BumbleBee Malware Buzzes Back on the Scene After 4-Month Hiatus
Cyberattacks targeting thousands of US organizations wields a new attack vector to deliver the versatile initial-access loader — and is a harbinger of a surge in threat activity.
https://www.darkreading.com/cyberattacks-data-breaches/bumblebee-malware-buzzes-back-4-month-hiatus
We're at a Pivotal Moment for AI and Cybersecurity
But generative AI's ability to strengthen security and fortify defenses can keep bad actors in check.
https://www.darkreading.com/vulnerabilities-threats/pivotal-moment-ai-and-cybersecurity
Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?
Hamas-linked threat actors have defied norms, with no discernible uptick in cyber operations prior to the group's attack in Israel — and a complete abandonment of them thereafter.
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
FCC Requires Telecom & VoIP Providers to Report PII Breaches
The Commission's breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.
Akto Launches Proactive GenAI Security Testing Solution
Glupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox
A malware with every malicious feature in the book is adding new pages, with a fresh ability to invade the lowest levels of a Windows machine.
BlackBerry Provides Update on Progress in Separation of Divisions and Path to Profitability
OpenText Joins the Joint Cyber Defense Collaborative to Enhance US Government Cybersecurity
OPSWAT Invests $10M in Scholarship Learning Program to Help Close Cybersecurity Skills Gap
ISC2 Collaborates With IBM to Launch Entry-Level Cybersecurity Certificate
Ivanti VPN Flaw Exploited to Inject Novel Backdoor; Hundreds Pwned
A SAML vulnerability in Ivanti appliances has led to persistent remote access and full control for opportunistic cyberattackers.
https://www.darkreading.com/cloud-security/ivanti-flaw-exploited-inject-novel-backdoor
Aircraft Leasing Company Acknowledges Cyberattack in SEC Filing
Black Basta ransomware claimed responsibility, but the company says its investigation is ongoing.
Middle East & Africa CISOs Plan to Increase 2024 Budgets by 10%
New data shows higher-than-expected cybersecurity growth in the Middle East, Turkey, and Africa region, thanks to AI and other factors.
Ivanti Gets Poor Marks for Cyber Incident Response
Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, and forcing cybersecurity teams to scramble for solutions. Researchers are unimpressed.
https://www.darkreading.com/cloud-security/ivanti-poor-marks-cyber-incident-response
BofA Warns Customers of Data Leak in Third-Party Breach
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor
Saudi Arabia charity was under surveillance with the modified reverse proxy tool, researchers discovered.
CISO and CIO Convergence: Ready or Not, Here It Comes
Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation.
https://www.darkreading.com/cybersecurity-operations/ciso-cio-convergence-ready-or-not-here-it-comes
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks
The developers behind a widespread worm are nesting further into networks by exploiting Windows escalation opportunities faster than organizations can patch them.
https://www.darkreading.com/application-security/raspberry-robin-1-days-escalate-unpatched-networks
How Changes in State CIO Priorities for 2024 Apply to API Security
The National Association of State Chief Information Officers' top 10 list sheds light on where state and local governments need to direct their cybersecurity efforts. Here's what it means for applicat...