India Repatriates Citizens Duped Into Forced Cyber Fraud Labor in Cambodia
So far some 250 citizens have been rescued and returned to India after being lured to Cambodia in an phony employment scheme.
Are You Affected by the Backdoor in XZ Utils?
In this Tech Tip, we outline how to check if a system is impacted by the newly discovered backdoor in the open source xz compression utility.
https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils
CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023'...
https://www.darkreading.com/cloud-security/ciso-corner-cyber-pro-swindle-risk-valuation
UN Peace Operations Under Fire From State-Sponsored Hackers
The international body isn't doing enough to protect details on dissidents and activists gathered by peacekeeping operations, particularly across Central Africa.
https://www.darkreading.com/cyber-risk/un-peace-operations-under-fire-from-state-sponsored-hackers
Cloud Email Filtering Bypass Attack Works 80% of the Time
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
https://www.darkreading.com/cloud-security/cloud-email-filtering-bypass-attack
Lessons From the LockBit Takedown
The truly satisfying law enforcement takedown of the ransomware giant shows the value of collaborating — and fighting back.
https://www.darkreading.com/threat-intelligence/lessons-from-the-lockbit-takedown
TheMoon Malware Rises Again with Malicious Botnet for Hire
Outdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless.
https://www.darkreading.com/endpoint-security/themoon-malware-rises-malicious-botnet-for-hire
Geopolitical Conflicts: 5 Ways to Cushion the Blow
By prioritizing key areas, security leaders can navigate the complexities of geopolitical conflicts more effectively.
Iran's Evolving Cyber-Enabled Influence Operations to Support Hamas
Understanding Iran's techniques, coupled with comprehensive threat intel, can give organizations an edge in identifying and defending against these attacks.
Pervasive LLM Hallucinations Expand Code Developer Attack Surface
The tendency of popular AI-based tools to recommend nonexistent code libraries offers a bigger opportunity than thought to distribute malicious packages.
Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks
Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.
https://www.darkreading.com/application-security/cisco-ios-bugs-unauthenticated-remote-dos-attacks
Indian Government, Oil Companies Breached by 'HackBrowserData'
The malicious actor used Slack channels as an exfiltration point to upload the stolen data.
Suspected MFA Bombing Attacks Target Apple iPhone Users
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line...
https://www.darkreading.com/cloud-security/mfa-bombing-attacks-target-apple-iphone-users
US Puts Up $10M Bounty on BlackCat Ransomware Gang Members
Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure.
https://www.darkreading.com/cyber-risk/us-10m-bounty-blackcat-ransomware-members
3 Strategies to Future-Proof Data Privacy
To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques.
https://www.darkreading.com/cyber-risk/3-strategies-to-future-proof-data-privacy
Corporations With Cyber Governance Create Almost 4X More Value
Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.
A CISO's Guide to Materiality and Risk Determination
For many CISOs, "materiality" remains an ambiguous term. Even so, they need to be able to discuss materiality and risk with their boards.
https://www.darkreading.com/cyber-risk/a-ciso-s-guide-to-materiality-and-risk-determination
10 Steps to Detect, Prevent, and Remediate the Terrapin Vulnerability
You don't have to stop using SSH keys to stay safe. This Tech Tip explains how to protect your system against CVE-2023-48795.
Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East
Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors.
Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth