Google's fix to the Bad.Build flaw only partially addresses the issue, say security researchers who discovered it.
Follow Dark Reading:
 July 19, 2023
LATEST SECURITY NEWS & COMMENTARY
Google Cloud Build Flaw Enables Privilege Escalation, Code Tampering
Google's fix to the Bad.Build flaw only partially addresses the issue, say security researchers who discovered it.
FIN8 Modifies 'Sardonic' Backdoor to Deliver BlackCat Ransomware
The cybercrime group has given its backdoor malware a facelift in an attempt to evade detection, making some bug fixes and setting itself up to deliver its latest crimeware toy, BlackCat.
Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw
A barrage of targeted attacks against vulnerable installations peaked at 1.3 million against 157,000 sites over the weekend, aimed at unauthenticated code execution.
Sogu, SnowyDrive Malware Spreads, USB-Based Cyberattacks Surge
Two separate threat actors are using poisoned USB drives to distribute malware in cyber-espionage campaigns targeting organizations across different sectors and geographies.
Pernicious Rootkits Pose Growing Blight On Threat Landscape
Attackers show renewed relentlessness in exploiting OS vulnerabilities that also circumvent defense and detection measures.
VirusTotal Data Leak Affects 5K+ Users
Some of the users who were impacted include the US Department of Justice, the NSA, and the FBI, alongside German intelligence agencies.
Hacker Infected & Foiled by Own Infostealer
A prolific threat actor has been operating on Russian-language forums since 2020, but then he accidentally infected his own computer and sold off its contents to threat researchers.
Linux Ransomware Poses Significant Threat to Critical Infrastructure
Organizations running Linux distributions need to prepare to defend their systems against ransomware attacks. Steps to ensure resiliency and basics such as access control reduce major disruptions.
Name That Toon: Shark Sighting
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud
The TeamTNT threat actor appears to be setting the stage for broader cloud worm attacks, researchers say.

If George Washington Had a TikTok, What Would His Password Be?
Artificial intelligence can be tricked into making password-based authentication even weaker.

Microsoft 'Logging Tax' Hinders Incident Response, Experts Warn
A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it.

MORE
EDITORS' CHOICE
5 Major Takeaways From Microsoft's July Patch Tuesday
July's updates contained 100+ patches and security policy notes, leaving vulnerability management teams stressed and scrambling to prioritize. We're here to help find some zen.
LATEST FROM DR TECHNOLOGY

Microsoft Takes Security Copilot AI Assistant to the Next Level
The company's AI for security operations centers continues to add integrations, as the industry looks to large language models for progress.
LATEST FROM THE EDGE

10 Features an API Security Service Needs to Offer
Securing APIs is specialized work. Here's what organizations should look for when selecting an outside partner.
LATEST FROM DR GLOBAL

APT35 Develops Mac Bespoke Malware
Iran-linked APT35 group crafted specific Mac malware when targeting a member of the media with new tools to add backdoors.
WEBINARS
  • State of DDoS: Mid-Year Threat Report

    Killnet, REvil and Anonymous Sudan - it's been a busy quarter in the DDoS realm. Threat actor groups have been targeting Western organizations in an attempt to disrupt our way of life. If you're finding it hard to keep track ...

  • Finding a Backup Strategy That Works For You

    You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions
Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills According to Bugcrowd Survey
Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients
Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How to Use Threat Intelligence to Mitigate Third-Party Risk
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023   |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us