🦜 darkreading
@www.darkreading.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
Public RSS feed
Your feed and you don't want it here? Just
e-mail the birb.
What Today's SOC Teams Can Learn From Baseball
https://www.darkreading.com/cybersecurity-operations/what-soc-teams-can-learn-from-baseball
Published: October 22, 2024 14:00
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.
Name That Toon: The Big Jump
https://www.darkreading.com/remote-workforce/name-that-toon-the-big-jump
Published: October 22, 2024 12:33
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Russia-Linked Hackers Attack Japan's Govt, Ports
https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
Published: October 22, 2024 00:00
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.
Unmanaged Cloud Credentials Pose Risk to Half of Orgs
https://www.darkreading.com/cloud-security/unmanaged-cloud-credentials-risk-half-orgs
Published: October 21, 2024 21:03
These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.
Cisco Disables DevHub Access After Security Breach
https://www.darkreading.com/cloud-security/cisco-disables-access-devhub-site-security-breach
Published: October 21, 2024 21:02
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.
Internet Archive Gets Pummeled in Round 2 Breach
https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-pummeled-round-2-breach
Published: October 21, 2024 20:02
This latest breach was through Zendesk, a customer service platform that the organization uses.
Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page'
https://www.darkreading.com/threat-intelligence/anti-bot-services-cybercrooks-bypass-google-red-page
Published: October 21, 2024 15:21
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.
Why I'm Excited About the Future of Application Security
https://www.darkreading.com/application-security/excited-future-application-security
Published: October 21, 2024 14:00
The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage.
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
https://www.darkreading.com/vulnerabilities-threats/dprk-microsoft-zero-day-no-click-toast-attacks
Published: October 21, 2024 01:00
The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.
MacOS Safari 'HM Surf' Exploit Exposes Camera, Mic, Browser Data
https://www.darkreading.com/vulnerabilities-threats/macos-safari-exploit-camera-mic-browser-data
Published: October 18, 2024 21:26
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
Time to Get Strict With DMARC
https://www.darkreading.com/cybersecurity-operations/time-get-strict-dmarc
Published: October 18, 2024 19:33
The adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches
https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches
Published: October 18, 2024 18:47
A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.
ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise
https://www.darkreading.com/cyberattacks-data-breaches/eset-wiper-attack-targets-israel
Published: October 18, 2024 16:59
The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.
Vulnerabilities, AI Compete for Software Developers' Attention
https://www.darkreading.com/application-security/vulnerabilities-ai-compete-software-developers-attention
Published: October 18, 2024 15:53
This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.
Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management
https://www.darkreading.com/cyber-risk/supply-chain-cybersecurity-traditional-vendor-risk-management
Published: October 18, 2024 14:00
Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.
Ex-Oracle, Google Engineers Raise $7m From Accel for Public Launch of Simplismart to Empower AI Adoption
https://www.darkreading.com/cybersecurity-operations/ex-oracle-google-engineers-raise-7m-from-accel-for-public-launch-of-simplismart-to-empower-ai-adoption
Published: October 17, 2024 20:51
Illinois Joins CoSN's Trusted Learning Environment (TLE) State Partnership Program for Student Data Privacy
https://www.darkreading.com/cyber-risk/illinois-joins-cosn-s-trusted-learning-environment-tle-state-partnership-program-for-student-data-privacy
Published: October 17, 2024 20:46
Swift to Launch AI-Powered Fraud Defence to Enhance Cross-Border Payments
https://www.darkreading.com/cyber-risk/swift-to-launch-ai-powered-fraud-defence-to-enhance-cross-border-payments
Published: October 17, 2024 20:43
Hong Kong Crime Ring Swindles Victims Out of $46M
https://www.darkreading.com/cyberattacks-data-breaches/hong-kong-crime-ring-swindles-victims-out-of-46m
Published: October 17, 2024 19:58
The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.
Internet Archive Slowly Revives After DDoS Barrage
https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-slowly-revives-ddos-barrage
Published: October 17, 2024 18:26
Days after facing a major breach, the site is still struggling to get fully back on its feet.
4 Ways to Address Zero-Days in AI/ML Security
https://www.darkreading.com/vulnerabilities-threats/4-ways-address-zero-days-ai-ml-security
Published: October 17, 2024 17:00
As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI.
Is a CPO Still a CPO? The Evolving Role of Privacy Leadership
https://www.darkreading.com/cyber-risk/cpo-still-cpo-evolving-role-privacy-leadership
Published: October 17, 2024 14:00
Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?
Iran's APT34 Abuses MS Exchange to Spy on Gulf Gov'ts
https://www.darkreading.com/cyberattacks-data-breaches/iran-apt34-ms-exchange-spy-gulf-govts
Published: October 17, 2024 06:00
A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.
Chinese Researchers Tap Quantum to Break Encryption
https://www.darkreading.com/application-security/chinese-researchers-unveil-quantum-technique-to-break-encryption
Published: October 16, 2024 21:45
But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.
71% of Hackers Believe AI Technologies Increase the Value of Hacking
https://www.darkreading.com/vulnerabilities-threats/71-of-hackers-believe-ai-technologies-increase-the-value-of-hacking
Published: October 16, 2024 21:15
Port Raises $35M for its End-to-End Internal Developer Portal
https://www.darkreading.com/cybersecurity-operations/port-raises-35m-for-its-end-to-end-internal-developer-portal
Published: October 16, 2024 21:11
Bad Actors Manipulate Red-Team Tools to Evade Detection
https://www.darkreading.com/endpoint-security/bad-actors-manipulate-red-team-tools-evade-detection
Published: October 16, 2024 19:48
By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.
Hybrid Work Exposes New Vulnerabilities in Print Security
https://www.darkreading.com/vulnerabilities-threats/hybrid-work-vulnerabilities-print-security
Published: October 16, 2024 19:30
The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.
Cyber Gangs Aren't Afraid of Prosecution
https://www.darkreading.com/cyberattacks-data-breaches/cyber-gangs-aren-t-afraid-of-prosecution
Published: October 16, 2024 19:04
Challenges with cybercrime prosecution are making it easier for attackers to act with impunity. Law enforcement needs to catch up.
What Cybersecurity Leaders Can Learn From the Game of Golf
https://www.darkreading.com/vulnerabilities-threats/what-cybersecurity-leaders-learn-golf
Published: October 16, 2024 14:00
As in golf, security requires collaboration across the entire organization, from individual contributors in each department to the executive level and the board.
North Korea Hackers Get Cash Fast in Linux Cyber Heists
https://www.darkreading.com/cyber-risk/north-korea-hackers-cash-linux-cyber-heists
Published: October 15, 2024 21:20
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
FHE Consortium Pushes for Quantum-Resilient Cryptography Standards
https://www.darkreading.com/data-privacy/fhe-consortium-quantum-resilient-cryptography-standards
Published: October 15, 2024 20:18
The FHE Technical Consortium for Hardware (FHETCH) brings together developers, hardware manufacturers and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption…
Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity
https://www.darkreading.com/cyberattacks-data-breaches/attackers-unleash-flood-potentially-disruptive-election-related-activity
Published: October 15, 2024 14:44
Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.
LLMs Are a New Type of Insider Adversary
https://www.darkreading.com/vulnerabilities-threats/llms-are-new-type-insider-adversary
Published: October 15, 2024 14:00
The inherent intelligence of large language models gives them unprecedented capabilities like no other enterprise tool before.
WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in
https://www.darkreading.com/application-security/wp-engine-accuses-wordpress-forcibily-taking-over-plug-in
Published: October 15, 2024 13:50
WordPress moves could have security implications for sites using Advanced Custom Fields plug-in.
CISOs' Privacy Responsibilities Keep Growing
https://www.darkreading.com/cybersecurity-operations/cisos-privacy-responsibilities-keep-growing
Published: October 15, 2024 13:37
A heated regulatory landscape, uncertainty over AI use, and how it all ties back to cybersecurity means CISOs have to add privacy to their portfolios.
Even Orgs With SSO Are Vulnerable to Identity-Based Attacks
https://www.darkreading.com/identity-access-management-security/even-orgs-with-sso-are-vulnerable-to-identity-based-attacks
Published: October 15, 2024 10:00
Use SSO, don't use SSO. Have MFA, don't have MFA. An analysis of a snapshot of organizations using Push Security's platform finds that 99% of accounts susceptible to phishing attacks.
Southeast Asian Cybercrime Profits Fuel Shadow Economy
https://www.darkreading.com/cyber-risk/southeast-asian-cybercrime-profits-fuel-shadow-economy
Published: October 15, 2024 01:00
With cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws
https://www.darkreading.com/cyberattacks-data-breaches/serious-adversaries-circle-ivanti-csa-flaws
Published: October 14, 2024 22:16
Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.
Pokémon Gaming Company Employee Info Leaked in Hack
https://www.darkreading.com/cyberattacks-data-breaches/insider-info-pokemon-allegedly-leaked-gaming-hack
Published: October 14, 2024 20:57
The gaming company reports that the server has been rebuilt after the leak, but has not confirmed if its insider video game data was leaked.
The Lingering 'Beige Desktop' Paradox
https://www.darkreading.com/endpoint-security/the-lingering-beige-desktop-paradox
Published: October 14, 2024 20:20
Organizations are grappling with the risks of having outdated hardware handling core workloads, mission-critical applications no one knows how to update or maintain, and systems that IT and security teams don't know about.
Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly
https://www.darkreading.com/cybersecurity-operations/microsoft-k-12-universities-grapple-with-thousands-attacks-weekly
Published: October 14, 2024 19:59
Education, including K-12 schools and universities, has become the third most targeted sector due to the high variety of sensitive data it stores in its databases.
ConfusedPilot Attack Can Manipulate RAG-Based AI Systems
https://www.darkreading.com/cyberattacks-data-breaches/confusedpilot-attack-manipulate-rag-based-ai-systems
Published: October 14, 2024 16:34
Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes.
Fighting Crime With Technology: Safety First
https://www.darkreading.com/cloud-security/fighting-crime-with-technology-safety-first
Published: October 14, 2024 15:33
By combining human and nonhuman identity management in one solution, Flock Safety is helping law enforcement solve an impressive number of criminal cases every day.
Why Your Identity Is the Key to Modernizing Cybersecurity
https://www.darkreading.com/vulnerabilities-threats/why-identity-key-modernizing-cybersecurity
Published: October 14, 2024 14:00
Ultimately, the goal of creating a trusted environment around all digital assets and devices is about modernizing the way you do business.