New Tool Shields Organizations From NXDOMAIN Attacks
Akamai joins a growing list of security vendors aiming to strengthen DNS defenses.
https://www.darkreading.com/remote-workforce/akamai-boosts-dns
CISA's Malware Analysis Platform Could Foster Better Threat Intel
But just how the government differentiates its platform from similar private-sector options remains to be seen.
CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and th...
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits
Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.
The Race for AI-Powered Security Platforms Heats Up
Microsoft, Google, and Simbian each offer generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.
https://www.darkreading.com/cybersecurity-operations/race-ai-powered-platforms-security-platforms
Critical Infrastructure Security: Observations From the Front Lines
Attacks on critical infrastructure are ramping up — but organizations now have the knowledge and tools needed to defend against them.
Knostic Brings Access Control to LLMs
Led by industry veterans Gadi Evron and Sounil Yu, the new company lets organizations adjust how much information LLMs provide based on the user's role and responsibilities.
https://www.darkreading.com/data-privacy/knostic-brings-access-control-to-llms
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
North Korean hackers break ground with new exploitation techniques for Windows and macOS.
Sisense Password Breach Triggers 'Ominous' CISA Warning
With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.
https://www.darkreading.com/threat-intelligence/sisense-breach-triggers-cisa-password-reset-advisory
Knostic Raises $3.3M for Enterprise GenAI Access Control
Cohesity Extends Collaboration to Strengthen Cyber Resilience With IBM Investment in Cohesity
DPRK Exploits 2 New MITRE Techniques: Phantom DLL Hijacking, TCC Abuse
North Korean hackers break ground with new exploitation techniques for Windows and macOS.
Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases
Project behind the Rust programming language asserted that any calls to a specific API would be made safe, even with unsafe inputs, but researchers found ways to circumvent the protections.
Apple Warns Users in 150 Countries of Mercenary Spyware Attacks
In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.
https://www.darkreading.com/vulnerabilities-threats/apple-warns-users-targeted-by-mercenary-spyware
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously
Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.
Why MLBOMs Are Useful for Securing the AI/ML Supply Chain
A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.
Zambia Busts 77 People in China-Backed Cybercrime Operation
Phony call center company conducted online fraud and other Internet scams.
https://www.darkreading.com/endpoint-security/zambia-busts-77-in-china-backed-cybercrime-operation
Japan, Philippines, & US Forge Cyber Threat Intel-Sharing Alliance
Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.
XZ Utils Scare Exposes Hard Truths About Software Security
Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
Wiz Acquires Gem Security to Expand Cloud Detection and Response Offering