The Fall of the National Vulnerability Database

Since its inception, three key factors have affected the NVD's ability to classify security concerns — and what we're experiencing now is the result.

https://www.darkreading.com/vulnerabilities-threats/fall-of-national-vulnerability-database

Windows Quick Assist Anchors Black Basta Ransomware Gambit

When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.

https://www.darkreading.com/threat-intelligence/windows-quick-assist-anchors-black-basta-ransomware

Google's AI Watermarks Will Identify Deepfakes

The SynthID line of watermarking techniques can be used to identify AI-generated images, video, and text.

https://www.darkreading.com/cloud-security/google-ai-watermarks-identify-deepfakes

Patch Now: Another Google Zero-Day Under Exploit in the Wild

Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.

https://www.darkreading.com/vulnerabilities-threats/patch-now-google-zero-day-exploit

Nigeria Halts Cybersecurity Tax After Public Outrage

In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity.

https://www.darkreading.com/cyber-risk/nigeria-halts-cybersecurity-tax-after-public-outrage

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings

https://www.darkreading.com/cybersecurity-operations/palo-alto-networks-and-ibm-to-jointly-provide-ai-powered-security-offerings

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

https://www.darkreading.com/endpoint-security/flaw-in-wi-fi-standard-can-enable-ssid-confusion-attacks

Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure

https://www.darkreading.com/cybersecurity-operations/alkira-raises-100m-in-series-c-funding-to-simplify-secure-and-scale-critical-network-infrastructure

Notice of a Data Breach

https://www.darkreading.com/cyberattacks-data-breaches/notice-of-a-data-breach

FBI, DoJ Shut Down BreachForums, Launch Investigation

Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.

https://www.darkreading.com/threat-intelligence/fbi-doj-shut-down-breachforums-launch-investigation

Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise.

https://www.darkreading.com/threat-intelligence/scammers-fake-docusign-templates-blackmail-steal-companies

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day

A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.

https://www.darkreading.com/vulnerabilities-threats/d-link-routers-vulnerable-to-takeover-via-exploit-for-zero-day

3 Tips for Becoming the Champion of Your Organization's AI Committee

CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success.

https://www.darkreading.com/cybersecurity-operations/3-tips-for-becoming-champion-of-your-organization-ai-committee

Top 5 Most Dangerous Cyber Threats in 2024

SANS Institute experts weigh in on the top threat vectors faced by enterprises and the public at large.

https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024

Singapore Cybersecurity Update Puts Cloud Providers on Notice

The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.

https://www.darkreading.com/cyber-risk/singapore-cybersecurity-update-puts-cloud-providers-on-notice

Microsoft Windows DWM Zero-Day Poised for Mass Exploit

CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.

https://www.darkreading.com/vulnerabilities-threats/microsoft-windows-dwm-zero-day-mass-exploit

Unprotected Session Tokens Can Undermine FIDO2 Security

While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.

https://www.darkreading.com/identity-access-management-security/unprotected-session-tokens-can-undermine-fido2-security

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs

Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.

https://www.darkreading.com/threat-intelligence/fbi-closes-in-scattered-spider-attacks-finance-insurance-orgs

A Cost-Effective Encryption Strategy Starts With Key Management

Key management is more complex than ever. Your choices are: Rely on your cloud provider or manage keys locally; Encrypt only the most critical data; Or encrypt everything.

https://www.darkreading.com/cloud-security/a-cost-effective-encryption-strategy-starts-with-key-management

Dangerous Google Chrome Zero-Day Allows Sandbox Escape

Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.

https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape