The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. “An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed […]
Category Archives: Uncategorized
Attackers are exploiting the “Envelopes: create API” of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It’s an unusual attack vector with a high success rate. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Government and industry want to jump-start the conversation around “human-centric cybersecurity” to boost the usability and effectiveness of security products and services. Go to Source Author: Robert Lemos, Contributing Writer
Zero trust is a mature approach that will improve your organization’s security. Go to Source Author: Gregory R. Simpson
Episode #4: NIST’s new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner’s point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University. Go […]
A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading
Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. “ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF),” Cleafy researchers Michele Roviello, Alessandro Strino […]
Zero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after Go to Source […]
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an “ […]
The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections. Go to Source Author: Robert Lemos, Contributing Writer