China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.
Follow Dark Reading:
 April 19, 2023
LATEST SECURITY NEWS & COMMENTARY
APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks
China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.
Researchers Discover First-Ever Major Ransomware Targeting macOS
In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet.
QBot Expands Initial Access Malware Strategy With PDF-WSF Combo
The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload.
'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads
Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.
Recycled Core Routers Expose Sensitive Corporate Network Info
Researchers are warning about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits
An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets.
'Zaraza' Bot Targets Google Chrome to Extract Login Credentials
The data-stealing malware threatens the cyber safety of individual and organizational privacy by infecting a range of Web browsers.
Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
To address the rising risk of online fraud, stolen identities, and cyberattacks, innovative organizations have begun converging their security functions — here's how yours can prepare.
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures
Use ongoing exposure management to parse the riskiest exposures and probable attack paths, then identify and plug the choke points.
(Sponsored Article) Human Detection and Response: A New Approach to Building a Strong Security Culture
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Google Issues Emergency Chrome Update for Zero-Day Bug
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.

Top 5 Data Security RSAC 2023 Sessions to Attend
A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.

MORE
EDITORS' CHOICE
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware
Members of the former ransomware group are using a FIN7 backdoor to deliver malware —including Cobalt Strike — to victim systems.
LATEST FROM THE EDGE

Where There's No Code, There's No SDLC
How can we build security back into software development in a low-code/no-code environment?
LATEST FROM DR TECHNOLOGY

How Zero Trust Can Protect Systems Against Generative AI Agents
Researchers explore a love-hate relationship with AI tools like ChatGPT, which can be used to both attack and defend more efficiently.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

    The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

  • 10 Hot Talks From Black Hat USA 2022

    Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
KnowBe4 Phishing Test Results Reveal IT and Online Services Emails Drive Dangerous Attack Trend
Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 Months
Cyberattacks Can Cost Enterprises Up to 30% of Operating Income According to ThreatConnect
Marlinspike Adds Charles Carmakal to its Advisory Board
Report: Over Half of North American Consumers Are Open to Passwordless
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Successfully Managing Identity in Modern Cloud and Hybrid Environments
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us