Unprotected Session Tokens Can Undermine FIDO2 Security
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
https://www.darkreading.com/identity-access-management-security/unprotected-session-tokens-can-undermine-fido2-security
Dark Reading
npub1l8jja0522xuslk4vcu67sgkkac6cmyw66sr8druq4ajxkly967tsgw3gsu@nost.vip
npub1l8jj...3gsu
Dark Reading: Connecting the Information and Security Community
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs
Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.
https://www.darkreading.com/threat-intelligence/fbi-closes-in-scattered-spider-attacks-finance-insurance-orgs
A Cost-Effective Encryption Strategy Starts With Key Management
Key management is more complex than ever. Your choices are: Rely on your cloud provider or manage keys locally; Encrypt only the most critical data; Or encrypt everything.
https://www.darkreading.com/cloud-security/a-cost-effective-encryption-strategy-starts-with-key-management
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape
DNS Tunneling Abuse Expands to Tracking & Scanning Victims
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities and find new ways to compromise organizations.
https://www.darkreading.com/cyberattacks-data-breaches/dns-tunneling-abuse-expands-tracking-scanning-victims
There Is No Cyber Labor Shortage
There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.
https://www.darkreading.com/cybersecurity-operations/there-is-no-cyber-labor-shortage
Heartbleed: When Is It Good to Name a Vulnerability?
Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately.
https://www.darkreading.com/vulnerabilities-threats/heartbleed-when-is-it-good-to-name-a-vulnerability
500 Victims In, Black Basta Reinvents With Novel Vishing Strategy
Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.
https://www.darkreading.com/cyberattacks-data-breaches/500-victims-later-black-basta-reinvents-novel-vishing-strategy
Ukrainian, Latvian TV Hijacked to Broadcast Russian Celebrations
At least 15 television channels were interrupted in Ukraine alone, which, reportedly, is not out of the norm in this "information war."
https://www.darkreading.com/cyberattacks-data-breaches/ukrainian-latvian-tv-hijacked-to-broadcast-russian-celebrations
IntelBroker Nabs Europol Info; Agency Investigating
Europe's cross-border law enforcement agency says the well-known hacking outfit, contrary to claims, did not access operational data.
https://www.darkreading.com/cyberattacks-data-breaches/intelbroker-nabs-europol-info-agency-investigating
Why Tokens Are Like Gold for Opportunistic Threat Actors
When setting authentication token expiry policies, always lean in to security over employee convenience.
https://www.darkreading.com/cyberattacks-data-breaches/why-tokens-are-like-gold-for-opportunistic-threat-actors
Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem
Researchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.
https://www.darkreading.com/ics-ot-security/millions-of-iot-devices-at-risk-from-flaws-in-integrated-cellular-modem
CISO as a CTO: When and Why It Makes Sense
Enterprises are increasingly recognizing that the CISO's skills and experience building risk-based cyber programs translate well to other C-suite positions.
https://www.darkreading.com/cybersecurity-careers/ciso-as-a-cto-when-and-why-it-makes-sense
Reality Defender Wins RSAC Innovation Sandbox Competition
In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender stood out for its tool for detecting and labeling deepfakes and other artificial content.
https://www.darkreading.com/cyber-risk/reality-defender-wins-rsac-innovation-sandbox
Is CISA's Secure by Design Pledge Toothless?
CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.
https://www.darkreading.com/cybersecurity-operations/rsa-2024-cisa-secure-design-pledge-necessary-toothless
Ascension Healthcare Suffers Major Cyberattack
The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.
https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack
Dark Reading 'Drops' Its First Podcast
Our brand-new podcast, Dark Reading Confidential, has officially launched. You don't want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who ...
https://www.darkreading.com/cyber-risk/dark-reading-drops-its-first-podcast
Dark Reading Confidential: The CISO and the SEC
Episode 1 of Dark Reading Confidential brings Frederick “Flee” Lee, CISO of Reddit, Beth Burgin Waller, a practicing cyber attorney who represents many CISOs, and Ben Lee, Chief Legal Officer of Reddi...
https://www.darkreading.com/cyber-risk/dark-reading-confidential-the-ciso-and-the-sec
You've Been Breached: What Now?
Breaches are inevitable. Here are four steps to recovery and future-proofing your business.
https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now
Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes
Kevin Mandia, CEO of Mandiant at Google Cloud, calls for content "watermarks" as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic.
https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes