Dark Reading Daily -- April 12, 2024

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

LATEST SECURITY NEWS & COMMENTARY

DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

Sisense Password Breach Triggers 'Ominous' CISA Warning

With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.

Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases

Project behind the Rust programming language asserted that any calls to a specific API would be made safe, even with unsafe inputs, but researchers found ways to circumvent the protections.

Apple Warns Users in 150 Countries of Mercenary Spyware Attacks

In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.

Why MLBOMs Are Useful for Securing the AI/ML Supply Chain

A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Top MITRE ATT&CK Techniques and How to Defend Against Them A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them. NSA Updates Zero-Trust Advice to Reduce Attack Surfaces Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users. How Nation-State DDoS Attacks Impact Us All Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality. Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical." MORE

PRODUCTS & RELEASES

Cohesity Extends Collaboration to Strengthen Cyber Resilience With IBM Investment in Cohesity

National Security Agency Announces Dave Luber As Director of Cybersecurity

Wyden Releases Draft Legislation to End Federal Dependence on Insecure, Proprietary Software

MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

XZ Utils Scare Exposes Hard Truths About Software Security

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

LATEST FROM THE EDGE

Proper DDoS Protection Requires Both Detective and Preventive Controls

Distributed denial-of-service attacks still plague the enterprise, but adding preventive measures can reduce their impact.

LATEST FROM DR TECHNOLOGY

Knostic Brings Access Control to LLMs

Led by industry veterans Gadi Evron and Sounil Yu, the new company lets organizations adjust how much information LLMs provide based on the user's role and responsibilities.

LATEST FROM DR GLOBAL

Zambia Busts 77 People in China-Backed Cybercrime Operation

Phony call center company conducted online fraud and other Internet scams.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>