NRECA Receives $4M in DOE Funding to Boost Electric Co-op Cybersecurity Preparedness
Students Spot Washing Machine App Flaw That Gives Out Free Cycles
UCSC students say that after reporting the bug months ago they're still able to rack up unlimited free wash loads at their local laundromat.
What American Enterprises Can Learn From Europe's GDPR Mistakes
As the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe's costly missteps.
https://www.darkreading.com/cyber-risk/what-american-enterprises-can-learn-from-europe-gdpr-mistakes
Android Banking Trojan Antidot Disguised as Google Play Update
Antidot uses overlay attacks and keylogging to target users' financial data.
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit
IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms.
CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking do...
Intel Discloses Max Severity Bug in Its AI Model Compression Software
The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems.
10 Ways a Digital Shield Protects Apps and APIs
Layers of protection can bring defense-in-depth practices to distributed clouds and other modern network architectures.
SEC Adds New Incident Response Rules for Financial Sector
Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches.
https://www.darkreading.com/cyber-risk/sec-adds-new-incident-response-rules-for-financial-sector
400K Linux Servers Recruited by Resurrected Ebury Botnet
Cryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe.
CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules
Most companies still can't determine whether a breach is material within the four days mandated by the SEC, skewing incident response.
Whose Data Is It Anyway? Equitable Access in Cybersecurity
Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data.
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.
https://www.darkreading.com/vulnerabilities-threats/microsoft-has-yet-to-patch-7-pwn2own-zero-days
There Is No Cyber Labor Shortage
There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.
https://www.darkreading.com/cybersecurity-operations/no-cyber-labor-shortage
Addressing the Cybersecurity Vendor Ecosystem Disconnect
How security teams can bridge the gap between short-term profits and long-term business needs.
Santander Falls Victim to Data Breach Involving Third-Party Provider
The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.
US AI Experts Targeted in SugarGh0st RAT Campaign
Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.
GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft
Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.
Asian Threat Actors Use New Techniques to Attack Familiar Targets
Generative AI and software supply chain attacks are being exploited to disrupt, manipulate, and steal.
FCC Reveals 'Royal Tiger' Robocall Campaign
In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.