Dark Reading

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.

Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.

The latest evolution in social engineering could put fraudsters in a position to commit insider threats.

The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.

Transitive dependencies can complicate the process of developing software bills of materials.

With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.

Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.

It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.

A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?

Malicious ISS module exploitation is the latest trend among threat actors targeting Exchange servers, analysts say.

Titaniam’s ‘State of Data Exfiltration & Extortion Report’ also finds that while over 70% of organizations had heavy investments in prevention, detection, and backup solutions, the majority of victims ended up giving into attackers' demands.

NXM Autonomous Security protects against network-wide device hacks and defends against critical IoT vulnerabilities.

A password link that didn't expire leads to the discovery of exposed personal information at a payments service.

An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.

There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe.

Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.

The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.

The now-patched bug allows an attacker to gain full access to a user's Amazon files.

In the always-changing world of cyberattacks, preparedness is key.