The Trifecta of Consumer Data Privacy: Education, Advocacy & Accountability
It's time to build a culture of privacy, one that businesses uphold.
What CISOs Should Exclude From SEC Cybersecurity Filings
Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?
https://www.darkreading.com/edge/what-cisos-should-exclude-from-sec-cybersecurity-filings
D-Link Confirms Breach, Rebuts Hacker's Claims About Scope
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.
https://www.darkreading.com/attacks-breaches/d-link-confirms-breach-rebuts-hackers-claims-scope
FBI: Hackers Are Extorting Plastic Surgery Providers, Patients
The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.
OCP Launches SAFE to Standardize Firmware Audits
Under the Security Appraisal Framework and Enablement (SAFE) program, device manufacturers would be able to work with approved auditors to verify firmware.
https://www.darkreading.com/edge/ocp-launches-safe-to-standardize-firmware-audits
The Most Popular IT Admin Password Is Totally Depressing
Analysis of more than 1.8 million admin portals reveals IT leaders, with the highest privileges, are just as lazy about passwords as everyone else.
Critical Citrix Bug Exploited as a Zero-Day, 'Patching Is Not Enough'
The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.
EPA Turns Off Taps on Water Utility Cyber Regulations
Facing a potential cascade of legal challenges from industry groups and state attorneys general, the EPA has rescinded its cyber-rules. But where does that leave local water safety?
https://www.darkreading.com/ics-ot/epa-water-utility-cyber-regulations
North Korea's Kimsuky Doubles Down on Remote Desktop Control
The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems
The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.
The Need for a Cybersecurity-Centric Business Culture
Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.
https://www.darkreading.com/operations/the-need-for-a-cybersecurity-centric-business-culture
Israeli Cybersecurity Startups: Impact of a Growing Conflict
For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications.
https://www.darkreading.com/dr-global/israeli-cybersecurity-startups-impact-of-a-growing-conflict-
Data Security and Collaboration in the Modern Enterprise
The CISO Survival Guide explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.
https://www.darkreading.com/tech-trends/data-security-collaboration-in-modern-enterprise
Jupyter Notebook Ripe for Cloud Credential Theft, Researchers Warn
If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.
https://www.darkreading.com/cloud/jupyter-notebook-cloud-credential-theft
Amazon Quietly Wades Into the Passkey Waters
The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.
https://www.darkreading.com/cloud/amazon-quietly-wades-into-passkey-waters
Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
https://www.darkreading.com/threat-intelligence/chatbot-roadmap-how-to-conduct-a-bio-weapons-attack
UAE, US Partner to Bolster Financial Services Cybersecurity
The two countries agree to share financial services information and provide cross-border training and best practices.
https://www.darkreading.com/dr-global/uae-and-us-partner-to-bolster-financial-services-security
Zero-Day Alert: Ten Thousand Cisco IOS XE Systems Now Compromised
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The v...
‘Etherhiding’ Blockchain Technique Hides Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.
https://www.darkreading.com/threat-intelligence/watch-out-attackers-hiding-malware-browser-updates