Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

Recurring Windows Flaw Could Expose User Credentials

Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.

DARKReading
#vulnerability#web#windows#microsoft#git#auth#zero_day
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking

A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.

French ISP Confirms Cyberattack, Data Breach Affecting 19M

In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.

FBI, Partners Disrupt RedLine, Meta Stealer Operations

A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.

How to Find the Right CISO

Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you've made the right pick.

Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform

Sophos CEO Joe Levy says the $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core.

Windows 'Downdate' Attack Reverts Patched PCs to a Vulnerable State

Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.

China's Elite Cyber Corps Hone Skills on Virtual Battlefields

The nation leads in the number of capture-the-flag tournaments sponsored by government and industry — a strategy from which Western nations could learn.

Delta Launches $500M Lawsuit Against CrowdStrike

Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than $10 million.

Russia Kneecaps Ukraine Army Recruitment With Spoofed 'Civil Defense' App

Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.