 EDT
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Crowdsourced Security & the Gig Economy
Thu, 19 Sep 2019 10:00:00 EDT
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
How Cybercriminals Exploit Simple Human Mistakes
Wed, 18 Sep 2019 16:45:00 EDT
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
DevSecOps: Recreating Cybersecurity Culture
Wed, 18 Sep 2019 14:00:00 EDT
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
Cryptominer Attacks Ramp Up, Focus on Persistence
Wed, 18 Sep 2019 11:40:00 EDT
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
How Ransomware Criminals Turn Friends into Enemies
Wed, 18 Sep 2019 10:00:00 EDT
Managed service providers are the latest pawns in ransomware's game of chess.
Impersonation Fraud Still Effective in Obtaining Code Signatures
Tue, 17 Sep 2019 10:30:00 EDT
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Mon, 16 Sep 2019 17:30:00 EDT
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
Malware Linked to Ryuk Targets Financial & Military Data
Fri, 13 Sep 2019 16:15:00 EDT
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
US Sanctions 3 Cyberattack Groups Tied to DPRK
Fri, 13 Sep 2019 15:00:00 EDT
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
6 Questions to Ask Once You've Learned of a Breach
Fri, 13 Sep 2019 13:30:00 EDT
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
Taking a Fresh Look at Security Ops: 10 Tips
Fri, 13 Sep 2019 10:00:00 EDT
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
Thu, 12 Sep 2019 16:00:00 EDT
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Thu, 12 Sep 2019 14:45:00 EDT
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
A Definitive Guide to Crowdsourced Vulnerability Management
Thu, 12 Sep 2019 14:00:00 EDT
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
NetCAT Vulnerability Is Out of the Bag
Thu, 12 Sep 2019 13:30:00 EDT
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
The Fight Against Synthetic Identity Fraud
Thu, 12 Sep 2019 10:00:00 EDT
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Wed, 11 Sep 2019 14:00:00 EDT
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.