darkreading

The White House Office of the National Cyber Director released a plan outlining steps network operators and service providers need to take to secure BGP from abuse and configuration errors.

Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.

The ElectionGuard project allows anyone — voters, campaign staffers, and election officials — to cryptographically verify ballots, a promise that may bolster faith in election integrity.

Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.

A proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers, and allows CISOs to tell a complex story in a single visualization.

In recent years, the platform has become a go-to tool for executing almost all conceivable cybercriminal activity.

This bill requires Web browsers to have an easy-to-find (and use) setting for consumers to send an opt-out preference signal by default to every site and app they interact with.

Microsoft warned that the DPRK's latest innovative tack chains together previously unknown browser issues, then adds a rootkit to the mix to gain deep system access and steal crypto.

The Ohio city filed for a restraining order, claiming the researcher was working in tandem with the ransomware attackers.

The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.

The energy kahuna said that operations were disrupted after an attack on its supporting business applications.

Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.

Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better.

Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year.

Cisco's deal to acquire Robust Intelligence will make it possible to use red-team algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform.

Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.

The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.

The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission-critical software. Cybersecurity is now part of the evaluation.