Dark Reading Daily -- November 22, 2023

Exploit for Critical Windows Defender Bypass Goes Public

Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.

DPRK Hackers Masquerade as Tech Recruiters, Job Seekers

No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.

Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns

Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.

Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto

Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.

Inside Job: Cyber Exec Admits to Hospital Hacks

Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.

AutoZone Files MOVEit Data Breach Notice With State of Maine

The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.

Maximize Cybersecurity Returns: 5 Key Steps to Enhancing ROI

Cybersecurity isn't a one-time task. It's an ongoing effort that needs regular checks, updates, and teamwork.

(Sponsored Article) Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats

Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.

Amid Military Buildup, China Deploys Mustang Panda in the Philippines

China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.

How the Evolving Role of the CISO Impacts Cybersecurity Startups

CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs.

SEC Suit Ushers in New Era of Cyber Enforcement

A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.

Malware Uses Trigonometry to Track Mouse Strokes

The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.

LATEST FROM THE EDGE

The 7 Deadly Sins of Security Awareness Training

Stay away from using these tactics when trying to educate employees about risk.

LATEST FROM DR TECHNOLOGY

First Wave of Vulnerability-Fixing AIs Available for Developers

GitHub joins a handful of startups and established firms in the market, but all the products are essentially "caveat developer" — let the developer beware.

LATEST FROM DR GLOBAL

Major Saudi University to Offer AI, Cybersecurity Studies

University of Jeddah partners with Resecurity to teach cybersecurity skills.

Key DevSecOps Principles for Enterprise Mobile App Development