SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats
Seizing Control of the Cloud Security Cockpit
Much like an airplane's dashboard, configurations are the way we control cloud applications and SaaS tools. It's also the entry point for too many security threats. Here are some ideas for making the ...
https://www.darkreading.com/cloud-security/seizing-control-cloud-security-configuration-cockpit
Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024
Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing
MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million
The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency?
Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack
With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials.
Stalkerware App With Security Bug Discovered on Hotel Systems
The spyware is able to capture screenshots of a user's device every few seconds from any location globally.
https://www.darkreading.com/cyber-risk/stalkerware-app-with-security-bug-discovered-on-hotel-systems
New Gift Card Scam Targets Retailers, Not Buyers, to Print Endless $$$
Microsoft researchers discover an old-timey scam with a facelift for the cloud era: hacking retailers' portals to make it rain gift cards.
New Mindset Needed for Large Language Models
With the right mix of caution, creativity, and commitment, we can build a future where LLMs are not just powerful, but also fundamentally trustworthy.
https://www.darkreading.com/cybersecurity-operations/new-mindset-needed-for-large-language-models
Critical Flaw in Replicate AI Platform Exposes Proprietary Data
The finding underscores the challenges of protecting data from multiple customers across AI-as-a-service solutions, especially in environments that run AI models from untrusted sources.
Persistent Burnout Is Still a Crisis in Cybersecurity
Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry?
China APT Stole Geopolitical Secrets From Middle East, Africa & Asia
One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.
US Pumps $50M Into Better Healthcare Cyber Resilience
Upgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care.
GitHub Authentication Bypass Opens Enterprise Server to Attackers
The max-severity bug affects versions using the SAML single sign-on mechanism.
Snowflake's Anvilogic Investment Signals Changes in SIEM Market
Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC ...
Trends at the 2024 RSA Startup Competition
Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models.
https://www.darkreading.com/vulnerabilities-threats/trends-at-2024-rsa-startup-competition
Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth
The previously unknown malware (aka Hidden Shovel) is a ghost in the machine: It silently attacks kernel drivers to shut down security defense systems and thus evade detection.
https://www.darkreading.com/cyberattacks-data-breaches/novel-edr-killing-ghostengine-malware-stealth
Chinese 'ORB' Networks Conceal APTs, Render Static IoCs Irrelevant
Mandiant warns that defenders must rethink how to thwart Chinese cyber-espionage groups now using professional "infrastructure-as-a-service" operational relay box networks of virtual private servers a...
Preparing Your Organization for Upcoming Cybersecurity Deadlines
Federal and state regulators have introduced new rules and mandates aimed at holding organizations accountable when it comes to cybersecurity. Here's how to get ready.
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections t...