The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.

from Dark Reading https://ift.tt/hlWEMUt
via IFTTT

Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week.

from Dark Reading https://ift.tt/ncIWyFa
via IFTTT

Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.

from Dark Reading https://ift.tt/ZrYgab0
via IFTTT

Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.

from Dark Reading https://ift.tt/gM05XOr
via IFTTT

Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).

from Dark Reading https://ift.tt/COBrNlT
via IFTTT

Abuse primitives have a longer shelf life than bugs and zero-days and are cheaper to maintain. They’re also much harder for defenders to detect and block.

from Dark Reading https://ift.tt/CGqojUM
via IFTTT

Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services — plus fixes for them where available.

from Dark Reading https://ift.tt/Txjg4ly
via IFTTT

NIST SP800-219 introduces the macOS Security Compliance Project (mSCP) to assist organizations with creating security baselines and defining controls to protect macOS endpoints.

from Dark Reading https://ift.tt/604Ta1M
via IFTTT