87% of DDoS Attacks Targeted Windows OS Devices in 2023
Aggressive Cloud-Security Player Wiz Scores $1B in Funding Round
The latest round of investment prices the fast-growing cloud native application protection platform (CNAPP) at $12 billion with a simple mandate: Grow quickly through acquisition.
LockBit Claims Wichita as Its Victim 2 Days After Ransomware Attack
The city is still investigating the attack, and neither the group nor city officials have offered details about the ransomware demands.
Vast Network of Fake Web Shops Defrauds 850,000 & Counting
China-based cybercriminal group "BogusBazaar" created tens of thousands of fraudulent online stores based on expired domains to steal payment credentials.
https://www.darkreading.com/cyberattacks-data-breaches/fake-web-shops-defraud-850000
Tech Companies Promise Secure by Design Products
Over 60 companies sign the secure by design pledge from CISA to consider security from the design phase and throughout the product lifecycle.
https://www.darkreading.com/endpoint-security/tech-companies-promise-secure-by-design-products
How Government Agencies Can Leverage Grants to Shore Up Cybersecurity
With the help of grant funding, agencies and organizations can better defend themselves and their constituents.
Token Security Launches Machine-Centric IAM Platform
Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system.
UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector
An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
3-Year Iranian Influence Op Preys on Divides in Israeli Society
Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model.
Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure
Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure
runZero Research Explores Unexpected Exposures in Enterprise Infrastructure
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes
The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year.
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
Patch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution.
https://www.darkreading.com/cloud-security/critical-bug-50k-tinyproxy-servers-dos-rce
Security Teams & SREs Want the Same Thing: Let's Make It Happen
Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs.
Microsoft Will Hold Executives Accountable for Cybersecurity
At least a portion of executive compensation going forward will be tied to meeting security goals and metrics.
LockBit Honcho Faces Sanctions, With Aussie Org Ramifications
Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
https://www.darkreading.com/cloud-security/chinese-hackers-deployed-backdoor-quintet-to-down-mitre
Wiz Announces $1B Funding Round, Plans More M&A
Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.
Does CISA's KEV Catalog Speed Up Remediation?
Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.
https://www.darkreading.com/vulnerabilities-threats/cisa-kev-catalog-speed-up-remediation