Adobe Acrobat Reader Vuln Now Under Attack
CISA flags use-after-free bug now being exploited in the wild.
https://www.darkreading.com/vulnerabilities-threats/adobe-acrobat-reader-vuln-under-attack
Gaza Conflict: How Israeli Cybersecurity Will Respond
The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the ...
https://www.darkreading.com/dr-global/gaza-conflict-how-israeli-cybersecurity-will-respond
Magecart Campaign Hijacks 404 Pages to Steal Data
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.
https://www.darkreading.com/cloud/magecart-campaign-hijacks-404-pages-steal-data
Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
https://www.darkreading.com/attacks-breaches/addressing-breach-getting-everyone-on-the-same-page
Securely Moving Financial Services to the Cloud
Financial services organizations migrating applications to the cloud need to think about cloud governance, applying appropriate policies and oversight, and compliance and regulatory requirements.
https://www.darkreading.com/google-cloud-security/securely-moving-financial-services-to-the-cloud
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
https://www.darkreading.com/endpoint/data-thieves-unique-certificate-abuse
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
https://www.darkreading.com/risk/reassessing-the-impacts-of-risk-management-in-2024-with-nist-2-0
Protect AI Releases 3 AI/ML Security Tools as Open Source
The company released NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, on GitHub.
https://www.darkreading.com/dr-tech/protect-ai-releases-3-ai-ml-security-tools-as-open-source
A Frontline Report of Chinese Threat Actor Tactics and Techniques
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
New One-Click Exploit Is a Supply Chain Risk for Linux OSes
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.
Badbox Operation Targets Android Devices in Fraud Schemes
Researchers believe that more than 70,000 Android devices may have been affected.
Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict
DDoS for hire and live attacks hit both sides as cyber campaigns continue.
https://www.darkreading.com/dr-global/hackers-for-hire-hit-both-sides-in-israel-hamas-conflict
How Keyloggers Have Evolved From the Cold War to Today
Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns...
https://www.darkreading.com/threat-intelligence/north-korea-state-sponsored-apt-organize-align
Old-School Attacks Are Still a Danger, Despite Newer Techniques
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.
Hacktivists Enter Fray Following Hamas Strikes Against Israel
Killnet, Anonymous Sudan, along with other groups, pick up up their Middle East activities as war breaks out.
https://www.darkreading.com/dr-global/hacktivists-enter-fray-following-hamas-strikes-against-israel
'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits
Following the publication of the critical Linux security vulnerability, security specialists released PoC exploits to test the implications of CVE-2023-4911.
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet
Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.
https://www.darkreading.com/cloud/patch-now-massive-rce-campaign-d-link-zyxel-botnet