informa
/
Announcements
Event
Using Zero Trust to Protect Remote and Home Workers | Oct 6 Webinar | <REGISTER NOW>
Event
Managing Security In a Hybrid Cloud Environment | Sept 27 Webinar | <REGISTER NOW>
Event
Understanding Cyber Attackers - A Dark Reading November 17 Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext

Vulnerabilities/Threats

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.
September 30, 2022
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.
by Jai Vijayan, Contributing Writer, Dark Reading
September 30, 2022
6 MIN READ
Article
Cybercriminals See Allure in BEC Attacks Over Ransomware
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
September 30, 2022
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
by Robert Lemos, Contributing Writer, Dark Reading
September 30, 2022
4 MIN READ
Article
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
September 30, 2022
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
by Tara Seals, Managing Editor, News, Dark Reading
September 30, 2022
3 MIN READ
Article
SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates
The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
September 30, 2022
The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
by Nathan Eddy, Contributing Writer, Dark Reading
September 30, 2022
2 MIN READ
Article
With the Software Supply Chain, You Can't Secure What You Don't Measure
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.
September 30, 2022
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.
by Tomislav Pericin, Chief Software Architect & Co-Founder, ReversingLabs
September 30, 2022
4 MIN READ
Article
Onyxia Raises $5M to Help Companies Proactively Manage Cybersecurity Risks Using AI
Onyxia, an AI-powered cybersecurity strategy and performance platform providing a centralized way for security teams to monitor and manage cybersecurity efforts in real time, has raised $5 million in seed fundraising led by World Trade Ventures with participation by Silvertech Ventures and angel investors.
September 30, 2022
Onyxia, an AI-powered cybersecurity strategy and performance platform providing a centralized way for security teams to monitor and manage cybersecurity efforts in real time, has raised $5 million in seed fundraising led by World Trade Ventures with participation by Silvertech Ventures and angel investors.
September 30, 2022
2 MIN READ
Article
Aunalytics Launches Security Patching Platform as a Service
Expedited software patching and updating recognized as one of the most important processes to protect against system compromise from cyberattacks.
September 29, 2022
Expedited software patching and updating recognized as one of the most important processes to protect against system compromise from cyberattacks.
September 29, 2022
3 MIN READ
Article
Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training
Companies collaborate to strengthen organizations' first line of security defense – end users.
September 29, 2022
Companies collaborate to strengthen organizations' first line of security defense – end users.
September 29, 2022
3 MIN READ
Article
Why the US Should Help Secure Mexican Infrastructure — and What It Gets in Return
Call it cross-border enlightened self-interest: As one of the US's premier trade partners and closest neighbors, what's bad for Mexico is bad for the US.
September 29, 2022
Call it cross-border enlightened self-interest: As one of the US's premier trade partners and closest neighbors, what's bad for Mexico is bad for the US.
by Daron Hartvigsen, Managing Director, StoneTurn
September 29, 2022
3 MIN READ
Article
Dangerous New Attack Technique Compromising VMware ESXi Hypervisors
China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.
September 29, 2022
China-based threat actor used poisoned vSphere Installation Bundles to deliver multiple backdoors on systems, security vendor says.
by Jai Vijayan, Contributing Writer, Dark Reading
September 29, 2022
5 MIN READ
Article
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange
APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.
September 29, 2022
APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.
by Elizabeth Montalbano, Contributor, Dark Reading
September 29, 2022
4 MIN READ
Article
XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data
Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.
September 29, 2022
Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.
by Becky Bracken, Editor, Dark Reading
September 29, 2022
1 MIN READ
Article
Google Quashes 5 High-Severity Bugs With Chrome 106 Update
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
September 28, 2022
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
by Dark Reading Staff, Dark Reading
September 28, 2022
1 MIN READ
Article
Sophisticated Covert Cyberattack Campaign Targets Military Contractors
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.
September 28, 2022
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.
by Jai Vijayan, Contributing Writer, Dark Reading
September 28, 2022
4 MIN READ
Article
Container Supply Chain Attacks Cash In on Cryptojacking
Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.
September 28, 2022
Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.
by Ericka Chickowski, Contributing Writer, Dark Reading
September 28, 2022
4 MIN READ
Article