While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.
from Dark Reading https://ift.tt/ZoA41fH
via IFTTT
Tag Archives: Dark Reading:
ICYMI: Dark Web Happenings Edition With Evil Corp., MSP Targeting & More
Dark Reading’s digest of other “don’t-miss” stories of the week — including a Microsoft alert connecting disparate cybercrime activity together, and an explosion of Luca Stealer variants after an unusual Dark Web move.
from Dark Reading https://ift.tt/eAZhxN0
via IFTTT
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization
The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.
from Dark Reading https://ift.tt/QUHPht0
via IFTTT
Why Bug-Bounty Programs Are Failing Everyone
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
from Dark Reading https://ift.tt/nHFE8NV
via IFTTT
Amazon Adds Malware Detection to GuardDuty TDR Service
The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week.
from Dark Reading https://ift.tt/tPkB1aO
via IFTTT
Big Questions Remain Around Massive Shanghai Police Data Breach
Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn’t anyone notice it was downloaded?
from Dark Reading https://ift.tt/LP85iIj
via IFTTT
Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info
The campaign uses four malicious packages to spread “Volt Stealer” and “Lofy Stealer” malware in the open source npm software package repository.
from Dark Reading https://ift.tt/Nw4e8VJ
via IFTTT
3 Tips for Creating a Security Culture
Trying to get the whole organization on board with better cybersecurity is much tougher than it may sound.
from Dark Reading https://ift.tt/DVsRxiA
via IFTTT
Patch Now: Atlassian Confluence Bug Under Active Exploit
Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.
from Dark Reading https://ift.tt/7QrSvZB
via IFTTT
APT-Like Phishing Threat Mirrors Landing Pages
By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.
from Dark Reading https://ift.tt/OVbIhDq
via IFTTT
Pacosite's Blog 