How to Measure Patching and Remediation Performance
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.
https://www.darkreading.com/risk/how-to-measure-patching-and-remediation-performance
Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
Russian hacktivist attacks are mostly for show, but sometimes they cause serious damage and are poised to begin getting worse.
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024
Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.
USPS Anchors Snowballing Smishing Campaigns
Researchers found 164 domains connected to a single threat actor located in Tehran.
https://www.darkreading.com/threat-intelligence/usps-smishing-campaigns
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.
https://www.darkreading.com/cloud/fast-growing-dropbox-campaign-microsoft-sharepoint-credentials
Name That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
https://www.darkreading.com/edge-articles/name-that-edge-toon-office-artifacts
Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.
In Search of Rust Developers, Companies Turn to In-House Training
Google, Fortanix, and other firms have aimed to train a cadre of Rust developers, betting that the additional cost will be offset by security savings.
https://www.darkreading.com/edge/seeking-rust-developers-in-house-training
Nexusflow Launches to Help Automate the SOC
The startup claims its private AI software is working on making decisions based on generalizing from examples.
https://www.darkreading.com/dr-tech/nexusflow-launches-to-help-automate-the-soc
Secure Yeti Appoints Jayson E. Street as Chief Adversarial Officer to Spearhead Cybersecurity Empowerment
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally
North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
The Lazarus Group's "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.
https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace
KillNet Claims DDoS Attack Against Royal Family Website
The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.
https://www.darkreading.com/cloud/killnet-ddos-attack-royal-family-website
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.
https://www.darkreading.com/application-security/norway-urges-europe-wide-ban-meta-targeted-ad-data
Addressing AI and Security Challenges With Red Teams: A Google Perspective
Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments.
Iran-Linked APT34 Spy Campaign Targets Saudis
The Menorah malware can upload and download files, as well as execute shell commands.
https://www.darkreading.com/dr-global/iran-linked-apt34-spy-campaign-targets-saudis
Which DFIR Challenges Does the Middle East Face?
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?
https://www.darkreading.com/dr-global/which-dfir-challenges-does-middle-east-face
Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.