Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
Permira to Acquire Majority Position in BioCatch at $1.3B Valuation
GAO: NASA Faces 'Inconsistent' Cybersecurity Across Spacecraft
The space agency needs to implement stricter policies and standards when it comes to its cybersecurity practices, but doing so the wrong way would put machinery at risk, a federal review found.
REvil Affiliate Off to Jail for Multimillion-Dollar Ransomware Scheme
Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
https://www.darkreading.com/application-security/critical-gitlab-bug-exploit-account-takeover-cisa
New AI Security Startup Apex Secures AI Models, Apps
The AI security startup’s platform will allow organizations to define appropriate AI usage and enforce security policies.
https://www.darkreading.com/cyber-risk/new-ai-security-startup-apex-secures-ai-models-apps
Innovation, Not Regulation, Will Protect Corporations From Deepfakes
If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately.
Mimic Launches With New Ransomeware Defense Platform
The new startup’s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours.
https://www.darkreading.com/endpoint-security/mimic-launches-with-new-ransomeware-defense-platform
Billions of Android Devices Open to 'Dirty Stream' Attack
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager,...
https://www.darkreading.com/cloud-security/billions-android-devices-open-dirty-stream-attack
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn
Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.
https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warn
Software Security: Too Little Vendor Accountability, Experts Say
Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products.
Hacker Sentenced After Years of Extorting Psychotherapy Patients
Two years after a warrant went out for his arrest, Aleksanteri Kivimäki finally has been found guilty of thousands of counts of aggravated attempted blackmail, among other charges.
The Psychological Underpinnings of Modern Hacking Techniques
The tactics employed by hackers today aren't new; they're simply adapted for the digital age, exploiting the same human weaknesses that have always existed.
Dropbox Breach Exposes Customer Credentials, Authentication Data
Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
Name That Edge Toon: Puppet Master
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
https://www.darkreading.com/vulnerabilities-threats/name-that-edge-toon-mini-me
Safeguarding Your Mobile Workforce
Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.
https://www.darkreading.com/endpoint-security/safeguarding-your-mobile-workforce
Why Haven't You Set Up DMARC Yet?
DMARC adoption is more important than ever following Google's and Yahoo's latest mandates for large email senders. This Tech Tip outlines what needs to be done to enable DMARC on your domain.
https://www.darkreading.com/cybersecurity-operations/tech-tip-why-haven-t-you-set-up-dmarc-yet-
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft
Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.
'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?
A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.
Private Internet Search Is Still Finding Its Way
The quest to keep data private while still being able to search may soon be within reach, with different companies charting their own paths.
https://www.darkreading.com/data-privacy/private-internet-search-is-still-finding-its-way