Dark Reading Weekly -- March 07, 2024

LATEST SECURITY NEWS & COMMENTARY

BlackCat Goes Dark After Ripping Off Change Healthcare Ransom

Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.

Spoofed Zoom, Google & Skype Meetings Spread Corporate RATs

A Russian-language campaign aims to compromise corporate users on both Windows and Android devices by mimicking popular online collaboration applications.

First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches

The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently responsible for the Bank of America breach.

Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure

A newly developed PLC malware does not require physical access to target an ICS environment, is mostly platform neutral, and is more resilient than traditional malware aimed at critical infrastructure.

Amex Customer Data Exposed in Third-Party Breach

The breach occurred through a third-party service provider frequently used by the company's travel services division.

Army Vet Spills National Secrets to Fake Ukrainian Girlfriend

The retired US Army lieutenant colonel faces up to 10 years in prison if convicted of sharing secret information about the Russia-Ukraine war with a scammer posing as romantic connection.

Microsoft Zero-Day Used by Lazarus in Rootkit Attack

North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report.

NIST Cybersecurity Framework 2.0: 4 Steps to Get Started

The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.

CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok

Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike.

Zero-Click GenAI Worm Spreads Malware, Poisoning Models

35 years after the Morris worm, we're still dealing with a version of the same issue: data overlapping with control.

MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.

North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware

North Korea's latest espionage tool is tough to pin down, with random generators that throw detection mechanisms off its scent. The DPRK is using the recent critical bugs in ConnectWise ScreenConnect, a remote desktop tool, to deliver the bug.

MTTR: The Most Important Security Metric

Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries.

Tips on Managing Diverse Security Teams

The better a security team works together, the bigger the direct impact on how well it can protect the organization.

What Cybersecurity Chiefs Need From Their CEOs

By helping CISOs navigate the expectations being placed on their shoulders, CEOs can greatly benefit their companies.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Name That Edge Toon: How Charming Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Navigating Biometric Data Security Risks in the Digital Age The use of biometrics is increasingly common for authentication, and organizations must make sure their data security solutions protect what may be a new goldmine for hackers. 10 Essential Processes for Reducing the Top 11 Cloud Risks The Cloud Security Alliance's "Pandemic 11" cloud security challenges can be addressed by putting the right processes in place. MORE

PRODUCTS & RELEASES

Veeam Launches Veeam Data Cloud

Network Perception Introduces Rapid Verification of Zone-to-Zone Segmentation

Delinea Debuts Privilege Control for Servers: Thwarting Stolen Credentials and Lateral Movement

Boston Red Sox Choose Centripetal As Cyber Network Security Partner

Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Patch Now: Apple Zero-Day Exploits Bypass Kernel Security

A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.

LATEST FROM THE EDGE

CISO Sixth Sense: NIST CSF 2.0's Govern Function

2024 will redefine CISO leadership while acknowledging the management gap.

LATEST FROM DR TECHNOLOGY

The Challenges of AI Security Begin With Defining It

Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.

LATEST FROM DR GLOBAL

Taiwan's Biggest Telco Breached by Suspected Chinese Hackers

Stolen data from Chunghwa Telecom — including government-related details — are up for sale on the Dark Web, the Taiwanese defense ministry confirms.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>