darkreading

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.

Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

Hackers are constantly evolving, and so too should our security protocols.

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

The software supply chain is a growing target, and organizations need to take special care to safeguard it.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.