Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

Easing the Cyber-Skills Crisis With Staff Augmentation

Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.

DARKReading
#git#auth
China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload

The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access.

Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip

Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.

5 Russia-Linked Groups Target Ukraine in Cyberwar

Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks.

Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out

How critical is that vulnerability? University researchers are improving predictions of which software flaws will end up with an exploit, a boon for prioritizing patches and estimating risk.

Summertime Blues: TA558 Ramps Up Attacks on Hospitality, Travel Sectors

The cybercriminal crew has used 15 malware families to target travel and hospitality companies globally, constantly changing tactics over the course of its four-year history.

How to Upskill Tech Staff to Meet Cybersecurity Needs

Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff.

Google Cloud Adds Curated Detection to Chronicle

The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.

Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.