Fortra Releases Update on Critical Severity RCE Flaw
The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue.
Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group
The purchase would have given Airbus more capabilities to address rising cyber threats in the aviation and aerospace industry.
Cheating Hack Halts Apex Legends E-Sports Tourney
Electronic Arts is trying to track down the RCE exploit that allowed hackers to inject cheats into games during the recent Apex Legends Global Series.
https://www.darkreading.com/cyber-risk/apex-legends-tourney-spoiled-by-hackers
5 Ways CISOs Can Navigate Their New Business Role
CISOs can successfully make their business operations more secure and play a larger role in the organization's overall strategy, but there are pitfalls to avoid, Forrester analysts warn.
https://www.darkreading.com/cybersecurity-operations/5-ways-cisos-can-navigate-new-business-role
Name That Toon: Bridge the Gap
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
https://www.darkreading.com/cloud-security/name-that-toon-bridge-the-gap
New Regulations Make D&O Insurance a Must for CISOs
CISOs currently hold all of the responsibility to stop cyberattacks yet have none of the authority to fund the technological defenses that regulations require.
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE
The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users.
The New CISO: Rethinking the Role
Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step.
https://www.darkreading.com/cybersecurity-operations/new-ciso-rethinking-the-role
'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs
Credential-stealing emails are getting past artificial intelligence's "known good" email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant...
https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security
North Korea-Linked Group Levels Multistage Cyberattack on South Korea
Kimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.
ML Model Repositories: The Next Big Supply Chain Attack Target
Machine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years via npm, PyPI, and other open source repos.
https://www.darkreading.com/cloud-security/ml-model-repositories-next-big-supply-chain-attack-target
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents
The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.
Brazilian Authorities Arrest Members of Banking Trojan Cybercrime Group
Interpol assisted in the operation, in which analysts identified Grandoreiro group members by analyzing and matching malware samples.
Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024
Fujitsu: Malware on Company Computers Exposed Customer Data
It remains unclear how long the IT services giant's systems were infiltrated and just how the cyberattack unfolded.
Tracking Everything on the Dark Web Is Mission Critical
On the Dark Web, stolen secrets are your enemy, and context is your friend.
South African Government Pension Data Leak Fears Spark Probe
LockBit ransomware gang claims 668GB of data it dumped online was stolen from South Africa's pension agency.
3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage
With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats.
'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions.
https://www.darkreading.com/cyber-risk/ghostrace-speculative-execution-attack-cpu-os-vendors
NHS Breach, HSE Bug Expose Healthcare Data in the British Isles
Whoopsies in Ireland and Scotland speak to a tenuousness of cyber protections for sensitive private healthcare data.