'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
USBs are fetch again, as major APTs from Russia, China, and beyond are turning to them for BYOD cyberattacks.
https://www.darkreading.com/ics-ot-security/weirdest-trend-cybersecurity-nation-states-usb
How CISA Fights Cyber Threats During Election Primary Season
Election cyber threats come from various places, including compromised voting machines, AI deepfakes, and potential physical harm to workers. But CISA has been working diligently with various public a...
Don't Give Your Business Data to AI Companies
Handing over your business data to artificial intelligence companies comes with inherent risks.
https://www.darkreading.com/vulnerabilities-threats/dont-give-your-business-data-to-ai-companies
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting
Spike in new versions of an old Trojan — which mimic legitimate VMware domains — alarms security researchers.
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
The nation-state group compromised the website of a Tibetan festival and a software application to target user systems in Asia.
CISO Sixth Sense: NIST CSF 2.0's Govern Function
2024 will redefine CISO leadership while acknowledging the management gap.
https://www.darkreading.com/cybersecurity-operations/ciso-sixth-sense-nist-csf-2-govern-function
Japan on Line Breach: Clean Up Post-Merger Tech Sprawl
A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea's Naver for a massive data breach last November.
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches
The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently respon...
Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
"Spinning YARN" cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known Atlassian Confluence bug.
Veeam Launches Veeam Data Cloud
https://www.darkreading.com/cloud-security/veeam-launches-veeam-data-cloud
Patch Now: Apple Zero-Day Exploits Bypass Kernel Security
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perfo...
https://www.darkreading.com/ics-ot-security/patch-now-apple-zero-day-exploits-bypass-kernel-security
Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs
A Russian-language campaign aims to compromise corporate users on both Windows and Android devices by mimicking popular online collaboration applications.
10 Essential Processes for Reducing the Top 11 Cloud Risks
The Cloud Security Alliance's "Pandemic 11" cloud security challenges can be addressed by putting the right processes in place.
https://www.darkreading.com/cyber-risk/10-essential-processes-for-reducing-top-11-cloud-risks
The Rise of Social Engineering Fraud in Business Email Compromise
By examining common social engineering tactics and four of the most devious threat groups, organizations can better defend themselves.
Southern Company Builds SBOM for Electric Power Substation
The utility's software bill of materials (SBOM) experiment aims to establish stronger supply chain security – and tighter defenses against potential cyberattacks.
https://www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom
Network Perception Introduces Rapid Verification of Zone-to-Zone Segmentation
The Challenges of AI Security Begin With Defining It
Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.
Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout
Boston Red Sox Choose Centripetal As Cyber Network Security Partner
Delinea Debuts Privilege Control for Servers: Thwarting Stolen Credentials and Lateral Movement