Making the Case for Cryptographic Agility and Orchestration
Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity.
https://www.darkreading.com/dr-tech/making-the-case-for-cryptographic-agility-and-orchestration
DigiCert Announces Comprehensive Discovery of Cryptographic Assets
Appdome Announces Attack Evaluation Tools in Digital Economy's Mobile XDR
BlackBerry Unveils Next-Generation UEM Redefining the Endpoint Management Market
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
A plurality of the targets in the ongoing campaign have been based in the Americas.
Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime's Chagrin
Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming. language.
https://www.darkreading.com/cloud/microsoft-retire-vbscript-cybercrime-chagrin
Brands Beware: X's New Badge System Is a Ripe Cyber-Target
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
https://www.darkreading.com/application-security/x-twitter-new-badge-system-cyber-target
Simpson Manufacturing Launches Investigation After Cyberattack
The company has taken down its systems in an effort to determine the scope of the attack.
The Cyberwar Between the East and the West Goes Through Africa
By working cooperatively, the West and Africa can mobilize to tackle nation-state-backed cyber threats.
https://www.darkreading.com/dr-global/the-cyberwar-between-the-east-and-the-west-goes-through-africa
Backdoor Lurks Behind WordPress Caching Plugin to Hijack Websites
Evasive malware disguised as a caching plugin allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy.
Protect Critical Infrastructure With Same Rigor as Classified Networks
Government security processes are often viewed as tedious and burdensome — but applying the lessons learned from them is imperative for private industry to counter a nation-state threat.
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023
Cisco's $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach
Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs.
How to Scan Your Environment for Vulnerable Versions of Curl
This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environment.
https://www.darkreading.com/dr-tech/how-to-scan-environment-vulnerable-curl
New California Delete Act Tightens Rules for Data Brokers
Companies with customers in California need to prepare for a new process for demanding deletion of personal data.
https://www.darkreading.com/edge/new-california-delete-act-tightens-rules-data-brokers
Pan-African Financial Apps Leak Encryption, Authentication Keys
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.
https://www.darkreading.com/dr-global/pan-african-financial-apps-leak-encryption-authentication-keys
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
Curl Bug Hype Fizzles After Patching Reveal
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.
https://www.darkreading.com/vulnerabilities-threats/curl-bug-hype-fizzles-after-patching-reveal
Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
https://www.darkreading.com/cloud/cloud-security-demand-cyber-firm-valuations-and-deals