Dark Reading Daily -- November 29, 2023

Follow Dark Reading:

November 29, 2023

LATEST SECURITY NEWS & COMMENTARY

Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds

Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case.

CISA to Congress: US Under Threat of Chemical Attacks

Dropping the ball on chemical security has precipitated "a national security gap too great to ignore," CISA warns.

Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads

Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.

Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks

Online shopping websites often lack basic security protections when it comes to PII, allowing malicious actors to capitalize on consumer data or perpetuate retail and hospitality scams.

macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks

Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.

Slovenian Electrical Utility HSE Suffers Ransomware Attack

The company's power production remains in operation, and authorities have been notified of the attack.

Attacks Against South African ICS and IoT Systems Steadily Decrease

All African nations saw a reduced number of cyberattacks on industrial and IoT systems in the third quarter of 2023 compared with earlier this year.

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk

Google says the issue has to do with organizations ensuring they implement least-privilege principles.

Fight or Flight: How to Keep Cyberattacks From Taking Off

As industries around the world act to mitigate the increase in cyber threats, the aviation sector should be leading the cybersecurity uprising, explains William "Hutch" Hutchison, CEO of SimSpace.

Name That Toon: Slam Dunk

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

(Sponsored Article) 3 Essential Steps to Strengthen SaaS Security

SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
General Electric, DARPA Hack Claims Raise National Security Concerns Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business. CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law. MORE

EDITORS' CHOICE

Dark Reading Debuts Fresh New Site Design

Check out our new look — it's crisp, fast, and more reader-friendly.

LATEST FROM THE EDGE

Exploited Vulnerabilities Can Take Months to Make KEV List

The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other sources of threat intelligence.

LATEST FROM DR TECHNOLOGY

GenAI Requires New, Intelligent Defenses

Understanding the risks of generative AI and the specific defenses to build to mitigate those risks is vital for effective business and public use of GenAI.

LATEST FROM DR GLOBAL

Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack

Fawry confirms addresses, phone numbers, and dates of birth, leaked online.

WEBINARS

Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ...
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization ...

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...
How to Use Threat Intelligence to Mitigate Third-Party Risk
The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Hack The Box Launches 5th Annual University CTF Competition

Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market

CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season

MORE PRODUCTS & RELEASES

CURRENT ISSUE

Tips for a Streamlined Transition to Zero Trust
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.