DNS Tunneling Abuse Expands to Tracking & Scanning Victims

Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities and find new ways to compromise organizations.

https://www.darkreading.com/cyberattacks-data-breaches/dns-tunneling-abuse-expands-tracking-scanning-victims

There Is No Cyber Labor Shortage

There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.

https://www.darkreading.com/cybersecurity-operations/there-is-no-cyber-labor-shortage

Heartbleed: When Is It Good to Name a Vulnerability?

Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately.

https://www.darkreading.com/vulnerabilities-threats/heartbleed-when-is-it-good-to-name-a-vulnerability

500 Victims In, Black Basta Reinvents With Novel Vishing Strategy

Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.

https://www.darkreading.com/cyberattacks-data-breaches/500-victims-later-black-basta-reinvents-novel-vishing-strategy

Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations

At least 15 television channels were interrupted in Ukraine alone, which, reportedly, is not out of the norm in this "information war."

https://www.darkreading.com/cyberattacks-data-breaches/ukrainian-latvian-tv-hijacked-to-broadcast-russian-celebrations

IntelBroker Nabs Europol Info; Agency Investigating

Europe's cross-border law enforcement agency says the well-known hacking outfit, contrary to claims, did not access operational data.

https://www.darkreading.com/cyberattacks-data-breaches/intelbroker-nabs-europol-info-agency-investigating

Why Tokens Are Like Gold for Opportunistic Threat Actors

When setting authentication token expiry policies, always lean in to security over employee convenience.

https://www.darkreading.com/cyberattacks-data-breaches/why-tokens-are-like-gold-for-opportunistic-threat-actors

Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem

Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.

https://www.darkreading.com/ics-ot-security/millions-of-iot-devices-at-risk-from-flaws-in-integrated-cellular-modem

CISO as a CTO: When and Why It Makes Sense

Enterprises are increasingly recognizing that the CISO's skills and experience building risk-based cyber programs translate well to other C-suite positions.

https://www.darkreading.com/cybersecurity-careers/ciso-as-a-cto-when-and-why-it-makes-sense

Reality Defender Wins RSAC Innovation Sandbox Competition

In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender stood out for its tool for detecting and labeling deepfakes and other artificial content.

https://www.darkreading.com/cyber-risk/reality-defender-wins-rsac-innovation-sandbox

Is CISA's Secure by Design Pledge Toothless?

CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.

https://www.darkreading.com/cybersecurity-operations/rsa-2024-cisa-secure-design-pledge-necessary-toothless

Ascension Healthcare Suffers Major Cyberattack

The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.

https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack

Dark Reading 'Drops' Its First Podcast

Our brand-new podcast, Dark Reading Confidential, has officially launched. You don't want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who ...

https://www.darkreading.com/cyber-risk/dark-reading-drops-its-first-podcast

Dark Reading Confidential: The CISO and the SEC

Episode 1 of Dark Reading Confidential brings Frederick “Flee” Lee, CISO of Reddit, Beth Burgin Waller, a practicing cyber attorney who represents many CISOs, and Ben Lee, Chief Legal Officer of Reddi...

https://www.darkreading.com/cyber-risk/dark-reading-confidential-the-ciso-and-the-sec

You've Been Breached: What Now?

Breaches are inevitable. Here are four steps to recovery and future-proofing your business.

https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now

Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes

Kevin Mandia, CEO of Mandiant at Google Cloud, calls for content "watermarks" as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic.

https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes

CISA Courts Private Sector to Get Behind CIRCIA Reporting Rules

New regulations will require the private sector to turn over incident data to CISA within three days or face enforcement. Here's how the agency is presenting this as a benefit to the entire private se...

https://www.darkreading.com/cybersecurity-operations/cisa-courts-private-sector-to-get-behind-circia-reporting-rules

'The Mask' Espionage Group Resurfaces After 10-Year Hiatus

Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.

https://www.darkreading.com/cyberattacks-data-breaches/-the-mask-espionage-group-resurfaces-after-10-year-hiatus

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

F5 customers should patch immediately, though even that won't protect them from every problem with their networked devices.

https://www.darkreading.com/application-security/2-or-5-bugs-in-f5-asset-manager-allow-full-takeover-hidden-accounts

CyberProof Announces Strategic Partnership With Google Cloud

https://www.darkreading.com/cloud-security/cyberproof-announces-strategic-partnership-with-google-cloud