Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

Ransomware Professionalization Grows as RaaS Takes Hold

As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.

DARKReading
#web
Malware Authors Inadvertently Take Down Own Botnet

A single improperly formatted command has effectively killed KmsdBot botnet, security vendor says.

Concern Over DDoS Attacks Falls Despite Rise in Incidents

Almost a third of respondents in Fastly's Fight Fire with Fire survey view data breaches and data loss as the biggest cybersecurity threat.

SiriusXM, MyHyundai Car Apps Showcase Next-Gen Car Hacking

A trio of security bugs allow remote attackers to unlock or start the car, operate climate controls, pop the trunk, and more — all via poorly coded mobile apps.

Newsroom Sues NSO Group for Pegasus Spyware Compromise

Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.

Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech

Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.

SOC Turns to Homegrown Machine Learning to Catch Cyber-Intruders

A do-it-yourself machine-learning system helped a French bank detect three types of exfiltration attacks missed by current rules-based systems, attendees will learn at Black Hat Europe.

A Risky Business: Choosing the Right Methodology

Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances.

AWS Unveils Amazon Security Lake at re:Invent 2022

Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.

LastPass Discloses Second Breach in Three Months

The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.