Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
Danish Energy Attacks Portend Targeting More Critical Infrastructure
Targeted attacks against two dozen related companies is just the latest evidence that hackers want a piece of energy.
HARmor Cleans, Sanitizes, Encrypts HAR Files
Okta's breach highlighted the importance of sanitizing the data logged in HAR files before sharing them.
https://www.darkreading.com/dr-tech/harmor-cleans-sanitizes-encrypts-har-files
Google Goes After Scammers Abusing Its Bard AI Chatbot
A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.
https://www.darkreading.com/attacks-breaches/google-scammers-abusing-bard-ai-chatbot
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice
While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.
21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.
Make Changes to be Ready for the New SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud’s Jill C. Tyson and Dark Reading's Terry Sweeney on how companies can better plan and prepare for the Security and Exchange Commission’s new cybersecurity disclosure rule.
https://www.darkreading.com/edge/make-changes-ready-sec-cybersecurity-disclosure-rule
Royal Ransom Demands Exceed $275M, Rebrand in Offing
The swift-moving ransomware crew continues to evolve quickly and has already attacked more than 350 victims since it was first detected just over a year ago.
https://www.darkreading.com/threat-intelligence/royal-ransom-demands-exceed-275m-rebrand
Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East
The so-called TA402 group continues to focus on cyber espionage against government agencies.
Steps CISOs Should Take Before, During & After a Cyberattack
By creating a plan of action, organizations can better respond to attacks.
https://www.darkreading.com/attacks-breaches/steps-cisos-should-take-before-during-after-cyberattack
'Hunters International' Cyberattackers Take Over Hive Ransomware
Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.
https://www.darkreading.com/attacks-breaches/hunters-international-cyberattackers-hive-ransomware
Australian Ports Resume Operation After Crippling Cyber Disruption
Details of a major cyberattack against Australia's shipping industry remain few and far between, but the economic impact is clear.
Ducktail Malware Targets the Fashion Industry
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
https://www.darkreading.com/threat-intelligence/ducktail-malware-targets-fashion-industry
Q&A: Generative AI Comes to the Middle East, Driving Security Changes
The influx of generative AI could cause security leaders to learn new skills and defensive tactics.
https://www.darkreading.com/dr-global/q-a-generative-ai-middle-east-security
A Closer Look at State and Local Government Cybersecurity Priorities
Complexity impedes the universal and consistent application of security policy, which is an obstacle to adequately securing government environments.
Azerbaijan Agencies Sign Cyber-Partner Deals
The country has signed fresh deals to boost cyber intelligence and preparedness capabilities.
https://www.darkreading.com/dr-global/azerbaijan-agencies-cyber-partner-deals
SEC Suit Ushers in New Era of Cyber Enforcement
A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.
https://www.darkreading.com/risk/sec-suit-ushers-in-new-era-of-cyber-enforcement
Security Is a Process, Not a Tool
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
https://www.darkreading.com/risk/security-is-a-process-not-a-tool
SaaS Vendor Risk Assessment in 3 Steps
SaaS applications are the new supply chain and, practically speaking, SaaS is the modern vendor. Here are three straightforward steps to manage this new vendor risk.
https://www.darkreading.com/risk/saas-vendor-risk-assessment-in-3-steps
Intel Faces 'Downfall' Bug Lawsuit, Seeking $10K per Plaintiff
A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.