Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years
Even the most careful VMware customers may need to go back and double check that they weren't compromised by a zero-day exploit for CVE-2023-34048.
https://www.darkreading.com/endpoint-security/chinese-spies-exploited-critical-vmware-bug-2-years
Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack
Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.
German IT Consultant Fined Thousands for Reporting Security Failing
The company, Modern Solutions, had misconfigured a cloud database, but argues the contractor could only have found the password through insider knowledge.
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros
Based on fresh infection routines the APT is testing, it's looking to harvest threat intelligence in order to improve operational security and stealth.
Israel, Czech Republic Reinforce Cyber Partnership Amid Hamas War
The agreement to enable future sharing of information and experience is part of a spate of inter-country threat intelligence agreements that Israel is signing, as war-related attacks ramp up.
Battling Misinformation During Election Season
Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools.
https://www.darkreading.com/vulnerabilities-threats/battling-misinformation-during-election-season
Survey Shows a Surge in (Artificial) Intelligence
A new Omdia survey shows a rapid increase in generative AI adoption for security
https://www.darkreading.com/cybersecurity-operations/survey-shows-surge-in-artificial-intelligence
Top 3 Priorities for CISOs in 2024
A changing regulatory and enforcement environment means the smart CISO might need to shift how they work this year.
https://www.darkreading.com/cybersecurity-operations/top-3-priorities-for-cisos-in-2024
Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks
Attackers have increasingly leveraged the widely used remote access tool, installed on hundreds of millions of endpoints, to break into victim environments.
https://www.darkreading.com/endpoint-security/ransomware-actor-teamviewer-initial-access-networks
Massive Data Breach at VF Hits 35M Vans, Retail Customers
A month on from a retail conglomerate's data breach, it's still not clear exactly what the hackers stole, but impacted brands include Dickies, Northface, Timberland, Vans, and more.
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports
Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it.
AI Gives Defenders the Advantage in Enterprise Defense
A panel of CISOs acknowledged that artificial intelligence has boosted the capabilities of threat actors, but enterprise defenders are actually benefiting more from the technology.
https://www.darkreading.com/cyber-risk/ai-gives-defenders-the-advantage-in-enterprise-defense
CISOs Struggle for C-Suite Status Even As Expectations Skyrocket
An IANS survey shows that CISOs shoulder more and more legal and regulatory liability for data breaches, but few are getting the recognition or support they need.
Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers
The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war.
Missing the Cybersecurity Mark With the Essential Eight
Australia's Essential Eight Maturity Model still doesn't address key factors needed to protect today's cloud and SaaS environments.
https://www.darkreading.com/cybersecurity-operations/missing-cybersecurity-mark-with-essential-eight
iPhone, Android Ambient Light Sensors Allow Stealthy Spying
Ambient light sensors on smart-device screens can effectively be turned into a camera, opening up yet another path to snooping on unwitting victims.
https://www.darkreading.com/endpoint-security/iphone-android-ambient-light-sensors-stealthy-spying
CISA's Road Map: Charting a Course for Trustworthy AI Development
The agency aims to build a more robust cybersecurity posture for the nation.
First Step in AI/ML Security Is Finding Them
Security teams need to start including AI tools and machine learning models when thinking about the software supply chain: They can't protect what they don't know they have.
https://www.darkreading.com/application-security/first-step-in-ai-ml-security-is-finding-them
Nigerian Law Enforcement Agency Advised to Retrain African Cybercriminals
Local Nigerian cybersecurity expert tells Economic and Financial Crimes Commission to educate and not jail so-called Yahoo boys.
Nigerian Businesses Face Growing Ransomware-as-a-Service Trade
Infosec advocacy group warns that poor patching practices and reliance on cracked software increases risk.