300K Internet Hosts at Risk for 'Devastating' Loop DoS Attack

Attackers can create a self-perpetuating, infinite scenario in such a way that volumes of traffic overwhelm network resources indefinitely.

https://www.darkreading.com/cloud-security/300k-internet-hosts-at-risk-for-devastating-loop-dos-attack

1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk

A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of the top cloud services.

https://www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk

Cyber Warfare: Understanding New Frontiers in Global Conflicts

An arms race is developing between those using technology to target adversaries and those using it prevent attacks from succeeding.

https://www.darkreading.com/cyberattacks-data-breaches/cyber-warfare-understanding-new-frontiers-in-global-conflicts

Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK

Ensuring that traffic visibility covers both client-server and server-server communication helps NetOps teams to analyze and spot potential threats early to avoid catastrophic effects.

https://www.darkreading.com/cybersecurity-operations/using-east-west-network-visibility-detect-threats-mitre-attck

United Arab Emirates Faces Intensified Cyber-Risk

The UAE leads the Middle East in digital-transformation efforts, but slow patching and legacy technology continue to thwart its security posture.

https://www.darkreading.com/cyber-risk/united-arab-emirates-faces-intensified-cyber-risk

Federal Warning Highlights Cyber Vulnerability of US Water Systems

The White House urged operators of water and wastewater systems to review and beef up their security controls against attacks by Iran- and China-based groups.

https://www.darkreading.com/ics-ot-security/new-us-warning-highlights-vulnerability-of-us-water-systems-to-cyberattacks

Tax Hackers Blitz Small Business With Phishing Emails

Armed with little more than an email address, scammers are trying to trick small businesses and the self employed into giving up Social Security numbers.

https://www.darkreading.com/threat-intelligence/tax-cons-targeting-small-business-with-phishing-emails

Pathlock Introduces Continuous Controls Monitoring to Reduce Time and Costs

https://www.darkreading.com/cyber-risk/pathlock-introduces-continuous-controls-monitoring-to-reduce-time-and-costs

Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients

https://www.darkreading.com/cybersecurity-operations/deloitte-launches-cybersphere-platform-to-simplify-cyber-operations-for-clients

Akamai Research Finds 29% of Web Attacks Target APIs

https://www.darkreading.com/application-security/akamai-research-finds-29-of-web-attacks-target-apis

Kaspersky Identifies Three New Android Malware Threats

https://www.darkreading.com/endpoint-security/kaspersky-identifies-three-new-android-malware-threats

India's Android Users Hit by Malware-as-a-Service Campaign

Hackers are seeking sensitive personal information on user devices, including banking data and SMS messages.

https://www.darkreading.com/cyberattacks-data-breaches/hackers-target-android-users-in-india-through-maas-campaign

Don't Answer the Phone: Inside a Real-Life Vishing Attack

Successful attackers focus on the psychological manipulation of human emotions, which is why anyone, even a tech-savvy person, can become a victim.

https://www.darkreading.com/cyberattacks-data-breaches/dont-answer-phone-inside-real-life-vishing-attack

After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive

Law enforcement action hasn't eradicated ransomware groups, but it has shaken up the cyber underground and sown distrust among thieves.

https://www.darkreading.com/threat-intelligence/after-lockbit-alphv-takedowns-raas-recruiting-drive

'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign

Unsophisticated threat actor is targeting Russian companies with both readily available malware and authentic software.

https://www.darkreading.com/threat-intelligence/fluffy-wolf-spreads-meta-stealer-in-corporate-phishing-campaign

AI Won't Solve Cybersecurity's Retention Problem

To fix retention and skills gaps, we need to encourage more women and minorities to build careers in cybersecurity.

https://www.darkreading.com/cybersecurity-operations/ai-wont-solve-cybersecuritys-retention-problem

Connectivity Standards Alliance Meets Device Security Challenges With a Unified Standard and Certification

The new IoT Device Security Specification 1.0, with accompanying certification, aims to offer a unified industry standard and increase consumer awareness.

https://www.darkreading.com/ics-ot-security/connectivity-standards-alliance-meets-device-security-challenges-with-a-unified-standard-and-certification

Detecting Cloud Threats With CloudGrappler

The open-source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments.

https://www.darkreading.com/cloud-security/detecting-cloud-threats-with-cloudgrappler

Hackers Posing as Law Firms Phish Global Orgs in Multiple Languages

Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware.

https://www.darkreading.com/cyberattacks-data-breaches/hackers-posing-law-firms-phish-global-orgs-multiple-languages

Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyberattacks

Russia's government is pretending to be other governments in emails, with an eye toward stealing strategic intel.

https://www.darkreading.com/threat-intelligence/russian-intelligence-targets-victims-worldwide-in-rapid-fire-cyberattacks