On Data Privacy Day, Organizations Fail Data Privacy Expectations
Data Privacy Day rolls around year after year, and data privacy breaches likewise. Two-thirds of data breaches result in data exposure….
Dark Reading
Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ
The US Department of Justice hacked into Hive’s infrastructure, made off with hundreds of decryptors, and seized the gang’s operations….
Log4j Vulnerabilities Are Here to Stay — Are You Prepared?
Don’t make perfect the enemy of good in vulnerability management. Context is key — prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset….
Microsoft to Block Excel Add-ins to Stop Office Exploits
The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code….
Hunting Insider Threats on the Dark Web
Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats. …
Ransomware Profits Decline as Victims Dig In, Refuse to Pay
Two new reports show ransomware revenues for threat actors dropped sharply in 2022 as more victims ignored ransom demands….
T-Mobile Breached Again, This Time Exposing 37M Customers’ Data
This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported….
The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT
Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure. …
New Research From EMA Reveals How Organizations Are Struggling to Develop Secure Software Applications
Research shows that over 50% of organizations performing software development
struggle with fully integrating security into their software development
lifecycle….
Okta Expands No-Code Offerings for Identity Cloud
With Actions Integrations, Okta is expanding its no-code offerings to help administrators manage and customize their identity workflow….
The Dangers of Default Cloud Configurations
Default settings can leave blind spots but avoiding this issue can be done. …
Malware Comes Standard With This Android TV Box on Amazon
The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted….
Norton LifeLock Warns on Password Manager Account Compromises
Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse….
Why Mean Time to Repair Is Not Always A Useful Security Metric
Analyzing and learning from incidents is the ideal path to finding more insightful data and metrics, according to the VOID report….
New Survey Sheds Light on Why Enterprises Struggle to Thwart API Attacks
Corsha’s Annual State of API Secrets Management Report finds over 50% of respondents suffered a data breach due to compromised API secrets….
Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security
Hacking to kill: Dark Reading’s Fahmida Y. Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump….