Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector | 7 Things Your Ransomware Response Playbook Is Missing

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 year ago

Html
Text

Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.

Follow Dark Reading:

April 13, 2023

LATEST SECURITY NEWS & COMMENTARY

Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world. Microsoft: NSO Group-Like 'QuaDream' Actor Selling Mobile Spyware to Governments Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices. Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX. 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years. Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns. Cybercriminals 'CAN' Steal Your Car, Using Novel IoT Hack Your family's SUV could be gone in the night thanks to a headlight crack and hack attack. Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Workplace AI Warnings In three separate incidents, engineers at the Korean electronics giant reportedly shared sensitive corporate data with the AI-powered chatbot. Russia's Joker DPR Claims Access to Ukraine Troop Movement Data A hacktivist group working with Russia claims it breached DELTA, the Ukrainian battlefield management system (BMS). 'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks In next-gen, credential-harvesting attacks, phishing emails use cloud services and are free from the typical bad grammar or typos they've traditionally used (and which users have learned to spot). Rethinking Cybersecurity's Structure & the Role of the Modern CISO A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity. How Password Managers Can Get Hacked Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses. LastPass Breach Reveals Important Lessons Devastating cyberattacks often can be prevented with basic cybersecurity measures. Bad Actors Will Use Large Language Models — but Defenders Can, Too Security teams need to find the best, most effective uses of large language models for defensive purposes. MORE NEWS / MORE COMMENTARY


HOT TOPICS
What to Discuss at RSA Conference — and It's Not ChatGPT In-person conversations are a productive way to understand the state of the industry and learn new techniques. Take advantage of peers' experience, compare notes, and boost your skill set. Where Are the Women? Making Cybersecurity More Inclusive Stepped-up recruiting efforts along with better work-life balance policies and mentoring and recruitment programs will help balance the scales. Australia Is Scouring the Earth for Cybercriminals — the US Should Too It's time to get ahead of attacks before they even happen. MORE

EDITORS' CHOICE

7 Things Your Ransomware Response Playbook Is Likely Missing Incident response experts share their secrets for success when it comes to creating a professional-grade ransomware response playbook. Are you ready for the worst? LATEST FROM THE EDGE
How and Why to Put Multicloud to Work Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency. LATEST FROM DR TECHNOLOGY
Fight AI With AI By developing new tools to defend against adversarial AI, companies can help ensure that artificial intelligence is developed and used in a responsible and safe manner.

WEBINARS

Artificial Intelligence, ChatGPT and Cybersecurity: A Match Made in Heaven or a Hack Waiting to Happen?

Artificial intelligence (AI) is no longer science fiction. Software vendors have been integrating AI into products for years, which has led to innovations such as improved threat detection and training opportunities. But the emergence of newer technologies like DALL-E and ...

Expert Advice for Getting the Most from Security Orchestration, Automaton & Response Enterprise Tools

Over the past few years, many enterprises have been improving cybersecurity by implementing the Security Orchestration, Automation, and Response (SOAR) framework, which provides a path to collect threat data from multiple sources and respond to some security events automatically. How ...

View More Dark Reading Webinars >>

WHITE PAPERS

The Essential Guide to Secure Web Gateway The Relationship Between Security Maturity and Business Enablement Making Cybersecurity Mesh a Reality Cloud Incident Response Datasheet Transform Your Security Strategy 2022 Unit 42 Incident Response Report The CISOs Report: Perspectives, Challenges, and Plans for 2022 and Beyond

View More White Papers >>

FEATURED REPORTS

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

Shoring Up the Software Supply Chain Across Enterprise Applications

Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Menlo Security Illustrates Importance of Browser Security as 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption VulnCheck Named CVE Numbering Authority for Common Vulnerabilities and Exposures Report Reveals ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections Opera Adds Free VPN to Opera for iOS (ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders MORE PRODUCTS & RELEASES

CURRENT ISSUE

Shoring Up the Software Supply Chain Across Enterprise Applications
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Beyond Washington, DC: The State of State-Based Data Privacy Laws Informationweek.com
5 hours ago
Faux ChatGPT, Claude API Packages Deliver JarkaStealer Informationweek.com
7 hours ago
Final Chance: Urgent Invite for December 3rd Informationweek.com
8 hours ago

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines