Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.
Follow Dark Reading:
 July 21, 2022
LATEST SECURITY NEWS & COMMENTARY
How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub
Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.
'AIG' Threat Group Launches With Unique Business Model
The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.
Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With Disruption
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine
Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.
Is Cryptocurrency's Crash Causing Headaches for Ransomware Gangs?
Bitcoin is down more than 70% from its highs late last year, causing disruptions for cybercriminals and the underground exchanges that fuel the dark markets.
Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists
The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a "reckless and disruptive" approach to hacking.
DHS Review Board Deems Log4j an 'Endemic' Cyber Threat
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.
How Hackers Create Fake Personas for Social Engineering
And some ways to up your game for identifying fabricated online profiles of people who don't exist.
Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.
3 Golden Rules of Modern Third-Party Risk Management
It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.
Name That Toon: Modern-Day Fable
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Protecting Against Kubernetes-Borne Ransomware
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Post-Breakup, Conti Ransomware Members Remain Dangerous
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.

Building Guardrails for Autonomic Security
AI's potential for automating security has promise, but there are miles to go in establishing decision-making boundaries.

How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.

MORE
EDITORS' CHOICE
Trojanized Password Crackers Targeting Industrial Systems
Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.
LATEST FROM THE EDGE

Watch Out for User Impersonation in Low-Code/No-Code Apps
How a well-meaning employee could unwittingly share their identity with other users, causing a whole range of problems across IT, security, and the business.
LATEST FROM DR TECHNOLOGY

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code
Hidden Risk of Low-Code/No-Code Low-code/no-code platforms allow users to embed their existing user identities within an application, increasing the risk of credentials leakage.
WEBINARS
  • Ransomware Resilience and Response: The Next Generation

    When ransomware locks up your business's critical data and essential gear, there is no time to figure out what to do. There is only time to act - without panicking. That's why a good ransomware response playbook is essential: Do ...

  • Assessing Cyber Risk

    Top executives often ask, "how safe are we from a cyber breach?" But it can be difficult to quantitatively measure cyber risk, and even harder to assess your organization's attack surface. In this webinar, you'll learn how to evaluate your ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration
Data-Centric Security Market Worth $12.3B by 2027 - Exclusive Report by MarketsandMarkets™
Mutare Voice Network Threat Survey Shows Nearly Half of Organizations Experienced Vishing or Social Engineering Attacks in Past Year
Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees
Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map
GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Implementing Zero Trust In Your Enterprise: How to Get Started
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us