April 24, 2024 at 12:09PM Security awareness training firm KnowBe4 plans to acquire British late-stage startup Egress, specializing in cloud email security. Egress, with $48 million in funding, garnered attention in a competitive market. The merger aims to create a leading AI-driven cybersecurity platform. The deal is expected to close in the coming months, pending … Read more
April 23, 2024 at 09:16AM Global organizations are detecting cyberattacks more quickly, with average detection time reaching an all-time low of ten days, down from 16 days last year. However, there are still regional variations and a significant reliance on external sources to detect intrusions. Mandiant emphasizes the need for continued vigilance and improved threat … Read more
April 16, 2024 at 10:15AM Open source groups are cautioning about recent attacks targeting project maintainers, similar to the attempted backdoor incident in a core Linux library. The OpenJS Foundation and OpenSSF are observing suspicious emails aiming to manipulate project maintainers and have shared tactics to identify potential threats. They emphasize the need to support … Read more
April 10, 2024 at 10:21AM Password reuse poses a significant cybersecurity risk for organizations. Despite strong password policies, end-users often prioritize convenience, leading to widespread reuse. This creates opportunities for hackers to exploit and gain unauthorized access to sensitive data. Addressing this issue requires a multi-faceted approach including user education, multi-factor authentication, password managers, and … Read more
April 4, 2024 at 02:44PM The latest campaign demonstrates the extensive capabilities and long-lasting presence of a decade-old information-stealing malware. Based on the meeting notes, it seems that the latest campaign highlights the extensive functionality and longevity of a piece of information-stealing malware that is a decade old. Full Article
March 20, 2024 at 12:03PM Successful attackers target human emotions for psychological manipulation, making anyone vulnerable, regardless of tech expertise. Based on the meeting notes, the key takeaway is that successful attackers focus on psychological manipulation of human emotions, making anyone, including tech-savvy individuals, susceptible to becoming a victim. Full Article
February 2, 2024 at 05:31PM Welcome to CISO Corner, a weekly digest presented by Dark Reading catering to security operations readers and leaders. In this issue, discussions include the evolving role of the Chief Information Security Officer, tailored cybersecurity education for younger users, the adoption of Secure Access Service Edge (SASE) by airlines, recognizing security … Read more
February 2, 2024 at 09:40AM The era of intelligent operations brings new expectations for digital experiences into workplaces, especially with the arrival of Gen Z employees. Outdated OT security processes, legacy components, and limited user access management capabilities need updating to attract and retain younger skilled workers. Improved cybersecurity practices not only enhance employee experience … Read more
January 30, 2024 at 12:47PM A recent phishing attack leverages Microsoft Teams group chat requests to distribute DarkGate malware via deceptive file attachments. Attackers exploit the default external messaging access and employ tactics such as double file extensions to trick victims. Organizations are advised to consider disabling External Access and to educate users on recognizing … Read more
January 9, 2024 at 10:05AM The text discusses the concept of security theater in cybersecurity, criticizing the superficial measures and controls implemented by organizations. It highlights the detrimental effects of security theater and provides recommendations to shift focus towards proactive risk mitigation, including conducting risk assessments, prioritizing security enhancements, and implementing cyberattack prevention strategies. Key … Read more