Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit

Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age.

https://www.darkreading.com/vulnerabilities-threats/millions-hotel-rooms-worldwide-vulnerable-door-lock-exploit

New Cyber Threats to Challenge Financial Services Sector in 2024

https://www.darkreading.com/cyberattacks-data-breaches/new-cyber-threats-to-challenge-financial-services-sector-in-2024

WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification

https://www.darkreading.com/cybersecurity-operations/wicys-and-isc2-launch-spring-camp-for-cybersecurity-certification

Checkmarx Announces Partnership With Wiz

https://www.darkreading.com/cloud-security/checkmarx-announces-partnership-with-wiz

Threat Report: Examining the Use of AI in Attack Techniques

More than ever, it's critical for organizations to understand the nature of AI-based threats and how they can blunt the advantage that AI conveys to bad actors.

https://www.darkreading.com/cyberattacks-data-breaches/threat-report-examining-the-use-of-ai-in-attack-techniques

Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass

The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.

https://www.darkreading.com/application-security/patchless-apple-m-chip-vulnerability-cryptography-bypass

DHS Proposes Critical Infrastructure Reporting Rules

CISA will administer the new reporting requirements for cyber incidents and ransomware payments.

https://www.darkreading.com/cybersecurity-operations/dhs-releases-unpublished-circia-document-proposing-new-rule

Vietnam Securities Broker Suffered Cyberattack That Suspended Trading

Attackers "encrypted" VNDirect's data in an attack that kept the broker offline for days.

https://www.darkreading.com/cyberattacks-data-breaches/vietnam-securities-broker-suffered-cyberattack-that-suspended-trading

'Tycoon' Malware Kit Bypasses Microsoft, Google MFA

Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram.

https://www.darkreading.com/application-security/tycoon-malware-kit-bypasses-microsoft-google-mfa

Zero-Day Bonanza Drives More Exploits Against Enterprises

Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, accor...

https://www.darkreading.com/threat-intelligence/zero-day-bonanza-exploits-enterprises

Getting Security Remediation on the Boardroom Agenda

IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management.

https://www.darkreading.com/cybersecurity-operations/getting-security-remediation-on-boardroom-agenda

'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide

Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post. Australia Post, Singapore Post, and postal services in South Africa, ...

https://www.darkreading.com/endpoint-security/-darcula-phishing-as-a-service-operation-bleeds-victims-worldwide

Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks

Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.

https://www.darkreading.com/cyber-risk/australian-government-doubles-down-on-cybersecurity-in-wake-of-major-attacks

Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers

A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.

https://www.darkreading.com/cloud-security/agenda-ransomware-vmware-esxi-servers

Apple Security Bug Opens iPhone, iPad to RCE

CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.

https://www.darkreading.com/endpoint-security/apple-security-bug-opens-iphone-ipad-rce

Abstract Security Brings AI to Next-Gen SIEM

The startup’s AI-powered data streaming platform separates security analytics from compliance data. Detecting is faster while also reducing computing and storage costs.

https://www.darkreading.com/cybersecurity-analytics/abstract-security-brings-ai-to-next-gen-siem

Patch Now: Critical Fortinet RCE Bug Under Active Attack

A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.

https://www.darkreading.com/cloud-security/patch-critical-fortinet-rce-bug-active-attack

How New-Age Hackers Are Ditching Old Ethics

Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape.

https://www.darkreading.com/cyberattacks-data-breaches/how-new-age-hackers-are-ditching-old-ethics

Dubious NuGet Package May Portend Chinese Industrial Espionage

A .NET package available for download right now is either a stealthy industrial systems backdoor or nothing at all.

https://www.darkreading.com/ics-ot-security/dubious-nuget-package-chinese-industrial-espionage

It's Time to Stop Measuring Security in Absolutes

All-or-nothing security policies strain resources by aiming for perfection. We need a better way to assess progress.

https://www.darkreading.com/cybersecurity-analytics/time-to-stop-measuring-security-in-absolutes