Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
Follow Dark Reading:
 August 04, 2023
LATEST SECURITY NEWS & COMMENTARY
Exclusive: CISA Sounds the Alarm on UEFI Security
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
The attack surface of a live event like this summer’s World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.
Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks
Industrial devices are less likely to be patched due to expensive downtime, and threat actors have taken notice.
Cult of the Dead Cow Hacktivists Give Life to 'Privacy-First' App Framework
The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized.
Russia's 'Midnight Blizzard' Hackers Launch Flurry of Microsoft Teams Attacks
The Nobelium APT is launching highly targeted Teams-based phishing attacks on government and industrial targets using compromised Microsoft 365 tenants, with the aim of data theft and cyber espionage.
As Artificial Intelligence Accelerates, Cybercrime Innovates
Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us.
How to Create an Effective GRC Program: 3 Phases
A crawl, walk, run approach allows organizations to establish a governance, risk, and compliance (GRC) program that grows and matures with the business.
(Sponsored Article) Insider Risk Management Starts With SaaS Security
SaaS security posture management helps mitigate common threats posed by malicious or negligent insiders.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Iran's APT34 Hits UAE With Supply Chain Attack
The prolific APT, also known as OilRig, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.

Russian APT 'BlueCharlie' Swaps Infrastructure to Evade Detection
Despite being outed earlier this year, the advanced persistent threat group is trying to sneak past researchers again.

Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages
Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.

Utilities Face Security Challenges as They Embrace Data in New Ways
A culture of cybersecurity and implementing industry best practices can go a long way toward protecting a utility.

MORE
EDITORS' CHOICE
Tesla Jailbreak Unlocks Theft of In-Car Paid Features
Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.
LATEST FROM THE EDGE

Protecting Intellectual Property When It Needs to Be Shared
Companies should use a variety of tools and strategies, both technical and policy, to protect their IP from third-party risk.
LATEST FROM DR TECHNOLOGY

10 Free Purple Team Security Tools to Check Out
Check out this curated list of cool tools and platforms for both offensive security experts and defenders, all of which will be released or demoed at Black Hat USA 2023.
LATEST FROM DR GLOBAL

Hacktivist Group 'Mysterious Team Bangladesh' Goes on DDoS Rampage
The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.
WEBINARS
  • Implementing Zero-Trust With A Remote Workforce

    The shift to remote work and a distributed workforce model highlighted the importance of the zero-trust model for organizations. Corporate endpoint devices are no longer protected behind the enterprise perimeter, connect to routers with unknown levels of security, and share ...

  • Where and When Automation Makes Sense For Enterprise Cybersecurity

    A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Qualys Announces First-Party Software Risk Management Solution
Center for Cyber Safety and Education Awards $174K in Cybersecurity Scholarships
Vulcan Cyber Attack Path Graph Targets Cloud-Scale Risk Prioritization and Mitigation
Mission Secure, Idaho National Laboratory Announce Partnership to Protect Critical Infrastructure
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Supply Chain Attacks Work, and How to Stop Them
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us