Nostr notes by darkreading

SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar ...

2024-05-23T22:00:37Z

SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats

https://www.darkreading.com/cybersecurity-operations/socradar-secures-25-2m-in-funding-to-combat-multibillion-dollar-cyber-security-threats

Seizing Control of the Cloud Security Cockpit Much like an ...

2024-05-23T22:00:28Z

Seizing Control of the Cloud Security Cockpit

Much like an airplane's dashboard, configurations are the way we control cloud applications and SaaS tools. It's also the entry point for too many security threats. Here are some ideas for making the ...

https://www.darkreading.com/cloud-security/seizing-control-cloud-security-configuration-cockpit

Concentric AI to Unveil Data Security Remediation and Compliance ...

2024-05-23T22:00:20Z

Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024

https://www.darkreading.com/application-security/concentric-ai-to-unveil-new-data-security-remediation-and-compliance-reporting-capabilities-at-infosecurity-europe-2024

Bugcrowd Acquires Informer to Enhance Attack Surface Management, ...

2024-05-23T21:50:16Z

Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing

https://www.darkreading.com/cyberattacks-data-breaches/bugcrowd-acquires-informer-to-enhance-attack-surface-management-penetration-testing

MIT Brothers Charged With Exploiting Ethereum to Steal $25 ...

2024-05-23T21:26:29Z

MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million

The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency?

https://www.darkreading.com/cyberattacks-data-breaches/mit-brothers-charged-with-exploiting-ethereum-to-steal-25-million-dollars

Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack ...

2024-05-23T21:00:16Z

Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack

With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials.

https://www.darkreading.com/cyberattacks-data-breaches/courtroom-recording-platform-javs-hijacked-for-supply-chain-attack

Stalkerware App With Security Bug Discovered on Hotel Systems The ...

2024-05-23T20:25:17Z

Stalkerware App With Security Bug Discovered on Hotel Systems

The spyware is able to capture screenshots of a user's device every few seconds from any location globally.

https://www.darkreading.com/cyber-risk/stalkerware-app-with-security-bug-discovered-on-hotel-systems

New Gift Card Scam Targets Retailers, Not Buyers, to Print ...

2024-05-23T19:00:17Z

New Gift Card Scam Targets Retailers, Not Buyers, to Print Endless $$$

Microsoft researchers discover an old-timey scam with a facelift for the cloud era: hacking retailers' portals to make it rain gift cards.

https://www.darkreading.com/threat-intelligence/new-gift-card-scam-targets-retailers-not-buyers-to-print-endless-money

New Mindset Needed for Large Language Models With the right mix ...

2024-05-23T14:02:35Z

New Mindset Needed for Large Language Models

With the right mix of caution, creativity, and commitment, we can build a future where LLMs are not just powerful, but also fundamentally trustworthy.

https://www.darkreading.com/cybersecurity-operations/new-mindset-needed-for-large-language-models

Critical Flaw in Replicate AI Platform Exposes Proprietary Data ...

2024-05-23T14:02:26Z

Critical Flaw in Replicate AI Platform Exposes Proprietary Data

The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources.

https://www.darkreading.com/cloud-security/critical-flaw-in-replicate-ai-platform-exposes-customer-models-proprietary-data

Persistent Burnout Is Still a Crisis in Cybersecurity Burnout has ...

2024-05-23T12:27:02Z

Persistent Burnout Is Still a Crisis in Cybersecurity

Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry?

https://www.darkreading.com/cybersecurity-careers/persistent-burnout-is-still-a-crisis-in-cybersecurity

China APT Stole Geopolitical Secrets From Middle East, Africa ...

2024-05-23T10:28:14Z

China APT Stole Geopolitical Secrets From Middle East, Africa &amp; Asia

One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.

https://www.darkreading.com/threat-intelligence/china-apt-stole-geopolitical-secrets-from-middle-east-africa-and-asia

US Pumps $50M Into Better Healthcare Cyber Resilience Upgrade, an ...

2024-05-22T20:25:29Z

US Pumps $50M Into Better Healthcare Cyber Resilience

Upgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care.

https://www.darkreading.com/cybersecurity-operations/us-pumps-50m-into-better-healthcare-cyber-resilience

GitHub Authentication Bypass Opens Enterprise Server to Attackers ...

2024-05-22T20:00:25Z

GitHub Authentication Bypass Opens Enterprise Server to Attackers

The max-severity bug affects versions using the SAML single sign-on mechanism.

https://www.darkreading.com/vulnerabilities-threats/github-authentication-bypass-opens-enterprise-server-attackers

Snowflake&apos;s Anvilogic Investment Signals Changes in ...

2024-05-22T19:50:33Z

Snowflake&apos;s Anvilogic Investment Signals Changes in SIEM Market

Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC ...

https://www.darkreading.com/cybersecurity-analytics/snowflake-anvilogic-investment-sign-of-changes-siem

Trends at the 2024 RSA Startup Competition Startups at Innovation ...

2024-05-22T17:25:58Z

Trends at the 2024 RSA Startup Competition

Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models.

https://www.darkreading.com/vulnerabilities-threats/trends-at-2024-rsa-startup-competition

Novel EDR-Killing &apos;GhostEngine&apos; Malware ...

2024-05-22T14:25:27Z

Novel EDR-Killing &apos;GhostEngine&apos; Malware Is Built for Stealth

The previously unknown malware (aka Hidden Shovel) is a ghost in the machine: It silently attacks kernel drivers to shut down security defense systems and thus evade detection.

https://www.darkreading.com/cyberattacks-data-breaches/novel-edr-killing-ghostengine-malware-stealth

Chinese &apos;ORB&apos; Networks Conceal APTs, ...

2024-05-22T14:01:01Z

Chinese &apos;ORB&apos; Networks Conceal APTs, Render Static IoCs Irrelevant

Mandiant warns that defenders must rethink how to thwart Chinese cyber-espionage groups now using professional "infrastructure-as-a-service" operational relay box networks of virtual private servers a...

https://www.darkreading.com/cybersecurity-operations/chinese-orb-networks-conceal-apts-make-tracking-iocs-irrelevant

Preparing Your Organization for Upcoming Cybersecurity Deadlines ...

2024-05-22T14:00:50Z

Preparing Your Organization for Upcoming Cybersecurity Deadlines

Federal and state regulators have introduced new rules and mandates aimed at holding organizations accountable when it comes to cybersecurity. Here's how to get ready.

https://www.darkreading.com/cybersecurity-operations/preparing-your-organization-upcoming-cybersecurity-deadlines

Critical Netflix Genie Bug Opens Big Data Orchestration to RCE ...

2024-05-22T13:02:59Z

Critical Netflix Genie Bug Opens Big Data Orchestration to RCE

The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections t...

https://www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service

Outsourcing Security Without Increasing Risk Few enterprises have ...

2024-05-22T06:51:34Z

Outsourcing Security Without Increasing Risk

Few enterprises have all the cybersecurity skills and resources they need in-house, making outsourcing a necessity. How do they select, and work with, third-party security service providers?

https://www.darkreading.com/cybersecurity-operations/outsourcing-security-without-increasing-risk

SAGE Cyber Launches CISO Planning Tool As a newly independent ...

2024-05-22T03:50:40Z

SAGE Cyber Launches CISO Planning Tool

As a newly independent company, SAGE Cyber will offer a platform that helps CISOs make data-driven decisions and optimize their security defenses.

https://www.darkreading.com/cybersecurity-operations/sage-cyber-launches-ciso-planning-tool

WitnessAI Launches With Guardrails for AI AI safety platform ...

2024-05-22T03:28:17Z

WitnessAI Launches With Guardrails for AI

AI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.

https://www.darkreading.com/cloud-security/witnessai-launches-with-guardrails-for-ai

Picking the Right Database Tech for Cybersecurity Defense Graph ...

2024-05-22T02:00:23Z

Picking the Right Database Tech for Cybersecurity Defense

Graph and streaming databases are helping defenders deal with complex, real-time threat and cybersecurity data to find weak points before attackers.

https://www.darkreading.com/cybersecurity-analytics/picking-right-database-tech-cybersecurity-defense

Iran APTs Tag Team Espionage, Wiper Attacks Against Israel ...

2024-05-21T21:25:32Z

Iran APTs Tag Team Espionage, Wiper Attacks Against Israel &amp; Albania

Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore.

https://www.darkreading.com/threat-intelligence/iran-apts-tag-team-espionage-wiper-attacks-against-israel-and-albania

YouTube Becomes Latest Battlefront for Phishing, Deepfakes ...

2024-05-21T21:00:15Z

YouTube Becomes Latest Battlefront for Phishing, Deepfakes

Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks.

https://www.darkreading.com/vulnerabilities-threats/youtube-becomes-latest-frontier-for-phishing-deepfakes

EPA Puts Teeth Into Water Sector Cyber Efforts The agency plans ...

2024-05-21T17:50:23Z

EPA Puts Teeth Into Water Sector Cyber Efforts

The agency plans to get more serious about enforcement as Iran and Russia step up the volume of cyberattacks on water systems nationwide.

https://www.darkreading.com/ics-ot-security/epa-water-sector-cyber-efforts

Name That Toon: Buzz Kill Feeling creative? Submit your caption ...

2024-05-21T17:25:27Z

Name That Toon: Buzz Kill

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/cyberattacks-data-breaches/name-that-toon-buzz-kill

Russia&apos;s Turla APT Abuses MSBuild to Deliver ...

2024-05-21T14:50:38Z

Russia&apos;s Turla APT Abuses MSBuild to Deliver TinyTurla Backdoor

A threat campaign luring users with malicious documents related to human rights and public notices is aimed at giving the Russia-backed threat group access to victims' systems for cyber-espionage purp...

https://www.darkreading.com/cyberattacks-data-breaches/russia-turla-apt-msbuild-tinyturla-backdoor

Can Cybersecurity Be a Unifying Factor in Digital Trade ...

2024-05-21T14:25:17Z

Can Cybersecurity Be a Unifying Factor in Digital Trade Negotiations?

As we face continued headwinds on provisions like data flows and e-customs duties, further progress is both needed and achievable in digital trade policy.

https://www.darkreading.com/cybersecurity-operations/can-cybersecurity-be-unifying-factor-in-digital-trade-negotiations-

Transforming CISOs into Storytellers Faced with chilling new SEC ...

2024-05-21T12:25:51Z

Transforming CISOs into Storytellers

Faced with chilling new SEC rules, chief information security officers are learning soft skills to help them better communicate cybersecurity concerns with the C-suite.

https://www.darkreading.com/cyber-risk/transforming-cisos-into-storytellers

OpenSSF Siren to Share Threat Intelligence for Open Source ...

2024-05-21T12:00:59Z

OpenSSF Siren to Share Threat Intelligence for Open Source Software

The Siren email mailing list will focus on operational impact and response and act as a central location to provide information about threats and necessary post-disclosure activities.

https://www.darkreading.com/application-security/openssf-siren-to-share-threat-intelligence-for-open-source-software

DoJ Shakes Up North Korea&apos;s Widespread IT Freelance ...

2024-05-21T00:00:54Z

DoJ Shakes Up North Korea&apos;s Widespread IT Freelance Scam Operation

Fraudsters based in the US and Europe indicted for helping North Korea's nation-state groups establish fake freelancer identities and evade sanctions.

https://www.darkreading.com/vulnerabilities-threats/doj-targets-north-koreas-widespread-it-freelance-scam-operation

Google Pitches Workspace as Microsoft Email Alternative, Citing ...

2024-05-20T22:25:31Z

Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report

The new Secure Alternative Program from Google aims to entice customers away from Exchange Online and break Microsoft's dominance in enterprise.

https://www.darkreading.com/application-security/google-pitches-workspace-as-more-secure-option-to-microsoft-email-citing-csrb-report

CyberArk Picks Up Machine Identity Manager Venafi For $1.54B The ...

2024-05-20T21:25:56Z

CyberArk Picks Up Machine Identity Manager Venafi For $1.54B

The acquisition gives CyberArk new IoT identity and certificate lifecycle management, cryptographic code-signing, and other services to secure the enterprise cloud.

https://www.darkreading.com/cloud-security/cyberark-picks-up-machine-id-manager-venafi-for-1-54b

ZeroRisk Cybersecurity Expands Global Presence With US Launch ...

2024-05-20T20:25:47Z

ZeroRisk Cybersecurity Expands Global Presence With US Launch

https://www.darkreading.com/cyber-risk/zerorisk-cybersecurity-expands-global-presence-with-us-launch

Deepfakes Rank As the Second Most Common Cybersecurity Incident ...

2024-05-20T20:25:39Z

Deepfakes Rank As the Second Most Common Cybersecurity Incident for US Businesses

https://www.darkreading.com/cyberattacks-data-breaches/deepfakes-rank-as-the-second-most-common-cybersecurity-incident-for-us-businesses

Data Breach Response Provider, CyEx, Acquires Settlement ...

2024-05-20T20:25:31Z

Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc.

https://www.darkreading.com/cyberattacks-data-breaches/data-breach-response-provider-cyex-acquires-settlement-administrator-simpluris-inc-

HP Catches Cybercriminals ...

2024-05-20T20:25:23Z

HP Catches Cybercriminals &apos;Cat-Phishing&apos; Users

https://www.darkreading.com/vulnerabilities-threats/hp-catches-cybercriminals-cat-phishing-users

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud ...

2024-05-20T20:00:31Z

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment.

https://www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms

NRECA Receives $4M in DOE Funding to Boost Electric Co-op ...

2024-05-20T20:00:23Z

NRECA Receives $4M in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness

https://www.darkreading.com/ics-ot-security/nreca-receives-4m-in-doe-funding-to-boost-electric-co-op-cybersecurity-preparedness

Students Spot Washing Machine App Flaw That Gives Out Free Cycles ...

2024-05-20T19:50:38Z

Students Spot Washing Machine App Flaw That Gives Out Free Cycles

UCSC students say that after reporting the bug months ago they're still able to rack up unlimited free wash loads at their local laundromat.

https://www.darkreading.com/ics-ot-security/students-spot-washing-machine-app-flaw-that-gives-out-free-cycles

What American Enterprises Can Learn From Europe&apos;s ...

2024-05-20T14:50:47Z

What American Enterprises Can Learn From Europe&apos;s GDPR Mistakes

As the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe's costly missteps.

https://www.darkreading.com/cyber-risk/what-american-enterprises-can-learn-from-europe-gdpr-mistakes

Android Banking Trojan Antidot Disguised as Google Play Update ...

2024-05-20T13:26:55Z

Android Banking Trojan Antidot Disguised as Google Play Update

Antidot uses overlay attacks and keylogging to target users' financial data.

https://www.darkreading.com/endpoint-security/android-banking-trojan-antidot-disguised-as-google-play-update

CISOs Grapple With IBM&apos;s Unexpected Cybersecurity ...

2024-05-17T22:25:24Z

CISOs Grapple With IBM&apos;s Unexpected Cybersecurity Software Exit

IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms.

https://www.darkreading.com/cybersecurity-analytics/ciso-grapple-with-ibm-unexpected-cybersecurity-software-exit

CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC ...

2024-05-17T21:25:17Z

CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking do...

https://www.darkreading.com/cybersecurity-operations/ciso-corner-cyber-labor-shortage-trouble-meeting-sec-disclosure-deadlines

Intel Discloses Max Severity Bug in Its AI Model Compression ...

2024-05-17T20:00:21Z

Intel Discloses Max Severity Bug in Its AI Model Compression Software

The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems.

https://www.darkreading.com/cyber-risk/intel-discloses-max-severity-bug-in-its-ai-model-compression-software

10 Ways a Digital Shield Protects Apps and APIs Layers of ...

2024-05-17T19:00:36Z

10 Ways a Digital Shield Protects Apps and APIs

Layers of protection can bring defense-in-depth practices to distributed clouds and other modern network architectures.

https://www.darkreading.com/cloud-security/10-ways-a-digital-shield-protects-apps-and-apis-in-a-distributed-cloud-world

SEC Adds New Incident Response Rules for Financial Sector ...

2024-05-17T18:25:43Z

SEC Adds New Incident Response Rules for Financial Sector

Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches.

https://www.darkreading.com/cyber-risk/sec-adds-new-incident-response-rules-for-financial-sector

400K Linux Servers Recruited by Resurrected Ebury Botnet ...

2024-05-17T16:00:45Z

400K Linux Servers Recruited by Resurrected Ebury Botnet

Cryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe.

https://www.darkreading.com/threat-intelligence/400k-linux-servers-recruited-by-resurrected-ebury-botnet

CISOs and Their Companies Struggle to Comply With SEC Disclosure ...

2024-05-17T14:00:55Z

CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules

Most companies still can't determine whether a breach is material within the four days mandated by the SEC, skewing incident response.

https://www.darkreading.com/cybersecurity-operations/cisos-and-their-companies-struggle-to-comply-with-sec-disclosure-rules

Whose Data Is It Anyway? Equitable Access in Cybersecurity ...

2024-05-17T14:00:46Z

Whose Data Is It Anyway? Equitable Access in Cybersecurity

Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data.

https://www.darkreading.com/cybersecurity-operations/whose-data-is-it-anyway-equitable-access-in-cybersecurity

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days A number of ...

2024-05-17T12:01:48Z

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days

A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.

https://www.darkreading.com/vulnerabilities-threats/microsoft-has-yet-to-patch-7-pwn2own-zero-days

There Is No Cyber Labor Shortage There are plenty of valuable ...

2024-05-16T21:50:48Z

There Is No Cyber Labor Shortage

There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.

https://www.darkreading.com/cybersecurity-operations/no-cyber-labor-shortage

Addressing the Cybersecurity Vendor Ecosystem Disconnect How ...

2024-05-16T21:50:40Z

Addressing the Cybersecurity Vendor Ecosystem Disconnect

How security teams can bridge the gap between short-term profits and long-term business needs.

https://www.darkreading.com/endpoint-security/addressing-the-cybersecurity-vendor-ecosystem-disconnect

Santander Falls Victim to Data Breach Involving Third-Party ...

2024-05-16T21:25:40Z

Santander Falls Victim to Data Breach Involving Third-Party Provider

The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.

https://www.darkreading.com/cyberattacks-data-breaches/santander-falls-victim-to-data-breach-involving-third-party-provider

US AI Experts Targeted in SugarGh0st RAT Campaign Researchers ...

2024-05-16T20:26:05Z

US AI Experts Targeted in SugarGh0st RAT Campaign

Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.

https://www.darkreading.com/cyberattacks-data-breaches/us-ai-experts-targeted-in-sugargh0st-rat-campaign

GE Ultrasound Gear Riddled With Bugs, Open to Ransomware ...

2024-05-16T19:50:57Z

GE Ultrasound Gear Riddled With Bugs, Open to Ransomware &amp; Data Theft

Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.

https://www.darkreading.com/vulnerabilities-threats/ge-ultrasound-gear-riddled-with-bugs-open-to-ransomware-data-theft

Asian Threat Actors Use New Techniques to Attack Familiar Targets ...

2024-05-16T19:50:49Z

Asian Threat Actors Use New Techniques to Attack Familiar Targets

Generative AI and software supply chain attacks are being exploited to disrupt, manipulate, and steal.

https://www.darkreading.com/cyberattacks-data-breaches/asian-threat-actors-use-new-techniques-to-attack-familiar-targets

FCC Reveals 'Royal Tiger' Robocall Campaign In a ...

2024-05-16T14:52:42Z

FCC Reveals 'Royal Tiger' Robocall Campaign

In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.

https://www.darkreading.com/vulnerabilities-threats/fcc-deems-royal-tiger-robocall-campaign-a-communications-threat

The Fall of the National Vulnerability Database Since its ...

2024-05-16T14:26:43Z

The Fall of the National Vulnerability Database

Since its inception, three key factors have affected the NVD's ability to classify security concerns — and what we're experiencing now is the result.

https://www.darkreading.com/vulnerabilities-threats/fall-of-national-vulnerability-database

Windows Quick Assist Anchors Black Basta Ransomware Gambit When ...

2024-05-16T13:51:17Z

Windows Quick Assist Anchors Black Basta Ransomware Gambit

When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.

https://www.darkreading.com/threat-intelligence/windows-quick-assist-anchors-black-basta-ransomware

Google's AI Watermarks Will Identify Deepfakes The SynthID ...

2024-05-16T12:52:24Z

Google's AI Watermarks Will Identify Deepfakes

The SynthID line of watermarking techniques can be used to identify AI-generated images, video, and text.

https://www.darkreading.com/cloud-security/google-ai-watermarks-identify-deepfakes

Patch Now: Another Google Zero-Day Under Exploit in the Wild ...

2024-05-16T12:52:16Z

Patch Now: Another Google Zero-Day Under Exploit in the Wild

Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.

https://www.darkreading.com/vulnerabilities-threats/patch-now-google-zero-day-exploit

Nigeria Halts Cybersecurity Tax After Public Outrage In the midst ...

2024-05-16T08:00:59Z

Nigeria Halts Cybersecurity Tax After Public Outrage

In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity.

https://www.darkreading.com/cyber-risk/nigeria-halts-cybersecurity-tax-after-public-outrage

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security ...

2024-05-15T21:50:40Z

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings

https://www.darkreading.com/cybersecurity-operations/palo-alto-networks-and-ibm-to-jointly-provide-ai-powered-security-offerings

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks ...

2024-05-15T21:50:31Z

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

https://www.darkreading.com/endpoint-security/flaw-in-wi-fi-standard-can-enable-ssid-confusion-attacks

Alkira Raises $100M in Series C Funding to Simplify, Secure and ...

2024-05-15T21:25:30Z

Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure

https://www.darkreading.com/cybersecurity-operations/alkira-raises-100m-in-series-c-funding-to-simplify-secure-and-scale-critical-network-infrastructure

Notice of a Data Breach ...

2024-05-15T21:25:21Z

Notice of a Data Breach

https://www.darkreading.com/cyberattacks-data-breaches/notice-of-a-data-breach

FBI, DoJ Shut Down BreachForums, Launch Investigation Instead of ...

2024-05-15T20:50:50Z

FBI, DoJ Shut Down BreachForums, Launch Investigation

Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.

https://www.darkreading.com/threat-intelligence/fbi-doj-shut-down-breachforums-launch-investigation

Scammers Fake DocuSign Templates to Blackmail & Steal ...

2024-05-15T20:50:42Z

Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise.

https://www.darkreading.com/threat-intelligence/scammers-fake-docusign-templates-blackmail-steal-companies

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day A ...

2024-05-15T15:51:15Z

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day

A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.

https://www.darkreading.com/vulnerabilities-threats/d-link-routers-vulnerable-to-takeover-via-exploit-for-zero-day

3 Tips for Becoming the Champion of Your Organization's AI ...

2024-05-15T14:01:37Z

3 Tips for Becoming the Champion of Your Organization's AI Committee

CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success.

https://www.darkreading.com/cybersecurity-operations/3-tips-for-becoming-champion-of-your-organization-ai-committee

Top 5 Most Dangerous Cyber Threats in 2024 SANS Institute experts ...

2024-05-15T03:26:29Z

Top 5 Most Dangerous Cyber Threats in 2024

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024

Singapore Cybersecurity Update Puts Cloud Providers on Notice The ...

2024-05-15T01:01:33Z

Singapore Cybersecurity Update Puts Cloud Providers on Notice

The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.

https://www.darkreading.com/cyber-risk/singapore-cybersecurity-update-puts-cloud-providers-on-notice

Microsoft Windows DWM Zero-Day Poised for Mass Exploit ...

2024-05-14T22:51:06Z

Microsoft Windows DWM Zero-Day Poised for Mass Exploit

CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.

https://www.darkreading.com/vulnerabilities-threats/microsoft-windows-dwm-zero-day-mass-exploit

Unprotected Session Tokens Can Undermine FIDO2 Security While the ...

2024-05-14T21:50:34Z

Unprotected Session Tokens Can Undermine FIDO2 Security

While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.

https://www.darkreading.com/identity-access-management-security/unprotected-session-tokens-can-undermine-fido2-security

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance ...

2024-05-14T20:50:48Z

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs

Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.

https://www.darkreading.com/threat-intelligence/fbi-closes-in-scattered-spider-attacks-finance-insurance-orgs

A Cost-Effective Encryption Strategy Starts With Key Management ...

2024-05-14T20:25:57Z

A Cost-Effective Encryption Strategy Starts With Key Management

Key management is more complex than ever. Your choices are: Rely on your cloud provider or manage keys locally; Encrypt only the most critical data; Or encrypt everything.

https://www.darkreading.com/cloud-security/a-cost-effective-encryption-strategy-starts-with-key-management

Dangerous Google Chrome Zero-Day Allows Sandbox Escape Exploit ...

2024-05-14T16:50:51Z

Dangerous Google Chrome Zero-Day Allows Sandbox Escape

Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.

https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape

DNS Tunneling Abuse Expands to Tracking & Scanning ...

2024-05-14T14:25:56Z

DNS Tunneling Abuse Expands to Tracking & Scanning Victims

Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities and find new ways to compromise organizations.

https://www.darkreading.com/cyberattacks-data-breaches/dns-tunneling-abuse-expands-tracking-scanning-victims

There Is No Cyber Labor Shortage There are plenty of valuable ...

2024-05-14T14:00:28Z

Heartbleed: When Is It Good to Name a Vulnerability? Ten years ...

2024-05-14T12:51:55Z

Heartbleed: When Is It Good to Name a Vulnerability?

Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately.

https://www.darkreading.com/vulnerabilities-threats/heartbleed-when-is-it-good-to-name-a-vulnerability

500 Victims In, Black Basta Reinvents With Novel Vishing Strategy ...

2024-05-13T21:25:54Z

500 Victims In, Black Basta Reinvents With Novel Vishing Strategy

Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.

https://www.darkreading.com/cyberattacks-data-breaches/500-victims-later-black-basta-reinvents-novel-vishing-strategy

Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations ...

2024-05-13T20:25:40Z

Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations

At least 15 television channels were interrupted in Ukraine alone, which, reportedly, is not out of the norm in this "information war."

https://www.darkreading.com/cyberattacks-data-breaches/ukrainian-latvian-tv-hijacked-to-broadcast-russian-celebrations

IntelBroker Nabs Europol Info; Agency Investigating Europe's ...

2024-05-13T16:51:32Z

IntelBroker Nabs Europol Info; Agency Investigating

Europe's cross-border law enforcement agency says the well-known hacking outfit, contrary to claims, did not access operational data.

https://www.darkreading.com/cyberattacks-data-breaches/intelbroker-nabs-europol-info-agency-investigating

Why Tokens Are Like Gold for Opportunistic Threat Actors When ...

2024-05-13T14:25:51Z

Why Tokens Are Like Gold for Opportunistic Threat Actors

When setting authentication token expiry policies, always lean in to security over employee convenience.

https://www.darkreading.com/cyberattacks-data-breaches/why-tokens-are-like-gold-for-opportunistic-threat-actors

Millions of IoT Devices at Risk from Flaws in Integrated Cellular ...

2024-05-10T22:50:35Z

Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem

Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.

https://www.darkreading.com/ics-ot-security/millions-of-iot-devices-at-risk-from-flaws-in-integrated-cellular-modem

CISO as a CTO: When and Why It Makes Sense Enterprises are ...

2024-05-10T18:50:56Z

CISO as a CTO: When and Why It Makes Sense

Enterprises are increasingly recognizing that the CISO's skills and experience building risk-based cyber programs translate well to other C-suite positions.

https://www.darkreading.com/cybersecurity-careers/ciso-as-a-cto-when-and-why-it-makes-sense

Reality Defender Wins RSAC Innovation Sandbox Competition In a ...

2024-05-10T18:25:59Z

Reality Defender Wins RSAC Innovation Sandbox Competition

In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender stood out for its tool for detecting and labeling deepfakes and other artificial content.

https://www.darkreading.com/cyber-risk/reality-defender-wins-rsac-innovation-sandbox

Is CISA's Secure by Design Pledge Toothless? CISA's ...

2024-05-10T18:25:51Z

Is CISA's Secure by Design Pledge Toothless?

CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.

https://www.darkreading.com/cybersecurity-operations/rsa-2024-cisa-secure-design-pledge-necessary-toothless

Ascension Healthcare Suffers Major Cyberattack The attack cut off ...

2024-05-10T16:50:22Z

Ascension Healthcare Suffers Major Cyberattack

The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.

https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack

Dark Reading 'Drops' Its First Podcast Our brand-new ...

2024-05-10T15:50:50Z

Dark Reading 'Drops' Its First Podcast

Our brand-new podcast, Dark Reading Confidential, has officially launched. You don't want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who ...

https://www.darkreading.com/cyber-risk/dark-reading-drops-its-first-podcast

Dark Reading Confidential: The CISO and the SEC Episode 1 of Dark ...

2024-05-10T15:25:51Z

Dark Reading Confidential: The CISO and the SEC

Episode 1 of Dark Reading Confidential brings Frederick “Flee” Lee, CISO of Reddit, Beth Burgin Waller, a practicing cyber attorney who represents many CISOs, and Ben Lee, Chief Legal Officer of Reddi...

https://www.darkreading.com/cyber-risk/dark-reading-confidential-the-ciso-and-the-sec

You've Been Breached: What Now? Breaches are inevitable. Here ...

2024-05-10T14:00:48Z

You've Been Breached: What Now?

Breaches are inevitable. Here are four steps to recovery and future-proofing your business.

https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now

Cybersecurity in a Race to Unmask a New Wave of AI-Borne ...

2024-05-10T13:00:46Z

Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes

Kevin Mandia, CEO of Mandiant at Google Cloud, calls for content "watermarks" as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic.

https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes

CISA Courts Private Sector to Get Behind CIRCIA Reporting Rules ...

2024-05-10T00:28:10Z

CISA Courts Private Sector to Get Behind CIRCIA Reporting Rules

New regulations will require the private sector to turn over incident data to CISA within three days or face enforcement. Here's how the agency is presenting this as a benefit to the entire private se...

https://www.darkreading.com/cybersecurity-operations/cisa-courts-private-sector-to-get-behind-circia-reporting-rules

'The Mask' Espionage Group Resurfaces After 10-Year ...

2024-05-09T21:50:48Z

'The Mask' Espionage Group Resurfaces After 10-Year Hiatus

Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.

https://www.darkreading.com/cyberattacks-data-breaches/-the-mask-espionage-group-resurfaces-after-10-year-hiatus

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden ...

2024-05-09T21:25:14Z

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

F5 customers should patch immediately, though even that won't protect them from every problem with their networked devices.

https://www.darkreading.com/application-security/2-or-5-bugs-in-f5-asset-manager-allow-full-takeover-hidden-accounts

CyberProof Announces Strategic Partnership With Google Cloud ...

2024-05-09T20:25:22Z

CyberProof Announces Strategic Partnership With Google Cloud

https://www.darkreading.com/cloud-security/cyberproof-announces-strategic-partnership-with-google-cloud

Nostr notes by darkreading

SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar ...

Seizing Control of the Cloud Security Cockpit Much like an ...

Concentric AI to Unveil Data Security Remediation and Compliance ...

Bugcrowd Acquires Informer to Enhance Attack Surface Management, ...

MIT Brothers Charged With Exploiting Ethereum to Steal $25 ...

Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack ...

Stalkerware App With Security Bug Discovered on Hotel Systems The ...

New Gift Card Scam Targets Retailers, Not Buyers, to Print ...

New Mindset Needed for Large Language Models With the right mix ...

Critical Flaw in Replicate AI Platform Exposes Proprietary Data ...

Persistent Burnout Is Still a Crisis in Cybersecurity Burnout has ...

China APT Stole Geopolitical Secrets From Middle East, Africa ...

US Pumps $50M Into Better Healthcare Cyber Resilience Upgrade, an ...

GitHub Authentication Bypass Opens Enterprise Server to Attackers ...

Snowflake&amp;apos;s Anvilogic Investment Signals Changes in ...

Trends at the 2024 RSA Startup Competition Startups at Innovation ...

Novel EDR-Killing &amp;apos;GhostEngine&amp;apos; Malware ...

Chinese &amp;apos;ORB&amp;apos; Networks Conceal APTs, ...

Preparing Your Organization for Upcoming Cybersecurity Deadlines ...

Critical Netflix Genie Bug Opens Big Data Orchestration to RCE ...

Outsourcing Security Without Increasing Risk Few enterprises have ...

SAGE Cyber Launches CISO Planning Tool As a newly independent ...

WitnessAI Launches With Guardrails for AI AI safety platform ...

Picking the Right Database Tech for Cybersecurity Defense Graph ...

Iran APTs Tag Team Espionage, Wiper Attacks Against Israel ...

YouTube Becomes Latest Battlefront for Phishing, Deepfakes ...

EPA Puts Teeth Into Water Sector Cyber Efforts The agency plans ...

Name That Toon: Buzz Kill Feeling creative? Submit your caption ...

Russia&amp;apos;s Turla APT Abuses MSBuild to Deliver ...

Can Cybersecurity Be a Unifying Factor in Digital Trade ...

Transforming CISOs into Storytellers Faced with chilling new SEC ...

OpenSSF Siren to Share Threat Intelligence for Open Source ...

DoJ Shakes Up North Korea&amp;apos;s Widespread IT Freelance ...

Google Pitches Workspace as Microsoft Email Alternative, Citing ...

CyberArk Picks Up Machine Identity Manager Venafi For $1.54B The ...

ZeroRisk Cybersecurity Expands Global Presence With US Launch ...

Deepfakes Rank As the Second Most Common Cybersecurity Incident ...

Data Breach Response Provider, CyEx, Acquires Settlement ...

HP Catches Cybercriminals ...

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud ...

NRECA Receives $4M in DOE Funding to Boost Electric Co-op ...

Students Spot Washing Machine App Flaw That Gives Out Free Cycles ...

What American Enterprises Can Learn From Europe&amp;apos;s ...

Android Banking Trojan Antidot Disguised as Google Play Update ...

CISOs Grapple With IBM&amp;apos;s Unexpected Cybersecurity ...

CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC ...

Intel Discloses Max Severity Bug in Its AI Model Compression ...

10 Ways a Digital Shield Protects Apps and APIs Layers of ...

SEC Adds New Incident Response Rules for Financial Sector ...

400K Linux Servers Recruited by Resurrected Ebury Botnet ...

CISOs and Their Companies Struggle to Comply With SEC Disclosure ...

Whose Data Is It Anyway? Equitable Access in Cybersecurity ...

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days A number of ...

There Is No Cyber Labor Shortage There are plenty of valuable ...

Addressing the Cybersecurity Vendor Ecosystem Disconnect How ...

Santander Falls Victim to Data Breach Involving Third-Party ...

US AI Experts Targeted in SugarGh0st RAT Campaign Researchers ...

GE Ultrasound Gear Riddled With Bugs, Open to Ransomware ...

Asian Threat Actors Use New Techniques to Attack Familiar Targets ...

FCC Reveals 'Royal Tiger' Robocall Campaign In a ...

The Fall of the National Vulnerability Database Since its ...

Windows Quick Assist Anchors Black Basta Ransomware Gambit When ...

Google's AI Watermarks Will Identify Deepfakes The SynthID ...

Patch Now: Another Google Zero-Day Under Exploit in the Wild ...

Nigeria Halts Cybersecurity Tax After Public Outrage In the midst ...

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security ...

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks ...

Alkira Raises $100M in Series C Funding to Simplify, Secure and ...

Notice of a Data Breach ...

FBI, DoJ Shut Down BreachForums, Launch Investigation Instead of ...

Scammers Fake DocuSign Templates to Blackmail &amp; Steal ...

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day A ...

3 Tips for Becoming the Champion of Your Organization's AI ...

Top 5 Most Dangerous Cyber Threats in 2024 SANS Institute experts ...

Singapore Cybersecurity Update Puts Cloud Providers on Notice The ...

Microsoft Windows DWM Zero-Day Poised for Mass Exploit ...

Unprotected Session Tokens Can Undermine FIDO2 Security While the ...

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance ...

A Cost-Effective Encryption Strategy Starts With Key Management ...

Snowflake's Anvilogic Investment Signals Changes in ...

Novel EDR-Killing 'GhostEngine' Malware ...

Chinese 'ORB' Networks Conceal APTs, ...

Russia's Turla APT Abuses MSBuild to Deliver ...

DoJ Shakes Up North Korea's Widespread IT Freelance ...

What American Enterprises Can Learn From Europe's ...

CISOs Grapple With IBM's Unexpected Cybersecurity ...

Scammers Fake DocuSign Templates to Blackmail & Steal ...

DNS Tunneling Abuse Expands to Tracking & Scanning ...