An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.
Follow Dark Reading:
 February 02, 2023
LATEST SECURITY NEWS & COMMENTARY
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms
An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.
Discrepancies Discovered in Vulnerability Severity Ratings
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.
Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover
Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.
Nearly All Firms Have Ties With Breached Third Parties
The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.
Application Security Must Be Nonnegotiable
Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.
Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
CISA to Open Supply Chain Risk Management Office
A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.
Google Fi Users Caught Up in T-Mobile Breach
Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Firmware Flaws Could Spell 'Lights Out' for Servers
Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Will Cybersecurity Remain Recession-Proof in 2023?
Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

Are Your Employees Thinking Critically About Their Online Behaviors?
Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

MORE
EDITORS' CHOICE
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status
Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.
LATEST FROM THE EDGE

Why CISOs Should Care About Brand Impersonation Scam Sites
Enterprises often don't know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers' trust, money, and personally identifiable information.
LATEST FROM DR TECHNOLOGY

Checkmarx Launches Threat Intelligence for Open Source Packages
The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.
WEBINARS
  • The Ransomware Evolution: Protecting Against Professionalized Cybercriminal Operations

    Ransomware gangs are highly professional operations, with teams dedicated for customer service, help-desk, software development, distribution, and even marketing. There are marketplaces where attackers can easily pick up ransomware and attack infrastructure. Does your organization understand what kind of cybercriminal ...

  • Deciphering the Hype Around XDR

    Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Vista Equity Partners Completes Acquisition of KnowBe4
Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC
Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report
Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats
Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data
Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The Promise and Reality of Cloud Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us