Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores
There's a new way for hackers to abuse the cloud, this time with data analysts and scientists in the crosshairs.
https://www.darkreading.com/cloud-security/google-cloud-dataproc-abuse-risk-corporate-data-stores
Libyan Government Trains Personnel in Electoral Cyber Threats
The UN is helping Ministry of Interior staff implement cybersecurity best practices, as talks continue about scheduling a parliamentary election in the coming months.
Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover
Attackers can inject and execute arbitrary PHP code using a flaw in Backup Migration, which has been downloaded more than 90K times.
Data's Perilous Journey & Lessons Not Learned From the Target Breach
A decade after Target suffered a major security breach, are we still disregarding the gaping holes in our cyber fortifications?
Ex-Uber CISO Advocates 'Personal Incident Response Plan' for Security Execs
Why Joe Sullivan feels paying off attackers was a way of solving the problem.
Fortress Information Security & CodeSecure Team Up to Analyze SBOMs & Remediate Critical Vulnerabilities
Partnership expands comprehensive approach to software supply chain security.
Cybercrime Orgs Increasingly Use Human Trafficking to Staff Scam Mills
Interpol breaks up Southeast Asian cybercrime rings, rescuing 149 victims of human trafficking, but the agency warns the human cost of cybercrime is mounting across the globe.
Convincing LinkedIn 'Profiles' Target Saudi Workers for Information Leakage
Social engineering attacks in the Kingdom collect information on professionals — and offer fake profiles for sale.
Ghana Official to Head Africa's New Cybersecurity Authority
ANCA comprises 17 members, representing less than half of the countries in Africa.
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs
Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups.
Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in 'D'
The infamous vulnerability may be on the older side at this point, but North Korea's primo APT Lazarus is creating new, unique malware around it at a remarkable clip.
https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
Responsibly Implementing AI, the Unstoppable Force
Balancing the good and bad of AI/ML means being able to control what data you're feeding into AI systems and solving the privacy issues to securely enable generative AI.
https://www.darkreading.com/vulnerabilities-threats/responsibly-implementing-ai-unstoppable-force
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches
Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption.
https://www.darkreading.com/cyberattacks-data-breaches/apple-25b-records-exposed-surge-data-breaches
Making Cyber Insurance Available for Small Biz, Contractors
Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks.
https://www.darkreading.com/cyber-risk/making-cyber-insurance-available-for-small-biz-contractors
Increased Cyber Regulation in the Offing As Attacks Mount
Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.
https://www.darkreading.com/ics-ot-security/larger-attacks-could-lead-to-increased-cyber-regulation
Municipalities Face a Constant Battle as Ransomware Snowballs
As record-breaking volumes of ransomware hit cities, towns, and counties this year, municipalities remain easy targets that pay, and there's no end of the attacks in sight.
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.
Kenyan Digital Identity System Shelved Over Data Protection Concerns
Privacy concerns see the proposed digital identity system paused until February.