Dark Reading Weekly -- January 25, 2024

LATEST SECURITY NEWS & COMMENTARY

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine

The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.

Millions at Risk As 'Parrot' Web Server Compromises Take Flight

The cyberattackers behind the traffic redirection system (TDS) inject websites with malicious scripts, have control over thousands of servers worldwide, and have ramped up efforts to avoid detection.

Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT

PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file-transfer technology.

Subway Puts a LockBit Investigation on the Menu

The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary "SBS" network.

CISA Director Jen Easterly Targeted in Swatting Incident

A phone call to authorities claimed that a shooting had taken place on Easterly's block.

'VexTrio' TDS: The Biggest Cybercrime Operation on the Web?

The traffic distribution system supports tens of thousands of malicious domains and cyberattack campaigns that reach far and wide globally.

Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles

The company hasn't taken full responsibility for the incident, even though allowing scraping paves the way for dangerous follow-on attacks.

Microsoft: Iran's Mint Sandstorm APT Blasts Educators, Researchers

The Charming Kitten-related cyber-espionage group is posing as legitimate journalists and researchers to get intel on the Israel-Hamas war.

Third Ivanti Vulnerability Exploited in the Wild, CISA Reports

Though reports say this latest Ivanti bug is being exploited, it's unclear exactly how threat actors are using it.

Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware

Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor.

Filling the Cybersecurity Talent Gap

Veterans are ideal candidates to close the skills gap and create the industry needed to meet security threats head-on.

Battling Misinformation During Election Season

Dissemination of false information, often with the intent to deceive, has become a pervasive issue amplified by artificial intelligence (AI) tools.

CISA's Road Map: Charting a Course for Trustworthy AI Development

The agency aims to build a more robust cybersecurity posture for the nation.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Survey Shows a Surge in (Artificial) Intelligence A new Omdia survey shows a rapid increase in generative AI adoption for security Name That Toon: Cast Adrift Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Building AI That Respects Our Privacy Until laws can move at the speed of innovation, we'll see a discrepancy between the protections offered and the risks associated with technology. MORE

PRODUCTS & RELEASES

Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket

Darktrace and Garland Technology Collaborate to Help Businesses Secure Operational Technology Environments

Peters and Braun Introduce Bipartisan Bill to Bolster Government's Cybersecurity Capabilities

Amy Farrow Joins Infoblox As Chief Information Officer

F5 Welcomes Samir Sherif As New Chief Information Security Officer

Managed Ransomware Detect & Respond (RDR) Offering From Zyston

Nozomi Networks Delivers Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

National Cybersecurity Alliance Announces 2024 Data Privacy Week

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Microsoft Falls Victim to Russia-Backed 'Midnight Blizzard' Cyberattack

Russian state-sponsored threat actor Nobelium used a basic password-spray attack to breach Microsoft corporate email accounts, including for execs.

LATEST FROM THE EDGE

AI Gives Defenders the Advantage in Enterprise Defense

A panel of CISOs acknowledged that artificial intelligence has boosted the capabilities of threat actors, but enterprise defenders are actually benefiting more from the technology.

LATEST FROM DR TECHNOLOGY

Researchers Map AI Threat Landscape, Risks

With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions.

LATEST FROM DR GLOBAL

Magecart Adds Middle East Retailers to Long List of Victims

Cybercriminals who conspire to put credit-card skimmers on e-commerce sites have hit some large vendors in the region.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

The State of Supply Chain Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

View More Dark Reading Reports >>