Dark Reading Daily -- May 02, 2024

The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses.

LATEST SECURITY NEWS & COMMENTARY

'Cuttlefish' Zero-Click Malware Steals Private Cloud Data

Shadow APIs: An Overlooked Cyber-Risk for Orgs

Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.

Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft

Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.

UnitedHealth Congressional Testimony Reveals Rampant Security Fails

The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change's backup strategy failed.

Qantas Customers' Boarding Passes Exposed in Flight App Mishap

Some customers found that they had the ability to cancel a stranger's flight to another country after opening the app, which was showing other individuals' flight details.

The Cybersecurity Checklist That Could Save Your M&A Deal

With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.

(Sponsored Article) The Need to Secure AI Use Is Real. Are Organizations Prepared?

Generative AI brings both excitement and anxiety. Learn how to build a multifaceted approach to enable the secure use of AI in your organization.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024 Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI. Attackers Planted Millions of Imageless Repositories on Docker Hub The purported metadata for each these containers had embedded links to malicious files. R Programming Bug Exposes Orgs to Vast Supply Chain Risk The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. Okta: Credential-Stuffing Attacks Spike via Proxy Networks Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks. MORE

PRODUCTS & RELEASES

Intel 471 Acquires Cyborg Security

Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs

ESET PROTECT Portfolio Now Includes New MDR Tiers and Features

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.

LATEST FROM THE EDGE

Facebook at 20: Contemplating the Cost of Privacy

As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.

LATEST FROM DR TECHNOLOGY

Fortify AI Training Datasets From Malicious Poisoning

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

LATEST FROM DR GLOBAL

'DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>