- Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.
- OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.
- Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
- The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
- The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.
- Transitive dependencies can complicate the process of developing software bills of materials.
- With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.
- Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
- It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
- A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?
- The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
- The "Missing Cryptoqueen" makes the American Top Ten… but not in a good way.
- Latest episode – listen and read now! Use our advice to advise your own friends and family… let's all do our bit to stand up to scammers!
- Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
- The crooks needed at least two private keys, each stored in two parts… but they got them anyway.
- It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
- Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
- Latest epsiode – listen (or read) now!
- It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
- Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples…