Hacked Iraqi Voter Information Found For Sale Online

A 21.58 GB database of stolen personal voter data from Iraq's Independent High Electoral Commission (IHEC) may have been the result of a supply chain attack.

https://www.darkreading.com/endpoint-security/hacked-iraqi-voter-information-found-for-sale-online

Global Law Enforcement Disrupts LockBit Ransomware Gang

Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia — seizes data and website associated with the prolific cybercriminal organization and its affiliates.

https://www.darkreading.com/cybersecurity-operations/global-law-enforcement-disrupts-lockbit-ransomware-gang

Cyber Insurance Needs to Evolve to Ensure Greater Benefit

A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios.

https://www.darkreading.com/cyber-risk/cyber-insurance-needs-to-evolve-to-ensure-greater-benefit

Misconfigured Custom Salesforce Apps Expose Corporate Data

Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.

https://www.darkreading.com/cloud-security/misconfigurated-custom-salesforce-apps-expose-corporate-data

Name That Toon: Keys to the Kingdom

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/application-security/name-that-toon-keys-to-the-kingdom

NSO Group Adds 'MMS Fingerprinting' Zero-Click Attack to Spyware Arsenal

The purveyor of the infamous Pegasus mobile spyware now has a new method for obtaining critical information from target iPhones and other mobile devices.

https://www.darkreading.com/application-security/nso-group-adds-mms-fingerprinting-zero-click-attack-spyware-arsenal

Q&A: The Cybersecurity Training Gap in Industrial Networks

Cyberattacks and threats increasingly are honed in on ICS/OT networks, but security training for operators of these critical infrastructure environments is perilously scarce.

https://www.darkreading.com/ics-ot-security/q-a-learning-secure-ot-environments

Russian APT 'Winter Vivern' Targets European Government, Military

TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.

https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-winter-vivern-targets-european-government-military

CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout

Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus.

https://www.darkreading.com/cybersecurity-operations/ciso-corner-cio-convergence-critical-security-metrics-ivanti-fallout

What Using Security to Regulate AI Chips Could Look Like

An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence.

https://www.darkreading.com/cyber-risk/what-using-security-to-regulate-ai-chips-could-look-like

Enterprises Worry End Users Will be the Cause of Next Major Breach

Respondents in Dark Reading's Strategic Security Survey believe that the primary cause of their organization's next major data breach would involve social engineering, negligent users, and insecure re...

https://www.darkreading.com/remote-workforce/enterprises-worry-end-users-will-be-the-cause-of-next-major-breach

Major Tech Firms Develop 'Tech Accord' to Combat AI Deepfakes

The accord covers initiatives to create more transparency regarding what tech firms like Meta, Microsoft, Google, TikTok, and OpenAI are doing to combat malicious AI, especially around elections.

https://www.darkreading.com/cyber-risk/major-tech-firms-develop-tech-accords-to-combat-ai-deepfakes

Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP

One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure...

https://www.darkreading.com/vulnerabilities-threats/2fa-must-be-mandatory-asap

Iran Warship Aiding Houthi Pirates Hacked by US

US reportedly launched a cyberattack against an Iranian military ship suspected of helping Houthi rebel pirates menacing shipping traffic in the Red Sea.

https://www.darkreading.com/cyberattacks-data-breaches/iranian-ship-aiding-houthi-pirates-hacked-by-us

Vade Releases 2023 Phishers' Favorites Report

https://www.darkreading.com/cyberattacks-data-breaches/vade-releases-2023-phishers-favorites-report

Quorum Cyber Joins Elite Microsoft FastTrack-Ready Partner Group

https://www.darkreading.com/cybersecurity-operations/quorum-cyber-joins-elite-microsoft-fasttrack-ready-partner-group

Strata Identity Reins in Global Access and Compliance Challenges With Cross-Border Orchestration Recipes

https://www.darkreading.com/cyber-risk/strata-identity-reins-in-global-access-and-compliance-challenges-with-cross-border-orchestration-recipes

JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns

https://www.darkreading.com/cybersecurity-operations/jumpcloud-s-q1-2024-sme-it-trends-report-reveals-ai-optimism-tempered-by-security-concerns

Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity

"Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa.

https://www.darkreading.com/vulnerabilities-threats/volt-typhoon-hits-multiple-electric-cos-expands-cyber-activity

Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID

https://www.darkreading.com/ics-ot-security/somos-inc-protects-businesses-iot-assets-with-the-availability-of-somosid