UnitedHealth Congressional Testimony Reveals Rampant Security Fails
The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change's backup strategy failed.
Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs
Intel 471 Acquires Cyborg Security
https://www.darkreading.com/threat-intelligence/intel-471-acquires-cyborg-security
Shadow APIs: An Overlooked Cyber-Risk for Orgs
Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.
https://www.darkreading.com/application-security/shadow-apis-an-overlooked-cyber-risk-for-orgs
Qantas Customers' Boarding Passes Exposed in Flight App Mishap
Some customers found that they had the ability to cancel a stranger's flight to another country after opening the app, which was showing other individuals' flight details.
https://www.darkreading.com/cyber-risk/qantas-customers-boarding-passes-exposed-flight-app-mishap
'Cuttlefish' Zero-Click Malware Steals Private Cloud Data
The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addre...
https://www.darkreading.com/cloud-security/cuttlefish-zero-click-malware-steals-private-cloud-data
The Cybersecurity Checklist That Could Save Your M&A Deal
With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.
https://www.darkreading.com/cyber-risk/cybersecurity-checklist-that-could-save-your-m-and-a-deal
Facebook at 20: Contemplating the Cost of Privacy
As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.
https://www.darkreading.com/data-privacy/facebook-at-20-contemplating-the-cost-of-privacy
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
Attackers Planted Millions of Imageless Repositories on Docker Hub
The purported metadata for each these containers had embedded links to malicious files.
Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident
London Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again.
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware
USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.
Wireless Carriers Face $200M FCC Fine As Data Privacy Waters Roil
Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data ...
https://www.darkreading.com/cyber-risk/fcc-fines-wireless-carriers-200m-for-sharing-location-data
The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024
Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI.
R Programming Bug Exposes Orgs to Vast Supply Chain Risk
The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
ESET PROTECT Portfolio Now Includes New MDR Tiers and Features
Cybersecurity Is Becoming More Diverse … Except by Gender
While other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion.
Okta: Credential-Stuffing Attacks Spike via Proxy Networks
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers
Tracking code used for keeping tabs on how members navigated through the healthcare giant's online and mobile sites was oversharing a concerning amount of information.
'Muddling Meerkat' Poses Nation-State DNS Mystery
Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its a...
https://www.darkreading.com/threat-intelligence/muddling-meerkat-poses-nation-state-dns-mystery