Dark Reading Daily -- April 29, 2024

Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.

LATEST SECURITY NEWS & COMMENTARY

Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software

Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.

Palo Alto Updates Remediation for Max-Critical Firewall Bug

Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.

CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.

Thousands of Qlik Sense Servers Open to Cactus Ransomware

The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.

Minimum Viable Compliance: What You Should Care About and Why

Understand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with.

Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack

The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Attacker Social-Engineered Backdoor Code Into XZ Utils Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails. The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains Hackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect. SolarWinds 2024: Where Do Cyber Disclosures Go From Here? Get updated advice on how, when, and where we should disclose cybersecurity incidents under the SEC's four-day rule after SolarWinds, and join the call to revamp the rule to remediate first. Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare Cyberattacks on logistics are becoming increasingly common, and the potential impact is enormous. MORE

PRODUCTS & RELEASES

Jason Haddix Joins Flare As Field CISO

MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert

New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign

Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.

LATEST FROM THE EDGE

Held Back: What Exclusion Looks Like in Cybersecurity

You can't thinking about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.

LATEST FROM DR TECHNOLOGY

J&J Spin-Off CISO on Maximizing Cybersecurity

How the CISO of Kenvue, a consumer healthcare company spun out from Johnson & Johnson, combined tools and new ideas to build out the security program.

LATEST FROM DR GLOBAL

Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China

The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>