CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us
In a rapidly evolving cybersecurity landscape, CISOs must take proactive measures to safeguard their careers and mitigate risks associated with their roles.
Securing Remote Workers Through Zero Trust
Dark Reading’s special report look at how enterprises turning to zero trust to harden the security of their remote workforce. Challenges are steep.
https://www.darkreading.com/edge-articles/securing-remote-workers-through-zero-trust
Software Complexity Bedevils Mainframe Security
The high-performance and resilient platforms satisfy critical roles, but software complexity and the graying of the specialist workforce are creating security challenges.
https://www.darkreading.com/dr-tech/software-complexity-bedevils-mainframe-security
Risk Ledger Secures £6.25M to Prevent Cyberattacks on the Supply Chains of Nation's Largest Enterprises
Myrror Security Emerges From Stealth With $6M Seed Round to Prevent Attacks on the Software Development Process
Malwarebytes Launches ThreatDown to Empower Resource Constrained IT Organizations
Marina Bay Sands Becomes Latest Hospitality Cyber Victim
Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment.
https://www.darkreading.com/attacks-breaches/marina-bay-sands-hospitality-cyber-victim
CVSS 4.0 Offers Significantly More Patching Context
The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of it.
https://www.darkreading.com/operations/mileage-orgs-will-get-from-cvss-4-0-will-vary
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
https://www.darkreading.com/threat-intelligence/north-korea-bluenoroff-apt-dumbed-down-macos-malware
Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
Crafting an AI Policy That Safeguards Data Without Stifling Productivity
Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization.
Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors
The attackers also use custom wipers to cover their tracks and bypass EDR.
https://www.darkreading.com/dr-global/iran-linked-agrius-apt-group-israeli-education-tech-sectors
MGM and Caesars Attacks Highlight Social Engineering Risks
Relying on passwords to secure user accounts is a gamble that never pays off.
https://www.darkreading.com/endpoint/mgm-and-caesars-attacks-highlight-social-engineering-risks
Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack
To combat sophisticated threats, we need to improve how we approach authorization and access controls.
https://www.darkreading.com/operations/identity-alone-wont-save-us-tsa-paradigm-mgm-hack
Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud’s Jill C. Tyson offers up timelines, checklists, and other guidance around enterprise-wide readiness to ensure compliance with the new rule.
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
https://www.darkreading.com/cloud/kinsing-cyberattackers-debut-looney-tunables-cloud-exploits
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.
https://www.darkreading.com/black-hat/virtual-kidnapping-ai-tools-enabling-irl-extortion-scams
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks
Previously limited to initial access brokering, the Gootloader group has pivoted to a nasty post-compromise "GootBot" attack, each implant with its own C2.
Novel Google Cloud RAT Uses Calendar Events for C2
Cybercriminals are abusing legitimate functions within cloud services, and providers can't totally stop them, especially when it comes to innovative approaches like this.
https://www.darkreading.com/cloud/google-cloud-rat-calendar-events-command-and-control
Excelsior University Contends for National Cyber League Competition Title