darkreading
- Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel November 5, 2024The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.Robert Lemos, Contributing Writer
- APT36 Refines Tools in Attacks on Indian Targets November 4, 2024The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.Jai Vijayan, Contributing Writer
- Okta Fixes Auth Bypass Bug After 3-Month Lull November 4, 2024The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.Dark Reading Staff
- Antivirus, Anti-Malware Lead Demand for AI/ML Tools November 4, 2024Companies are attaching the term "AI" to everything these days, but in cybersecurity, machine learning is more than hype.Dark Reading Staff
- OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes November 4, 2024As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.Robert Lemos, Contributing Writer
- Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed November 4, 2024A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.Elizabeth Montalbano, Contributing Writer
- Name That Edge Toon: Aerialist's Choice November 4, 2024Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.John Klossner, Cartoonist
- Can Automatic Updates for Critical Infrastructure Be Trusted? November 4, 2024The true measure of our cybersecurity prowess lies in our capacity to endure.John Paul Cunningham
- EmeraldWhale's Massive Git Breach Highlights Config Gaps November 1, 2024The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.Kristina Beek, Associate Editor, Dark Reading
- AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks November 1, 2024
- SOFTSWISS Expands Bug Bounty Program November 1, 2024
- Privacy Anxiety Pushes Microsoft Recall AI Release Again November 1, 2024The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.Becky Bracken, Senior Editor, Dark Reading
- OWASP Releases AI Security Guidance November 1, 2024OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.Jennifer Lawinski, Contributing Writer
- Chinese APTs Cash In on Years of Edge Device Attacks November 1, 2024The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.Nate Nelson, Contributing Writer
- 4 Main API Security Risks Organizations Need to Address November 1, 2024Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.Jai Vijayan, Contributing Writer
- Critical Auth Bugs Expose Smart Factory Gear to Cyberattack November 1, 2024Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.Tara Seals, Managing Editor, News, Dark Reading
- IT Security Centralization Makes the Use of Industrial Spies More Profitable November 1, 2024As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.Aybars Tuncdogan, Fulya Acikgoz
- Developer Velocity & Security: Can You Get Out of the Way in Time? November 1, 2024When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.Matt Middleton-Leal
- The Overlooked Importance of Identifying Riskiest Users November 1, 2024"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.Garrett Hamilton
- Taiwanese Facebook Biz Pages Fall to Infostealer Phishing Campaign October 31, 2024The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.Dark Reading Staff