Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
DoD Gets Closer to Nominating Cyber Policy Chief
Though there is speculation regarding potential candidates, the Department of Defense will likely not nominate someone in the near term.
https://www.darkreading.com/operations/dod-closer-nominating-cyber-policy-chief
SIM Card Ownership Slashed in Burkina Faso
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
https://www.darkreading.com/dr-global/sim-card-ownership-slashed-in-burkina-faso
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
What are Your Exception Expectations?
Cybersecurity exceptions are a fact of life in most organizations, but there's work that should be done to make sure those exceptions are justified and worth the risk.
https://www.darkreading.com/google-cloud-security/what-are-your-exception-expectations
Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid
To make cybersecurity an organizationwide priority, CISOs must avoid these common input, empathy, and alignment obstacles.
SailPoint Unveils Annual 'Horizons of Identity Security' Report
https://www.darkreading.com/endpoint/sailpoint-unveils-annual-horizons-of-identity-security-report
Fingerprint Raises $33M in Series C Funding to Accelerate Enterprise Device Intelligence and Fraud Prevention Adoption
Spec Secures $15M Series A Funding, Accelerating Innovation in Fraud Defense
Norton Boosts Security and Privacy With Enhanced Password Manager and AntiTrack
AI 'Will Have a Significant Impact on Energy Industry,' EPRI Tells Congress
23AndMe Hacker Leaks New Tranche of Stolen Data
Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.
https://www.darkreading.com/attacks-breaches/23andme-hacker-leaks-new-tranche-of-stolen-data-
North Korean State Actors Attack Critical Bug in TeamCity Server
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.
Europol Strike Wounds Ragnar Locker Ransomware Group
Several countries in Europe as well as the United States and Japan were involved in the operation, which is aimed at defanging one of the bigger names in ransomware.
https://www.darkreading.com/threat-intelligence/europol-strike-ragnar-locker-ransomware
Tips for a Successful SecOps Gameplan
Dark Reading's special report on SecOps data analytics looks at the elements needed to set up a proper data foundation. Getting the data right when collecting, aggregating, and analyzing it is essenti...
https://www.darkreading.com/edge/tips-for-a-successful-secops-gameplan
AI-Powered Israeli 'Cyber Dome' Defense Operation Comes to Life
The Israelis are building a cyber defense system that will use ChatGPT-like generative AI platforms to parse threat intelligence.
https://www.darkreading.com/dr-global/ai-powered-israeli-cyber-dome-defense-operation-comes-to-life
Q&A: The Outlook for Israeli Cyber Startups, As War Clouds Gather
Amid the burgeoning war, Israel's tech sector is focused on resilience. Ofer Schreiber, senior director at YL Ventures, weighs in on the conflict, funding for cybersecurity startups, overblown valuati...
https://www.darkreading.com/dr-global/outlook-israeli-cyber-startups-war-clouds-gather
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyberespionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
https://www.darkreading.com/attacks-breaches/patch-now-apts-pummel-winrar-bug
Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
https://www.darkreading.com/dr-global/iran-linked-muddywater-spies-middle-east-govt-eight-months
Open-Source Security Agents Promise Greater Simplicity, Flexibility
Endpoint management based on open-source agents, such as osquery, could simplify IT management and security, while giving larger firms more customization options.