Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers – Dark Reading
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware. – Read More
Dark Reading
Tricky CAPTCHA Caught Dropping Lumma Stealer Malware – Dark Reading
The persistent infostealer’s latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find. – Read More
What Today’s SOC Teams Can Learn From Baseball – Dark Reading
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect. – Read More
Name That Toon: The Big Jump – Dark Reading
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. – Read More
Russia-Linked Hackers Attack Japan’s Govt, Ports – Dark Reading
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget. – Read More
Unmanaged Cloud Credentials Pose Risk to Half of Orgs – Dark Reading
These types of “long-lived” credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say. – Read More
Cisco Disables DevHub Access After Security Breach – Dark Reading
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers. – Read More
Internet Archive Gets Pummeled in Round 2 Breach – Dark Reading
This latest breach was through Zendesk, a customer service platform that the organization uses. – Read More
Anti-Bot Services Help Cybercrooks Bypass Google ‘Red Page’ – Dark Reading
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.…
Why I’m Excited About the Future of Application Security – Dark Reading
The future of application security is no longer about reacting to the inevitable — it’s about anticipating and preventing attacks before they can cause damage. – Read More
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks – Dark Reading
The “Code-on-Toast” supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads. – Read More
EU Adopts Cyber Resilience Act to Regulate Internet of Things – Dark Reading
The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety. – Read More
MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data – Dark Reading
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well. – Read More
Time to Get Strict With DMARC – Dark Reading
Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.…
CISOs: Throwing Cash at Tools Isn’t Helping Detect Breaches – Dark Reading
A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches. –…