Dark Reading - Endpoint

Endpoint

• PyPI's 2FA Requirements Don't Go Far Enough, Researchers Say
• 'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft
• 'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting
• Streamers Ditch Netflix for Dark Web After Password Sharing Ban
• Want Sustainable Security? Find Middle Ground Between Tech & Education
• Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort
• How CISOs Can Manage the Intersection of Security, Privacy, And Trust
• DNB Strengthens its Network Security Posture and Productivity With Ericsson Security Manager Solution
• Cyversity and United Airlines to Provide Cybersecurity Training Scholarships to Cyversity Members
• Tel Aviv Stock Exchange Selects CardinalOps to Reduce Risk of Breaches Due to Undetected Attacks
• Amazon Pays $30.8M to Settle Ring Spying & Alexa Privacy Lawsuits
• Jetpack WordPress Plug-in API Bug Triggers Mass Updates
• How Do I Reduce Security Tool Sprawl in My Environment?
• Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs
• Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace
• Where SBOMs Stand Today
• Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection
• Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security
• SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment
• Top macOS Malware Threats: Here Are 6 to Watch
• Dark Reading Launches Inaugural CISO Advisory Board
• Meet Charlotte, CrowdStrike's New Generative AI Assistant
• Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
• Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
• MacOS 'Migraine' Bug: Big Headache for Device System Integrity
• Ways to Help Cybersecurity's Essential Workers Avoid Burnout
• What Apple's RSRs Reveal About Mac Patch Management
• Investment May Be Down, but Cybersecurity Remains a Hot Sector
• Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster
• New eID Scheme Gives EU Citizens Easy Access to Public Services Online
• Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS
• Focus Security Efforts on Choke Points, Not Visibility
• Salesforce 'Ghost Sites' Expose Sensitive Corporate Data
• Spotlight on 2023 Dan Kaminsky Fellow: Dr. Gus Andrews
• Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots
• 421M Spyware Apps Downloaded Through Google Play
• Undetected Attacks Against Middle East Targets Conducted Since 2020
• 9M Dental Patients Affected by LockBit Attack on MCNA
• Pentagon Leaks Emphasize the Need for a Trusted Workforce
• Top Cyberattacks Revealed in New Threat Intelligence Report
• 2 Lenses for Examining the Safety of Open Source Software
• 130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach
• Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
• How Safe Is Your Wearable Device?
• Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes
• 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns
• Red Hat Tackles Software Supply Chain Security
• CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown
• Lazarus Group Striking Vulnerable Windows IIS Web Servers
• Netflix's Password-Sharing Ban Offers Security Upsides
• Perception Point Report Finds That Advanced Phishing Attacks Grew by 356% in 2022
• Memcyco Delivers Real-Time Brandjacking Detection and Protection Solution
• Bank of Ghana Opens SOC to Enable Threat Intelligence Sharing
• 'Operation Magalenha' Attacks Give a Window Into Brazil's Cybercrime Ecosystem
• Google Cloud Bug Allows Server Takeover From CloudSQL Service
• Dangerous Regions: Isolating Branch Offices in High-Risk Countries
• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams
• 'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
• Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities
• Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident
• Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers
• Appdome Launches Build-to-Test, Automated Testing Option for Protected Mobile Apps
• Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations
• Threat Actors Compromise Barracuda Email Security Appliances
• Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
• OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps
• How Universities Can Bridge Cybersecurity's Gender Gap
• Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
• How AI Can Help Organizations Adapt and Recover From Cyberattacks
• 5 Questions to Ask When Evaluating a New Cybersecurity Technology
• Google Adds Guardrails to Keep AI in Check
• SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
• What Security Professionals Need to Know About Aggregate Cyber-Risk
• FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes
• A New Look for Risk in Awareness Training
• Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses
• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
• Improving Cybersecurity Requires Building Better Public-Private Cooperation
• PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
• Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
• IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area
• Cyber Warfare Lessons From the Russia-Ukraine Conflict
• CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine
• Apple Patches 3 Zero-Days Possibly Already Exploited
• Data Siloes: Overcoming the Greatest Challenge in SecOps
• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns
• Keep Your Friends Close and Your Identity Closer
• Google Debuts Quality Ratings for Security Bug Disclosures
• AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap
• Enterprises Rely on Multicloud Security to Protect Cloud Workloads
• KeePass Vulnerability Imperils Master Passwords
• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict
• 10 Types of AI Attacks CISOs Should Track
• Microsoft Azure VMs Hijacked in Cloud Cyberattack
• Embedding Security by Design: A Shared Responsibility
• OX Security Launches OX-GPT, AppSec's First ChatGPT Integration
• Satori Augments Its Data Security Platform With Posture Management and Data Store Discovery Capabilities
• Once Again, Malware Discovered Hidden in npm