SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity
Expel-sponsored research unveils how companies measure SOC performance and the frameworks they rely on to assess and guide their security strategies
Salvador Technologies Raises $6M to Empower Cyber Resilience in Operational Technologies and Critical Infrastructures
Salvador Technologies' platform prevents downtime damages and enables full operational recovery and continuity in just 30 seconds.
Feds Snarl ALPHV/BlackCat Ransomware Operation
Dark Web chatter indicates that Scattered Spider worked with the FBI to take down the BlackCat/ALPHV operation.
https://www.darkreading.com/cybersecurity-operations/feds-snarl-alphv-blackcat-ransomware-operation
Fresh Qakbot Sightings Confirm Recent Takedown Was a Temporary Setback
Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry.
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected
A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File
Attackers can chain the vulnerabilities to gain full remote code execution.
Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover
The most critical of the bugs gives attackers privileged access to the local Windows system, paving the way for unauthenticated RCE and installing backdoors.
Why I Chose Google Bard to Help Write Security Policies
Large language models (LLMs) like Bard and ChatGPT can help produce simpler, more readable security documentation in a fraction of the time it takes to do it manually.
Israel Blames Iran for Hospital Data Breach
Israeli intelligence said a cyber unit of Hezbollah also was involved in the cyberattack.
https://www.darkreading.com/cyberattacks-data-breaches/israel-blames-iran-for-hospital-data-breach
Changing How We Think About Technology
To make real change, organizations need to augment logical thinking with critical thinking.
https://www.darkreading.com/cybersecurity-operations/changing-how-we-think-about-technology
Unsung GitHub Features Anchor Novel Hacker C2 Infrastructure
More and more hackers are choosing to host their malicious campaigns from public services, and they're pioneering new ways of doing it.
What Do CISOs Have to Do to Meet New SEC Regulations?
As stringent new SEC reporting rules take effect, CISOs need to assess internal processes and understand their responsibilities. But there's a bright side.
API Security: The Big Picture
Hype won't solve operational security problems. Here are 10 important points to consider when evaluating API security solutions.
https://www.darkreading.com/application-security/api-security-the-big-picture
ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director
Zero Networks Raises $20M in Series B to Prevent Attackers from Spreading in Corporate Networks
U.S. Venture Partners leads the round, CrowdStrike co-founder participating.
Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE
Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.
https://www.darkreading.com/cloud-security/unpatched-gwt-vuln-leaves-apps-open-server-side-rce
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks
Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.
https://www.darkreading.com/cloud-security/millions-microsoft-accounts-power-automated-cyberattacks
Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them?
Zoom's Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?
https://www.darkreading.com/application-security/putting-dollar-value-vulnerabilities-prioritize
Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections
Attackers can spoof millions of email addresses to create targeted phishing attacks using flaws in Microsoft, GTX, and Cisco Secure Email Gateway servers.
Name That Toon: Just for Kicks
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
https://www.darkreading.com/cloud-security/name-that-toon-just-for-kicks