From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution.
Follow Dark Reading:
 August 10, 2023
LATEST SECURITY NEWS & COMMENTARY
It's Time for Cybersecurity to Talk About Climate Change
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.
OWASP Lead Flags Gaping Hole in Software Supply Chain Security
SBOMs aren't enough: Developers need to dig deeper into how software is built by using a process called binary source validation.
'Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw
A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause.
DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023
Dark Reading News Desk returns for a second day of interviews from Black Hat USA 2023. The livestream will start at 10 a.m. PT.
Microsoft Patches Zero-Day Bug Under Active Exploit in August Update
Attackers are already exploiting one of Microsoft's August Patch Tuesday fixes in the wild, which offers up a low attack complexity for cyberattackers.
Black Hat Opens With Call to Steer AI from Predictions to Policy
Without cybersecurity guardrails now, AI will be harder to harness in the future.
Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised
Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints.
Apple Users See Big Mac Attack, Says Accenture
Accenture's Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue.
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods.
Tesla Jailbreak Unlocks Theft of In-Car Paid Features
Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs.
Google, Microsoft Take Refuge in Rust Language's Better Security
More tech giants are turning to the Rust programming language for its built-in memory safety and other security features.
Salesforce Zero-Day Exploited to Phish Facebook Credentials
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
Exclusive: CISA Sounds the Alarm on UEFI Security
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
Burger King Serves Up Sensitive Data, No Mayo
The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data.
Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages
Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.
Selling Software to the US Government? Know Security Attestation First
Challenging new safety requirements are needed to improve security and work toward a more secure future.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance
More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated.

Why Shellshock Remains a Cybersecurity Threat After 9 Years
Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.

How to Talk So Your CISO Will Listen
Tailor your business project proposal to suit the language your company's CISO speaks, be it business, technical, or compliance. Do your research first and gather support from around the company.

MORE
EDITORS' CHOICE
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.
LATEST FROM THE EDGE

Name That Edge Toon: How Now?
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

AI Risk Database Tackles AI Supply Chain Risks
The open source tool — a collaboration between Robust Intelligence, MITRE, and Indiana University — assesses heavily shared, public machine learning models for risk.
LATEST FROM DR GLOBAL

Iran's APT34 Hits UAE With Supply Chain Attack
The prolific APT, also known as OilRig, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Checkmarx CISO Study Finds 96% of CISOs Say Their Business Prospects Consider Their Organizations' AppSec Maturity When Making Deal Decisions
Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right
Brillio Partners With Google Cloud to Build Generative AI Solutions for the Financial Services and Healthcare Industries
75% of Organizations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Akamai Research: Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware
Symmetry Systems Closes $17.7M To Scale its AI-Powered Data Security Platform
LastPass Announces Availability of FIDO2 Authenticators for Passwordless Login
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Supply Chain Attacks Work, and How to Stop Them
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us