Famous Sparrow APT flocks to hotels, government, and businesses.
Views expressed in this cybersecurity, cybercrime, and information security update are those of the reporters and correspondents.
Accessed on 24 September 2021, 1337 UTC.
Content supplied by “Darkreading.com.”
Please scroll down to read your selections.
The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.
The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.
One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.
Researchers claim to have accessed hundreds of thousands of Windows credentials using a bug in the Autodiscover protocol.
The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds.
Though many incidents stemmed from familiar security failures, they served up — or resurfaced — some important takeaways.
Researchers piece together the origins of the group that made headlines this week as the perpetrator behind a ransomware attack on New Cooperative.
A new survey from Forrester and VMware finds more than half of developers still think security gets in the way.
How to Implement a Security Champions Program
A Security Champions program is a great way to enhance security maturity, reduce vulnerabilities, and make security top of mind throughout the business.
NIST Brings Threat Modeling into the Spotlight
NIST recommendations typically become part of government procurement, which means threat modeling will soon be written into questions for organizations that sell to the federal government.
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
Midmarket Security: Think You’re Safe? Think Again
Gone is the false perception that large enterprises, banks, and financial institutions are the only organizations under attack.
Why Security Pros Should Rethink Their Focus on Information Resilience
Resilience is often defined as being able to withstand disruptions and rebound to a previous state. But a system’s ability to return to a prior state doesn’t mean it’s sufficiently resilient.
Ten Hot Talks from Black Hat 2021Sep 29, 2021