The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains

Hackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect.

https://www.darkreading.com/threat-intelligence/biggest-threat-2024-elections-kitchen-sink-attack-chains

Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries

Mobile malware-as-a-service operators are upping their game by automatically churning out hundreds of unique samples on a whim.

https://www.darkreading.com/endpoint-security/godfather-banking-trojan-spawns-1k-samples-57-countries

Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare

Cyberattacks on logistics are becoming increasingly common, and the potential impact is enormous.

https://www.darkreading.com/cyberattacks-data-breaches/digital-blitzkrieg-unveiling-cyber-logistics-warfare

Cisco Zero-Days Anchor 'ArcaneDoor' Cyber Espionage Campaign

Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.

https://www.darkreading.com/endpoint-security/cisco-zero-days-arcanedoor-cyberespionage-campaign

SolarWinds 2024: Where Do Cyber Disclosures Go From Here?

Get updated advice on how, when, and where we should disclose cybersecurity incidents under the SEC's four-day rule after SolarWinds, and join the call to revamp the rule to remediate first.

https://www.darkreading.com/cyberattacks-data-breaches/solarwinds-2024-where-do-cyber-disclosures-go-from-here

Attacker Social-Engineered Backdoor Code Into XZ Utils

Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.

https://www.darkreading.com/application-security/attacker-social-engineered-backdoor-code-into-xz-utils

Black Girls Do Engineer Signs Education Partnership Agreement With NSA

https://www.darkreading.com/cybersecurity-operations/black-girls-do-engineer-signs-education-partnership-agreement-with-nsa

KnowBe4 to Acquire Egress

https://www.darkreading.com/cybersecurity-operations/knowbe4-to-acquire-egress

Lights On in Leicester: Streetlights in Disarray After Cyberattack

The city is stymied in efforts to pinpoint the issue since its IT systems were shut down in the wake of the cyberattack.

https://www.darkreading.com/cyberattacks-data-breaches/lights-on-in-leicester-city-streetlights-in-disarray-after-cyberattack

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).

https://www.darkreading.com/cyberattacks-data-breaches/north-korea-apt-triumvirate-spied-on-south-korean-defense-industry-for-years

Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign

A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, ...

https://www.darkreading.com/cyberattacks-data-breaches/iran-dupes-military-contractors-govt-agencies-cybercampaign

2023: A 'Good' Year for OT Cyberattacks

Attacks increased by "only" 19% last year. But that number is expected to grow significently.

https://www.darkreading.com/endpoint-security/2023-good-year-for-ot-cyberattacks

Fortify AI Training Datasets From Malicious Poisoning

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

https://www.darkreading.com/cybersecurity-operations/fortify-ai-training-datasets-from-malicious-poisoning

Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

https://www.darkreading.com/cloud-security/patch-crushftp-zero-day-cloud-exploit-targets-us-orgs

5 Hard Truths About the State of Cloud Security 2024

Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.

https://www.darkreading.com/cloud-security/5-hard-truths-about-the-state-of-cloud-security-2024

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

https://www.darkreading.com/ics-ot-security/siemens-working-on-fix-for-device-affected-by-palo-alto-firewall-bug

CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills

https://www.darkreading.com/cybersecurity-operations/comptia-supports-department-of-defense-efforts-to-strengthen-cyber-knowledge-and-skills

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

https://www.darkreading.com/threat-intelligence/hackers-create-legit-phishing-links-with-ghost-github-gitlab-comments

Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update

The company reports most systems are functioning again but that analysis of the data affected will take months to complete.

https://www.darkreading.com/cyber-risk/back-from-the-brink-unitedhealth-offers-sobering-post-attack-update

Top Lessons for CISOs From OWASP's LLM Top 10

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

https://www.darkreading.com/vulnerabilities-threats/top-lessons-cisos-owasp-llm-top-10