Exploit for Critical Windows Defender Bypass Goes Public
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
The 7 Deadly Sins of Security Awareness Training
Stay away from using these tactics when trying to educate employees about risk.
The Persian Gulf's March to the Cloud Presents Global Opportunities
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
Rootkit Turns Kubernetes from Orchestration to Subversion
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Idaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
https://www.darkreading.com/ics-ot-security/idaho-national-nuclear-lab-targeted-in-major-data-breach
3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
https://www.darkreading.com/cyber-risk/3-ways-to-stop-unauthorized-code-from-running-in-your-network
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
Qatar Cyber Agency Runs National Cyber Drills
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
https://www.darkreading.com/cyber-risk/qatar-cyber-agency-runs-national-cyber-drills
Web Shells Gain Sophistication for Stealth, Persistence
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTota...
https://www.darkreading.com/cloud-security/web-shells-gain-sophistication-for-stealth-persistence
Generative AI Takes on SIEM
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
https://www.darkreading.com/cybersecurity-operations/generative-ai-takes-on-siem
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Hack The Box Launches 5th Annual University CTF Competition
Security, Cloud & the SBC
Despite all the current hype surrounding 5G at the moment, it's cloud and security technologies that are fundamentally driving business growth opportunities for communications service providers.
https://www.darkreading.com/cloud-security/security-cloud-the-sbc
Cyber Threats to Watch Out for in 2024
As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training,...
https://www.darkreading.com/edge/cyber-threats-to-watch-out-for-in-2024
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law.
https://www.darkreading.com/risk/cisa-ncsc-offer-roadmap-not-rules-new-secure-ai-guidelines
Ardent Health Hospitals Disrupted After Ransomware Attack
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities.
General Electric, DARPA Hack Claims Raise National Security Concerns
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Gaza Cybergang is using a version of the malware rewritten in the Rust programming language.