The Silent Threat of APIs: What the New Data Reveals About Unknown Risk
The rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.
Securing AI: What You Should Know
Securing AI within your organization starts with understanding how AI differs from traditional business tools. Google's Secure AI Framework provides a model for what to do next.
https://www.darkreading.com/google-cloud-security/securing-ai-what-you-should-know
DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
https://www.darkreading.com/ics-ot/dhs-physical-security-concern-johnson-controls-cyberattack
How Can Your Security Team Help Developers Shift Left?
Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology.
DHS Calls Into Question Physical Security in Johnson Controls Cyberattack
An internal memo notes of DHS floor plans that could have been accessed in the breach.
Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
https://www.darkreading.com/dr-global/spyware-vendor-egyptian-orgs-ios-exploit-chain
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTP...
https://www.darkreading.com/cloud/moveit-progress-critical-bug-ws_ftp-software
Cybersecurity Gaps Plague US State Department, GAO Report Warns
The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring.
https://www.darkreading.com/cloud/cybersecurity-gaps-plague-state-department-gao-report
Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files
Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise.
People Still Matter in Cybersecurity Management
Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting.
https://www.darkreading.com/omdia/people-still-matter-in-cybersecurity-management
7 Ways SMBs Can Secure Their WordPress Sites
This Tech Tip outlines seven easy fixes small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
https://www.darkreading.com/dr-tech/7-ways-smbs-can-secure-their-wordpress-sites
QR Code 101: What the Threats Look Like
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government.
New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
https://www.darkreading.com/vulnerabilities-threats/new-cisco-ios-zero-day-delivers-a-double-punch
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
https://www.darkreading.com/ics-ot/johnson-controls-international-hit-with-massive-ransomware-attack
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World
How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).
Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool
Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware.
Looking Beyond the Hype Cycle of AI/ML in Cybersecurity
Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?
https://www.darkreading.com/vulnerabilities-threats/looking-beyond-hype-cycle-ai-ml-cybersecurity
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.