Dark Reading Daily -- August 30, 2024

LATEST SECURITY NEWS & COMMENTARY

Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets

In a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised.

Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums

Ransomware attacks and email-based fraud account for 80% to 90% of all claims processed by cyber insurers, but a handful of cybersecurity technologies can help prevent big damages.

Brazilian Ad Fraud Network 'Camu' Hits 2B+ Daily Bid Requests

The global Internet helps just about everything to scale more easily, including piracy and ad fraud.

Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges

The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world.

Top Travel Sites Have Some First-Class Security Issues to Clean Up

Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address.

How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture

Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets The pivot is one of several changes the groups using the malware have used in recent attacks. Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks. Manufacturing Sector Under Fire From Microsoft Credential Thieves The emails impersonate well-known companies in the industry, fooling the victim into thinking they are communicating with a legitimate entity. Why LLMs Are Just the Tip of the AI Security Iceberg With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact. MORE

PRODUCTS & RELEASES

Cobalt Appoints Sonali Shah as CEO

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024

AuthenticID Unveils Enhanced Smart ReAuth™ for Instant Biometric Reauthentication

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.

LATEST FROM THE EDGE

News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

As enterprises in the world embrace Microsoft's AI assistant, researcher Michael Bargury warns its security is lacking. Check out his News Desk interview during Black Hat USA.

LATEST FROM DR TECHNOLOGY

Check Point, Cisco Boost AI Investments With Latest Deals

Cisco's deal to acquire Robust Intelligence will make it possible to use red team algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform.

LATEST FROM DR GLOBAL

South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel

The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>