Dark Reading:

Chris Kirsch, CEO of runZero, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the importance of asset discovery.

https://www.darkreading.com/risk/why-most-companies-still-don-t-know-what-s-on-their-network

Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure.

https://www.darkreading.com/omdia/on-data-privacy-day-organizations-fail-data-privacy-expectations

A nasty SSRF bug in Web Services plagues a laundry list of enterprise printers.

https://www.darkreading.com/cloud/critical-rce-lexmark-printer-bug-has-public-exploit

Google has mounted a massive takedown, but Dragonbridge's extensive capabilities for generating and distributing vast amounts of largely spammy content calls into question the motivation behind t...

https://www.darkreading.com/vulnerabilities-threats/google-influence-operator-dragonbridge-floods-social-media-sprawling-cyber-campaign

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.

https://www.darkreading.com/attacks-breaches/noob-hackers-become-persistent-threats

OpenAI's chatbot has the promise to revolutionize how security practitioners work.

https://www.darkreading.com/vulnerabilities-threats/3-ways-chatgpt-will-change-infosec-in-2023

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

https://www.darkreading.com/attacks-breaches/not-playing-games-riot-games-latest-video-game-maker-to-suffer-breach

Whether you dream of your child growing into a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery.

https://www.darkreading.com/edge-slideshows/a-child-s-garden-of-cybersecurity

Hackers don't need a key to get past your defenses if they can essentially teleport using RMMs, warns CISA and the NSA.

https://www.darkreading.com/attacks-breaches/federal-agencies-infested-cyberattackers-legit-remote-management-systems

The accused sold an enormous data set stolen from the Austrian radio and television licensing authority — to an undercover cop.

https://www.darkreading.com/attacks-breaches/dutchman-detained-dealing-details-millions-people

A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit.

https://www.darkreading.com/vulnerabilities-threats/saas-rootkit-exploits-hidden-rules-in-microsoft-365-

The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations.

https://www.darkreading.com/vulnerabilities-threats/hive-ransomware-gang-loses-honeycomb

After Berlin pledged tanks for Ukraine, some German websites were knocked offline temporarily by Killnet DDoS attacks.

https://www.darkreading.com/ics-ot/german-government-airports-banks-hit-killnet-ddos-attacks

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

https://www.darkreading.com/attacks-breaches/7-insights-from-a-ransomware-negotiator

Only one in 10 enterprises will create a robust zero-trust foundation in the next three years, while more than half of attacks won't even be prevented by it, according to Gartner.

https://www.darkreading.com/remote-workforce/companies-struggle-zero-trust-attackers-adapt

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/cloud/new-study-examines-application-connectivity-security-in-the-cloud

Program provides financial assistance to aspiring information security professionals, enabling students toward long-term career success.

https://www.darkreading.com/operations/center-for-cyber-safety-and-education-opens-2023-cybersecurity-scholarship-applications

Advanced workflow, approval process, and management dashboard enhance control, distribution, and supervision, while reducing errors and streamlining the entire SBOM management process.

https://www.darkreading.com/application-security/cybellum-releases-enhanced-sbom-management-and-compliance-oversight-for-manufacturers-with-new-release-of-its-product-security-platform

New guidance seeks to cultivate trust in AI technologies and promote AI innovation while mitigating risk

https://www.darkreading.com/risk/nist-risk-management-framework-aims-to-improve-trustworthiness-of-artificial-intelligence

Expect more regulatory and enforcement action in the US and around the world.

https://www.darkreading.com/endpoint/organizations-must-brace-for-privacy-impacts-this-year

One of the most closely watched security startups continues to build bank because its platform appeals to both developers and security pros.

https://www.darkreading.com/dr-tech/snyk-gets-nod-of-approval-with-servicenow-strategic-investment

Delivering secure, global IoT device connectivity, deployment, and management at scale.

https://www.darkreading.com/iot/kore-delivers-iot-safe-solution-for-massive-iot-use-cases-with-aws

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/endpoint/data-privacy-day-privado-flags-data-privacy-challenges-in-2023-as-it-hails-industry-stars

Two common attacks against on-premises Kerberos authentication servers — known as Pass the Ticket and Silver Ticket — can be used against Microsoft's Azure AD Kerberos, a security firms says.

https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts

Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.

https://www.darkreading.com/application-security/zacks-investment-research-hack-exposes-820k-customers-data

In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?

https://www.darkreading.com/edge-articles/google-play-terms-of-service-push-privacy-to-the-limit

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/attacks-breaches/healthcare-remains-top-target-in-2022-itrc-breach-report

New Cyberseek™ data shows US is short nearly 530,000 skilled cybersecurity staff.

https://www.darkreading.com/operations/despite-slowing-economy-demand-for-cybersecurity-workers-remains-strong

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/operations/davos-debrief-critical-shortage-of-cybersecurity-talent-requires-action-on-several-fronts-comptia-executive-says

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

https://www.darkreading.com/application-security/researchers-poc-exploit-nsa-flaw-windows-cryptoapi

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

https://www.darkreading.com/application-security/goto-encrypted-backups-stolen-lastpass-breach

Don't make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential a...

https://www.darkreading.com/attacks-breaches/log4j-vulnerabilities-are-here-to-stay-are-you-prepared-

The DPRK has turned crypto scams into big business to replenish its depleted state coffers.

https://www.darkreading.com/remote-workforce/north-korea-apt-swindled-1b-crypto-investors-2022

Some predictions about impending security challenges, with a few tips for proactively addressing them.

https://www.darkreading.com/zscaler/multicloud-security-challenges-will-persist-in-2023

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/threat-intelligence/threatconnect-extends-threat-intelligence-platform-to-enable-threat-intelligence-operations-ti-ops-

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/attacks-breaches/bd-publishes-2022-cybersecurity-annual-report

Despite economic headwinds and layoffs in other areas, most retail and hospitality CISOs expect to add staff in 2023, according to a new report.

https://www.darkreading.com/attacks-breaches/cybersecurity-budgets-increase-for-retail-hospitality-industry

Report identifies 1.75m cyberattacks were stopped by BlackBerry in the last 90 days.

https://www.darkreading.com/attacks-breaches/blackberry-s-inaugural-quarterly-threat-intelligence-report-reveals-threat-actors-launch-one-malicious-threat-every-minute

If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent.

https://www.darkreading.com/operations/can-t-fill-open-positions-rewrite-your-minimum-requirements

Skyhawk Synthesis extends cloud security misconfiguration detection across multiple clouds, the company says — throwing cloud security posture management in for free.

https://www.darkreading.com/dr-tech/skyhawk-security-launches-multicloud-runtime-threat-detection-and-response-platform

Participants in a working session on ransomware at the World Economic Forum discussed how planning ahead can reduce cyber risk.

https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

https://www.darkreading.com/attacks-breaches/ticketmaster-blames-bots-taylor-swift-eras-tour-debacle

Mainz brings 25 years of industry experience to execute on Forescout’s strategy and drive its next phase of growth.

https://www.darkreading.com/risk/forescout-appoints-technology-veteran-barry-mainz-as-ceo

Restoration teams must be part of a collaborative, initial response team to address costly downtime.

https://www.darkreading.com/attacks-breaches/fenix24-releases-white-paper-proposing-new-cyber-incident-response-paradigm

Respondents indicate organizations are unprepared to handle cyberwarfare, there's no one-size-fits-all response to ransomware, and cybersecurity spending is on the rise.

https://www.darkreading.com/attacks-breaches/armis-state-of-cyberwarfare-and-trends-report-2022-2023-highlights-global-it-and-security-professionals-sentiment-on-cyberwarfare

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/endpoint/keeper-security-shares-password-best-practices-ahead-of-data-privacy-day

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/cloud/the-2022-2023-cloud-awards-announces-its-finalists-

Machine learning offers great opportunities, but it still can't replace human experts.

https://www.darkreading.com/vulnerabilities-threats/chat-cybersecurity-ai-promises-a-lot-but-can-it-deliver-

Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses.

https://www.darkreading.com/threat-intelligence/dragonspark-malware-east-asian-cyberattackers-oss-frankenstein

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

https://www.darkreading.com/vulnerabilities-threats/microsoft-excel-add-ins-stop-office-exploits

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty.

https://www.darkreading.com/attacks-breaches/security-and-the-electric-vehicle-charging-infrastructure

API Leak Management software discovers exposed API keys and other secrets, blocks their use, and monitors for abuse, the company says.

https://www.darkreading.com/dr-tech/wallarm-aims-to-reduce-the-harm-from-compromised-apis

Devices running Android 12 and below are at risk of attackers downloading apps that direct users to a malicious domain.

https://www.darkreading.com/threat-intelligence/pair-bugs-galaxy-app-store-cyberattackers-mobile-device-access

Security leaders must build resiliency against these complex attacks immediately.

https://www.darkreading.com/attacks-breaches/organizations-likely-to-experience-ransomware-threat-in-the-next-24-months-according-to-info-tech-research-group

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/operations/magnet-forensics-inc-enters-into-definitive-agreement-to-be-acquired-by-thoma-bravo

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/attacks-breaches/socs-to-face-greater-challenges-from-cybercriminals-targeting-governments-and-media-in-2023

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

https://www.darkreading.com/application-security/fanduel-sportsbook-bettors-exposed-in-mailchimp-breach

Here's how a security team can present itself to citizen developers as a valuable resource rather than a bureaucratic roadblock.

https://www.darkreading.com/edge-articles/no-one-wants-to-be-governed-everyone-wants-to-be-helped

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

https://www.darkreading.com/application-security/tsa-no-fly-list-snafu-highlights-risk-of-keeping-sensitive-data-in-dev-environments

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/operations/gartner-predicts-10-of-large-enterprises-will-have-a-mature-and-measurable-zero-trust-program-in-place-by-2026

Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.

https://www.darkreading.com/threat-intelligence/hunting-insider-threats-on-the-dark-web

S-RM reports show that cybersecurity concerns surrounding hybrid work prevail for 37% of organizations.

https://www.darkreading.com/remote-workforce/cybersecurity-worries-around-hybrid-working-drop-but-many-it-leaders-still-concerned-over-cyber-skills-gap

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/vulnerabilities-threats/supply-chain-security-global-market-report-2022-sector-to-reach-3-5-billion-by-2027-at-an-11-cagr

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

https://www.darkreading.com/attacks-breaches/t-mobile-breached-again-exposing-37m-customers-data

Two new reports show ransomware revenues for threat actors dropped sharply in 2022 as more victims ignored ransom demands.

https://www.darkreading.com/attacks-breaches/ransomware-profits-decline-victims-refuse-pay

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

https://www.darkreading.com/application-security/compromised-zendesk-employee-credentials-breach

Orca Security is one of the companies integrating conversational AI technology into its products.

https://www.darkreading.com/dr-tech/gpt-emerges-ai-tech-security-vendors

Serious security flaws go unpatched, and ransomware attacks increase against manufacturers.

https://www.darkreading.com/ics-ot/critical-manufacturing-sector-in-the-bulls-eye

Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, a...

https://www.darkreading.com/attacks-breaches/the-evolution-of-account-takeover-attacks-initial-access-brokers-for-iot

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.

https://www.darkreading.com/attacks-breaches/paypal-breach-exposed-pii-of-nearly-35k-accounts

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.

https://www.darkreading.com/cloud/emojideploy-attack-chain-targets-misconfigured-azure-service

Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views.

https://www.darkreading.com/attacks-breaches/massive-adware-campaign-shuttered

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

https://www.darkreading.com/threat-intelligence/china-based-attacker-crafted-custom-malware-for-fortinet-zero-day

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/remote-workforce/roaming-mantis-uses-dns-changers-to-target-users-via-compromised-public-routers

Traditional compliance and IAM are insufficient to secure the modern enterprise. We must shift left with modern access controls to avoid costly data breaches.

https://www.darkreading.com/cloud/shift-identity-left-preventing-identity-based-breaches

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/application-security/name-that-toon-poker-hand

The report highlights concerning security stats following two years of extreme tech growth.

https://www.darkreading.com/attacks-breaches/the-media-industry-is-the-most-vulnerable-to-cyber-attacks-report-shows

ICS/OT cybersecurity firm finds 35% of CVEs in second half of 2022 unpatchable.

https://www.darkreading.com/ics-ot/synsaber-releases-ics-vulnerabilities-cves-report-covering-second-half-of-2022

Open architecture, non-standalone roaming, nation-state attacks, ransomware, and the need for more industry collaboration are among the major 5G security challenges that operators must address in...

https://www.darkreading.com/mobile/securitygen-identifies-the-cybersecurity-priorities-for-mobile-operators-in-2023

KnowBe4 partners with the Center for Cyber Safety and Education to bolster women in cybersecurity for the fourth consecutive year.

https://www.darkreading.com/operations/knowbe4-to-offer-10-000-women-in-cybersecurity-scholarship-and-isc-2-certification-education-package

New program enables students and early career professionals to learn critical skills required in today's entry-level cybersecurity field, helping address urgent cyber workforce jobs gap.

https://www.darkreading.com/operations/international-council-of-e-commerce-consultants-launches-cybersecurity-essentials-professional-certificate-program-on-edx

There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against ...

https://www.darkreading.com/vulnerabilities-threats/ethically-exploiting-vulnerabilities-a-play-by-play

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/application-security/mendix-and-software-improvement-group-launch-a-new-software-application-quality-and-security-scanning-solution

Research shows that over 50% of organizations performing software development struggle with fully integrating security into their software development lifecycle.

https://www.darkreading.com/application-security/new-research-from-ema-reveals-how-organizations-are-struggling-to-develop-secure-software-applications

Corsha’s Annual State of API Secrets Management Report finds over 50% of respondents suffered a data breach due to compromised API secrets.

https://www.darkreading.com/attacks-breaches/new-survey-sheds-light-on-why-enterprises-struggle-to-thwart-api-attacks

The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.

https://www.darkreading.com/threat-intelligence/cybercriminals-target-telecom-provider-networks

Craft specific awareness training for high-exposure teams like finance, and reinforce other critical awareness training across the organization.

https://www.darkreading.com/zscaler/as-social-engineering-tactics-change-so-must-your-security-training-

Ensuring that data can be easily discovered, classified, and secured is a crucial cornerstone of a data security strategy.

https://www.darkreading.com/tech-trends/data-security-in-multicloud-limit-access-increase-visibility

Without noncompetes, how do organizations make sure employees aren't taking intellectual property when they go work to work for a competitor?

https://www.darkreading.com/edge-ask-the-experts/how-would-ftc-rule-noncompetes-affect-data-security

These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks.

https://www.darkreading.com/ics-ot/vulnerable-historian-servers-imperil-ot-networks

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/attacks-breaches/founder-and-majority-owner-of-cryptocurrency-exchange-charged-with-processing-over-700-million-of-illicit-funds

Layoffs intended to cut costs, help company shift its focus on cybersecurity services, Sophos says.

https://www.darkreading.com/operations/sophos-cuts-jobs-to-focus-on-cybersecurity-services-

The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

https://www.darkreading.com/threat-intelligence/chatgpt-could-create-polymorphic-malware-researchers-warn

New module introduces shadow SaaS application discovery, monitoring, and remediation to protect businesses from supply chain attacks.

https://www.darkreading.com/application-security/docontrol-announces-saas-security-platform-expansion-with-shadow-apps-module-launch

KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subje...

https://www.darkreading.com/remote-workforce/knowbe4-2022-phishing-test-report-confirms-business-related-emails-trend

From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against...

https://www.darkreading.com/vulnerabilities-threats/chatgpt-opens-new-opportunities-for-cybercriminals-5-ways-for-organizations-to-get-ready

Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.

https://www.darkreading.com/ics-ot/ics-confronted-by-attackers-armed-with-new-motives-tactics-and-malware

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/vulnerabilities-threats/abacus-group-acquires-gotham-security-and-govanguard-to-expand-cybersecurity-service-offerings

The integration provides crucial protection for businesses’ most vulnerable departments — help desks and customer support teams — preventing the most advanced threats sent by online users.

https://www.darkreading.com/attacks-breaches/perception-point-launches-advanced-threat-protection-and-rapid-remediation-for-zendesk-customers

Dark Reading: Connecting the Information and Security Community

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence