Skip to main content

Darkreading.com: Latest Cybersecurity News

"Iranian APT targets U.S. with Drokbk Spyware via GitHub."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 09 December 2022, 2005 UTC.  Content provided by "Darkreading.com."

Source:  https://www.darkreading.com/latest/news

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

NEWS

spyglass magnifying rainbow colored computer code
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
Dark Reading Logo
by Nathan Eddy, Contributing Writer, Dark Reading
December 09, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
Network Security Concept Crypto Binary Particle Closeup - Abstract Background Texture
Google: Use SLSA Framework for Better Software Security
Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 09, 2022
APPLICATION SECURITY
4 MIN READ
Article Icon
ARTICLE
A black knight chess piece faces off against three white pieces
3 Ways Attackers Bypass Cloud Security
At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.
Kelly Jackson Higgins Headshot
by Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
December 08, 2022
CLOUD
3 MIN READ
Article Icon
ARTICLE
police first responder ransomware cyber threats
Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs
More than three-quarters of police and emergency responders worry about ransomware attacks and data leaks, while their organizations lag behind in technology adoption.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 08, 2022
REMOTE WORKFORCE
3 MIN READ
Article Icon
ARTICLE
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
December 08, 2022
ATTACKS/BREACHES
5 MIN READ
Article Icon
ARTICLE
mobile phone charger with innards hanging out, on brown paper background
Hacker Fails for the Win
Security researchers share their biggest initial screwups in some of their key vulnerability discoveries.
Kelly Jackson Higgins Headshot
by Kelly Jackson Higgins, Editor-in-Chief, Dark Reading
December 07, 2022
VULNERABILITIES/THREATS
3 MIN READ
Article Icon
ARTICLE
Cloud Computing Ransomware Cyber Security concept 3d illustration
Rackspace Incident Highlights How Disruptive Attacks on Cloud Providers Can Be
A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 07, 2022
CLOUD
5 MIN READ
Article Icon
ARTICLE
Shopping fraud and invalid traffic
Fraudsters Siphon $360M From Retailers Using 50M Fake Shoppers
Cyberattackers focused on ad fraud and clickjacking stole millions during Black Friday by hijacking shopper accounts and tying up transactions.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 07, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices
Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices
The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
December 07, 2022
REMOTE WORKFORCE
3 MIN READ
Article Icon
ARTICLE
Endpoint Security Platform - Cloud-based Endpoint Protection Concept
For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 07, 2022
VULNERABILITIES/THREATS
4 MIN READ
Article Icon
ARTICLE
Illustration of a keyhole filled with red glowing 1s and 0s, against a background of blue-green floating 1s and 0s
Shift to Memory-Safe Languages Gains Momentum
Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 06, 2022
APPLICATION SECURITY
4 MIN READ
Article Icon
ARTICLE
concept illustration of diplomatic relations between russia and ukraine flag using flags of both countries
Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs
Victims include at least 15 healthcare organizations, one Fortune 500 company, and other organizations in multiple countries, security vendor says.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 06, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
cyberattack art
Machine Learning Models: A Dangerous New Attack Vector
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
December 06, 2022
THREAT INTELLIGENCE
5 MIN READ
Article Icon
ARTICLE
ransomware wiper
Wiper, Disguised as Fake Ransomware, Targets Russian Orgs
The program, dubbed CryWiper, is aimed at Russian targets; it requests a ransom but has no way to decrypt any overwritten files.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 05, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
skull embedded in computer code
Infostealer Malware Market Booms, as MFA Fatigue Sets In
The successful combo of stolen credentials and social engineering to breach networks is increasing demand for infostealers on the Dark Web.
Dark Reading Logo
by Nathan Eddy, Contributing Writer, Dark Reading
December 05, 2022
THREAT INTELLIGENCE
5 MIN READ
Article Icon
ARTICLE
The word "ransomware" on a computer screen
Ransomware Professionalization Grows as RaaS Takes Hold
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.
Dark Reading Logo
by Nathan Eddy, Contributing Writer, Dark Reading
December 05, 2022
THREAT INTELLIGENCE
4 MIN READ
Article Icon
ARTICLE
Network of blue platforms in the dark with bots on top botnet cybersecurity concept 3D illustration
Malware Authors Inadvertently Take Down Own Botnet
A single improperly formatted command has effectively killed KmsdBot botnet, security vendor says.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 05, 2022
ATTACKS/BREACHES
3 MIN READ
Article Icon
ARTICLE
Hyundai Sonata Eighth generation (DN8), a mid-size sedan car model year 2021 driving down road in Moscow
SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking
A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.
Tara Seals Headshot 2022
by Tara Seals, Managing Editor, News, Dark Reading
December 02, 2022
APPLICATION SECURITY
6 MIN READ
Article Icon
ARTICLE
APT advanced persistent threat neon concept self illumination background 3D illustration
Where Advanced Cyberattackers Are Heading Next: Disruptive Hits, New Tech
Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 02, 2022
THREAT INTELLIGENCE
6 MIN READ
Article Icon
ARTICLE
Machine Learning for cybersecurity in SOCs
SOC Turns to Homegrown Machine Learning to Catch Cyber Intruders
A do-it-yourself machine learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 02, 2022
ANALYTICS
4 MIN READ
Article Icon
ARTICLE
lastpass logo under a magnifying glass
LastPass Discloses Second Breach in Three Months
The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 01, 2022
APPLICATION SECURITY
3 MIN READ
Article Icon
ARTICLE
picture of coders at workstations
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.
Robert Lemos Headshot
by Robert Lemos, Contributing Writer, Dark Reading
December 01, 2022
APPLICATION SECURITY
4 MIN READ
Article Icon
ARTICLE
Concept illustration of the Log4J security vulnerability
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.
Jai Vijayan
by Jai Vijayan, Contributing Writer, Dark Reading
December 01, 2022
APPLICATION SECURITY
5 MIN READ
Article Icon
ARTICLE
Illustration of a cloud in the sky with lines of code reaching down to a city skyline
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
headshot of Elizabeth Montalbano
by Elizabeth Montalbano, Contributor, Dark Reading
December 01, 2022
CLOUD
4 MIN READ
Article Icon
ARTICLE

Comments

Post a Comment

Please leave a comment about our recent post.

Popular posts from this blog

SecurityWeek Briefing.

Image
"Microsoft offers up to $15,000 in New AI Bug Bounty Program." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 October 2023, 2020 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtxdZHmrfcBkMDJSSNTtHlmhQX ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Friday, October 13, 2023 CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware Juniper Networks Patches Over 30 Vulnerabilities in Junos OS In Other News : Ex-Uber Security Chief Appeal, New Offerings From Tech Giants, Crypto Bounty Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Microsoft Offers Up to $15,000 in New AI Bug Bounty Program Researcher Co
Read more

SecurityWeek Briefing.

Image
"Health Care Solutions giant disrupted by Cyberattack." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 October 2023, 2033 UTC.  Content provided by email subscription to "SecurityWeek Briefing." Source:  https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGwHLhdlHbpbQJXqhLLSvQbhdnC ("SecurityWeek Briefing"). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). SecurityWeek News Briefing | Thursday, October 19, 2023 Healthcare Solutions Giant Disrupted by Cyberattack Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program CipherStash Raises $3 Million for Encryption-in-Use Technology US Government Releases Anti-Phishing Guidance Google Play Protect Gets Real-Time Code Scanning Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,00
Read more

Cyber War News Wire.

Image
 "Navy establishes cyber warfare enlisted rating." Views expressed in this cyber war, cybersecurity, cyber espionage update are those of the reporters and correspondents.  Accessed on 02 July 2023, 2311 UTC.  Content provided by EIN Presswire. Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGtvsTbTPlbNrgzDpppFbtXwWxF ("Cyber War News Wire" from EIN Presswire). Please click link or scroll down to read your selections.  Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). ·  Subscribe  ·  Unsubscribe My Alerts       Cyber War Newswire Got News to Share? Send 2 FREE Releases ↓ Daily update  ·  July 2, 2023     NEWS     Navy Establishes Cyber Warfare Enlisted Rating  Seapower Magazine ***** ARLINGTON, Va. — The U.S. Navy’s effort to expand its cyber warfare capabilities took another step with the establishment of the Cyber Warfare Technician (CWT) rating in its enlisted force.  The CTWs will conduct both offensive and defensive
Read more