Author: Tara Seals, Managing Editor, News, Dark Reading

Dark Reading’s digest of the other don’t-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

Read more →

It didn’t have to be this way: So far 2022’s tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.

Read more →

The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.

Read more →

The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.

Read more →

Malicious invoices coming from the accounting software’s legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.

Read more →

A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.

Read more →

After bragging in underground forums, the woman who stole 100 million credit applications from Capital One has been found guilty.

Read more →

A novel timing attack allows remote attackers with low privileges to infer sensitive information by observing power-throttling changes in the CPU.

Read more →

Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.

Read more →

A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.

Read more →

An unpatched remote code execution (RCE) vulnerability in all versions of the popular Confluence collaboration platform can be abused in credential harvesting, cyber espionage, and network backdoor attacks.

Read more →

The cloud instances were left open to the public Internet with no authentication, allowing attackers to wipe the data.

Read more →

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

Read more →

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable — but the new Yashma version finally generates binaries that can encrypt files of all sizes.

Read more →

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Read more →

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

Read more →

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

Read more →

A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Read more →

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel’s gear.

Read more →