CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack

Cyberattackers are targeting Apache webservers and websites using the popular Laravel Web application framework in order to steal credentials for the apps.

https://www.darkreading.com/cloud-security/cisa-aws-microsoft-365-accounts-androxgh0st-attack

Q&A: How One Company Gauges Its Employees' Cybersecurity 'Fluency'

Cybersecurity compliance training is commonplace, but one Jordan-based company has taken an extra step in testing.

https://www.darkreading.com/cybersecurity-analytics/q-a-how-one-company-gauges-its-employees-cybersecurity-fluency

Nearly 7K WordPress Sites Compromised by Balada Injector

Nearly 200K WordPress sites could be vulnerable to the attack thanks to CVE-2023-6000, lurking in the PopUp Builder plug-in.

https://www.darkreading.com/application-security/7k-wordpress-sites-compromised-balada-injector

Sophisticated MacOS Infostealers Get Past Apple's Built-In Detection

Emerging malware variants can evade various static-signature detection engines, including XProtect, as attackers rapidly evolve to challenge defense systems.

https://www.darkreading.com/endpoint-security/sophisticated-macos-infostealers-apple-built-in-detection

Strength in Numbers: The Case for Whole-of-State Cybersecurity

WoS cybersecurity creates a united front for governments to defend against threat actors, harden security postures, and protect constituents who depend on services.

https://www.darkreading.com/cyberattacks-data-breaches/strength-in-numbers-the-case-for-whole-of-state-cybersecurity

Snyk Acquires Helios for Runtime Visibility

Developer-security company Snyk acquired Helois, a startup specializing in capturing security-relevant data from live applications.

https://www.darkreading.com/application-security/snyk-acquires-helios-for-runtime-visibility

Effective Incident Response Relies on Internal and External Partnerships

Dark Reading Research finds increased collaboration between security incident responders and groups within the HR, legal, and communications functions.

https://www.darkreading.com/cybersecurity-operations/effective-incident-response-relies-on-internal-and-external-partnerships

Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk

https://www.darkreading.com/cybersecurity-operations/savvy-launches-identity-first-security-offering-to-combat-toxic-combinations-driving-saas-risk

Accenture and SandboxAQ Collaborate to Help Organizations Protect Data

https://www.darkreading.com/application-security/accenture-and-sandboxaq-collaborate-to-help-organizations-protect-data

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.

https://www.darkreading.com/cloud-security/ivanti-zero-day-exploits-skyrocket-no-patches

Bosch Smart Thermostat Feels the Heat From Firmware Bug

The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user's network, or brick the device entirely, rendering HVAC unusable.

https://www.darkreading.com/ics-ot-security/bosch-smart-thermostat-firmware-bug

Africa, Middle East Lead Peers in Cybersecurity, But Lag Globally

Both regions score above average compared to similar sized economies, but investing in updated technologies and patching processes would help cyber resilience globally.

https://www.darkreading.com/application-security/africa-middle-east-lead-peers-cybersecurity-lag-globally

Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE

Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.

https://www.darkreading.com/application-security/patch-max-critical-atlassian-bug-unauthenticated-rce

UAE Cyber Security Council, Khalifa University Launch Abu Dhabi Academy

The university will also join the Emirates' National Cybersecurity Center of Excellence.

https://www.darkreading.com/cybersecurity-operations/uae-cyber-security-council-khalifa-university-launch-academy

178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks

Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.

https://www.darkreading.com/vulnerabilities-threats/78k-sonicwall-firewalls-vulnerable-dos-rce-attacks

Anti-Ransomware Coalition Bound to Fail Without Key Adjustments

International pledge to reject ransomware demands misses the most important way to combat cybercrime: prevention.

https://www.darkreading.com/vulnerabilities-threats/anti-ransomware-coalition-bound-fail-without-key-adjustments

Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security

Companies that quickly shifted to cloud-native operations are looking for greater visibility and protection — and AI benefits — while an uncertain economic future has VCs looking toward safety.

https://www.darkreading.com/cloud-security/zero-trust-ai-and-capital-markets-drive-consolidation-in-cloud-security

As Enterprise Cloud Grows, So Do Challenges

Parenting teaches many lessons, including that difficulties get more complicated as you grow. Here's what to look for in a partner to share the "big-kid problems" of distributed cloud.

https://www.darkreading.com/cloud-security/as-enterprise-cloud-grows-so-do-challenges

Name That Toon: Cast Adrift

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/ics-ot-security/name-that-toon-cast-adrift

Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors

https://www.darkreading.com/application-security/former-secretary-of-state-mike-pompeo-joins-cyabra-board-of-directors