'Savvy Seahorse' Hackers Debut Novel DNS CNAME Trick
Petty scammers have figured out how to leverage a core function of DNS in order to maintain scalable, stealthy, pliable malicious infrastructure.
'Illusive' Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms
UNC1549, aka Smoke Sandstorm and Tortoiseshell, appears to be the culprit behind a cyberattack campaign customized for each targeted organization.
Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023
U-Haul Reports 67K Customers Impacted by Data Breach
In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach.
Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom
Apple's PQ3 for securing iMessage and Signal's PQXH show how organizations are preparing for a future in which encryption protocols must be exponentially harder to crack.
Russia's 'Midnight Blizzard' Targets Service Accounts for Initial Cloud Access
CISA and its counterparts in the UK and other countries this week offered new guidance on how to deal with the threat actor's recent shift to cloud attacks.
Mexico's 'Timbre Stealer' Campaign Targets Manufacturing
A new infostealer spreading to organizations across Mexico heralds 2024's fresh season of tax-themed phishing attacks.
4 Ways Organizations Can Drive Demand for Software Security Training
Developer-driven security programs place the development team at the center of reducing vulnerabilities.
eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation
Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor.
White House Urges Switching to Memory Safe Languages
The Office of the National Cyber Director technical report focuses on reducing memory-safety vulnerabilities in applications and making it harder for malicious actors to exploit them.
https://www.darkreading.com/application-security/white-house-switch-memory-safe-languages
What Companies & CISOs Should Know About Rising Legal Threats
Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.
https://www.darkreading.com/cyber-risk/what-companies-cisos-should-know-about-rising-legal-threats
China Launches New Cyber-Defense Plan for Industrial Networks
Government will provide additional cybersecurity training and recruit additional cybersecurity talent in an effort to better secure its industrial sector from attacks.
LockBit's Leak Site Reemerges, a Week After 'Complete Compromise'
Is LockBit dead? Law enforcement and the group itself seem to be telling conflicting stories.
Pentera Launches Global Partner Program to Accelerate Growing Channel
Fortress Information Security Deploys Automated Patch Notification and Authenticity Tool
Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows
Delinea to Acquire Fastpath to Revolutionize Privileged Access and Identity Governance
Optiv Accepting Applications for $10K Scholarship
UAC-0184 Targets Ukrainian Entity in Finland With Remcos RAT
The IDAT Loader malware was used to deliver the cyber espionage tool, employing steganography, a seldom-seen technique in real-world attacks.
NIST Releases Cybersecurity Framework 2.0
New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.
https://www.darkreading.com/ics-ot-security/nist-releases-cybersecurity-framework-2-0