4 Security Tips From PCI DSS 4.0 Anyone Can Use

With the final switchover to the latest version of the credit card standard, here's what all security professionals can draw from the changes.

https://www.darkreading.com/cybersecurity-operations/pci-dss-4-0-is-good-security-guidance-for-everyone

Anti-Fraud Project Boosts Security of African, Asian Financial Systems

Working with countries and organizations in Africa, Asia, and the Middle East, the Tazama project aims to add affordable security and trust to the financial infrastructure.

https://www.darkreading.com/cyber-risk/anti-fraud-project-boosts-security-of-african-asian-financial-systems

How Not to Become the Target of the Next Microsoft Hack

The alarming number of cyber threats targeting Microsoft cloud applications shows cybersecurity needs an overhaul.

https://www.darkreading.com/cybersecurity-operations/how-not-to-become-target-of-next-microsoft-hack

Japan Blames North Korea for PyPI Supply Chain Cyberattack

Open-source software ecosystem compromise leaves developers in Asia and around the globe at risk.

https://www.darkreading.com/application-security/japan-blames-north-korea-for-pypi-supply-chain-cyberattack

Google Engineer Steals AI Trade Secrets for Chinese Companies

Chinese national Linwei Ding is accused of pilfering more than 500 files containing Google IP while affiliating with two China-based startups at the same time.

https://www.darkreading.com/insider-threats/google-engineer-steals-ai-trade-secrets-chinese-companies

CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

https://www.darkreading.com/cybersecurity-operations/ciso-corner-nsa-guidelines-utility-sbom-case-study-lava-lamps

Broke Cyber Pros Flock to Cybercrime Side Hustles

Burned-out cybersecurity professionals dealing with layoffs and stressful working conditions are increasingly finding a better way to earn a buck: cybercrime.

https://www.darkreading.com/cybersecurity-operations/broke-cyber-pros-cybercrime-side-hustles

South Korean Police Deploy Deepfake Detection Tool in Run-up to Elections

The nation's battle with political deepfakes may be a harbinger for what's to come in elections around the world this year.

https://www.darkreading.com/threat-intelligence/south-korean-police-deepfake-detection-tool-run-up-elections

Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base

The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January.

https://www.darkreading.com/cyberattacks-data-breaches/russia-sponsored-cyberattackers-infiltrate-microsoft-s-code-base

Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory

The proof-of-concept exploits for Atlassian Confluence would enable arbitrary code execution without requiring file system access.

https://www.darkreading.com/application-security/stealth-bomber-atlassian-confluence-exploits-drop-web-shells-in-memory

How to Ensure Open-Source Packages Are Not Landmines

CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code.

https://www.darkreading.com/application-security/how-to-ensure-open-source-pckages-are-not-landmines

Creating Security Through Randomness

How lava lamps, pendulums and suspended rainbows keep the internet safe.

https://www.darkreading.com/remote-workforce/creating-security-through-randomness

The Ongoing Struggle to Protect PLCs

A decade after Stuxnet, vulnerabilities in OT systems and programmable logic controllers remain exposed.

https://www.darkreading.com/ics-ot-security/ongoing-struggle-to-protect-plcs

NSA's Zero-Trust Guidelines Focus on Segmentation

Zero-trust architectures are essential protective measures for the modern enterprise. The latest NSA guidance provides detailed recommendations on how to implement the networking angle of the concept.

https://www.darkreading.com/remote-workforce/nsa-s-zero-trust-guidelines-focus-on-segmentation

How to Ensure Open-Source Packages Are Not Mines

CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code.

https://www.darkreading.com/application-security/untitled

Cyber Insurance Strategy Requires CISO-CFO Collaboration

Cyber risk quantification brings together the CISO's technical expertise and the CFO's focus on financial impact to develop a stronger and better understanding of cyber risk.

https://www.darkreading.com/cyber-risk/cyber-insurance-strategy-requires-ciso-cfo-collaboration

Nigerian National Pleads Guilty of Conspiracy in BEC Operation

The defendant targeted victims, along with co-conspirators, to trick them into wiring funds to drop accounts using spoofed emails.

https://www.darkreading.com/vulnerabilities-threats/nigerian-national-pleads-guilty-conspiracy-bec-operation

JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive

Just one day after disclosure, adversaries began targeting the vulnerabilities to take complete control of affected instances of the popular developer platform.

https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

Bipartisan Members of Congress Introduce Enhanced Cybersecurity for SNAP Act to Secure Food Benefits Against Hackers and Thieves

https://www.darkreading.com/cyber-risk/bipartisan-members-of-congress-introduce-enhanced-cybersecurity-for-snap-act-to-secure-food-benefits-against-hackers-and-thieves

Silence Laboratories Raises $4.1M Funding to Enable Privacy Preserving Collaborative Computing

https://www.darkreading.com/cyber-risk/silence-laboratories-raises-4-1m-funding-to-enable-privacy-preserving-collaborative-computing