darkreading

Law firms make the perfect target for extortion, so it's no wonder that ransomware attackers target them and demand multimillion dollar ransoms.

Researchers say the attacks are easy to perform, difficult to contact, nearly unrecognizable, and "entirely preventable."

The prolific ransomware group has shifted away from phishing as the method of entry into corporate networks, and is now using initial access brokers as well as its own tools to optimize its most recent attacks.

A malvertising campaign uses phishing to steal legitimate account pages, with the endgame of delivering the Lumma stealer.

Significant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US.

DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit.

The process took two years, but this is the first successful settlement obtained under Texas' Capture or Use of Biometric Identifier Act, which forbids the capture of biometric data without users' explicit consent.

Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.

The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30.

Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data.

The security vulnerabilities, CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, could lay open proprietary and sensitive research to data thieves.

If paying a ransom is prohibited, organizations won't do it — eliminating the incentive for cybercriminals. Problem solved, it seems. Or is it?

A network of more than 2,600 Telegram bots has helped exfiltrate one-time passwords and data from devices for more than two years.

The nation-state espionage group known for attacking Pakistan has expanded its reach to targets in Egypt and Sri Lanka.

Clutch Security is the latest cybersecurity startup looking to secure and manage non-human identity.

According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day.

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.