darkreading

One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.

Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.

Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs.

Excessive privileges and visibility gaps create a breeding ground for cyber threats.

The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.

The Cloud Key Management Service is part of Google's new road map for implementing the new NIST-based post-quantum cryptography (PQC) standards.

Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.

High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk.

With Version 3, would-be phishers can cut and paste a big brand's URL into a template and let automation do the rest.

The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.

The startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

While AI-generation services and major camera makers are adopting the specification for digitally signed metadata, creating a workflow around the nascent ecosystem is still a challenge.

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.

Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization.

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.