'CherryLoader' Malware Allows Serious Privilege Execution

A sporty, modular downloader allows hackers to cherry-pick their exploits — in this case, two powerful tools for gaining admin access in a Windows system.

https://www.darkreading.com/endpoint-security/cherryloader-downloader-serious-privilege-execution

Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers

Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.

https://www.darkreading.com/cloud-security/anyone-with-google-account-can-hack-misconfigured-kubernetes-clusters

Hackers Blast Violent Gaza Message at a Popular Israeli Movie Theater

A psyop targeting ordinary moviegoers is the latest in a string of similar attacks in the country since Oct. 7.

https://www.darkreading.com/cyberattacks-data-breaches/hackers-blast-violent-gaza-message-popular-israeli-movie-theater

The CISO Role Undergoes a Major Evolution

Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.

https://www.darkreading.com/cybersecurity-operations/ciso-role-undergoes-major-evolution

Help Wanted From Convicted Cybercriminals

Rather than languishing in jail for their crimes, could former fraudsters turn to legitimate cybersecurity work? African cyber expert's recommendation resurrects that debate.

https://www.darkreading.com/cybersecurity-careers/help-wanted-from-convicted-cybercriminals

Hook Younger Users With Cybersecurity Education Designed for Them

Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media i...

https://www.darkreading.com/endpoint-security/hook-younger-users-with-cybersecurity-education-designed-for-them

Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments

https://www.darkreading.com/cybersecurity-operations/darktrace-and-garland-technology-collaborate-to-help-businesses-secure-operational-technology-environments

Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

https://www.darkreading.com/ics-ot-security/nozomi-networks-delivers-multi-spectrum-wireless-security-sensor-for-global-ot-and-iot-environments

Managed Ransomware Detect & Respond (RDR) Offering From Zyston

https://www.darkreading.com/endpoint-security/managed-ransomware-detect-respond-rdr-offering-from-zyston

Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles

The company hasn't acknowledged responsibility for the incident, although allowing scraping paves the way for dangerous follow-on attacks.

https://www.darkreading.com/remote-workforce/atlassian-tightens-api-after-hacker-scrapes-15m-trello-profiles

Peters and Braun Introduce Bipartisan Bill to Bolster Government's Cybersecurity Capabilities

https://www.darkreading.com/ics-ot-security/peters-and-braun-introduce-bipartisan-bill-to-bolster-government-s-cybersecurity-capabilities

ChatGPT Cybercrime Discussions Spike to Nearly 3K Posts on Dark Web

And there were an additional 3,000 comments posted to the Dark Web about the sale of stolen ChatGPT accounts.

https://www.darkreading.com/threat-intelligence/dark-web-chatgpt-cybercrime-discussions-spike-nearly-3k-malicious-posts

CISA's Water Sector Guide Puts Incident Response Front & Center

As cyberattackers increasingly target water suppliers and wastewater utilities, the US federal government wants to help limit the impact of destructive attacks.

https://www.darkreading.com/ics-ot-security/cisa-water-sector-cyber-guide-incident-response

Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT

PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology.

https://www.darkreading.com/cyberattacks-data-breaches/fortra-discloses-critical-auth-bypass-vuln-in-goanywhere-mft

Jason's Deli Accounts Compromised by Credential Stuffing

Deli Dollars loyalty accounts hit with stolen credentials from the Dark Web, potentially exposing the personal data of more than 340,000 customers.

https://www.darkreading.com/cyberattacks-data-breaches/jason-s-deli-accounts-compromised-by-credential-stuffing-

AI Learning Initiative Launches for UAE Women

The effort will train 100 women in technology and cybersecurity around artificial intelligence concepts.

https://www.darkreading.com/cybersecurity-operations/ai-learning-initiative-launched-uae-women

Kasseika Ransomware Linked to BlackMatter in BYOVD Attack

An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger "bring your own vulnerable driver" trend.

https://www.darkreading.com/endpoint-security/kasseika-ransomware-linked-blackmatter-byovd-attack

Filling the Cybersecurity Talent Gap

Veterans are ideal candidates to close the skills gap and create the industry needed to meet security threats head-on.

https://www.darkreading.com/cybersecurity-operations/filling-cybersecurity-talent-gap

Prompt Security Launches With AI Protection for the Enterprise

The startup, which announced $5 million in seed funding, secures enterprises against the risks generative AI brings.

https://www.darkreading.com/cyber-risk/prompt-security-launches-ai-protection-enterprise

Researchers Map AI Threat Landscape, Risks

With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions.

https://www.darkreading.com/cyber-risk/researchers-map-ai-threat-landscape-risks