Hackers Weaponize SEC Disclosure Rules Against Corporate Targets
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.
https://www.darkreading.com/risk/alphv-ransomware-group-files-sec-complaint-against-own-victim
CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season
VicOne and Block Harbor Deliver Integrated Workflow-Based Cybersecurity System
British Library Confirms Ransomware Attack Caused Outages
The library said that it expects many of its services to be restored in the forthcoming weeks.
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enfor...
https://www.darkreading.com/attacks-breaches/hack-for-hire-group-sprawling-web-global-cyberattacks
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
https://www.darkreading.com/dr-tech/actions-to-take-to-defeat-initial-access-brokers
Hands Off the Security Budget! Find Efficiencies to Reduce Risk
Security budgets will benefit from new priorities, streamlined responses rather than wholesale cost-cutting in light of cyberattacks and increased regulatory requirements.
https://www.darkreading.com/risk/hands-off-the-security-budget-find-efficiencies-reduce-risk
Detection & Response That Scales: A 4-Pronged Approach
Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.
https://www.darkreading.com/endpoint/detection-response-that-scales-4-pronged-approach
IT Pros Worry Generative AI Will Be a Major Driver of Cybersecurity Threats
Organizations are concerned about generative AI technologies as being a major driver of cybersecurity threats in 2024.
Cybersecurity Investment Involves More Than Just Technology
Cybersecurity investment involves more than just buying security technologies — organizations are also looking at threat intelligence, risk assessment, cyber-insurance, and third-party risk management...
https://www.darkreading.com/tech-trends/cybersecurity-investment-more-than-technology
Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass
There's no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.
https://www.darkreading.com/application-security/dangerous-apache-activemq-exploit-edr-bypass
'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
Consumer Software Security Assessment: Should We Follow NHTSA's Lead?
Vehicles are required to meet basic safety standards. Having similar requirements for software would give consumers greater control over their privacy and security.
'Randstorm' Bug: Millions of Crypto Wallets Open to Theft
The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks.
https://www.darkreading.com/application-security/randstorm-bug-crypto-wallets-theft
Unpatched Critical Vulnerabilities Open AI Models to Takeover
The security holes can allow server takeover, information theft, model poisoning, and more.
Despite Hype, the Password-Free Workplace Is Still a Long Way Off
More than half of organizations are nowhere near ditching passwords, even as cyberattackers continue to have a field day with workers' poor credential choices.
https://www.darkreading.com/endpoint/password-free-workplace-long-way-off
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide
At least four separate campaigns against CVE-2023-37580 in the popular Zimbra Collaboration Suite aimed to siphon up reams of sensitive mail data.
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving
Cybercriminals are playing both sides with simple disaster scams, and it's working.
https://www.darkreading.com/dr-global/fbi-warns-five-weeks-in-gaza-email-scams-still-thriving
3 Ways Behavioral Economics Obstructs Cybersecurity
People are not robots; their decisions are based on emotion as much as data. Often, this can lead them to make mistakes with serious security implications for the business.