Dark Reading Weekly -- February 08, 2024

LATEST SECURITY NEWS & COMMENTARY

Linux Distros Hit by RCE Vulnerability in Shim Bootloader

However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug.

Verizon Employee Data Exposed in Insider Threat Incident

Tens of thousands of workers are effected by a fellow employee dipping into files that include everything from SSNs and names to union status and compensation data.

China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure

Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to CISA.

AnyDesk Compromised, Passwords Revoked

Production systems at the remote access company were breached, leading AnyDesk to revoke code signing certificate and reset Web portal credentials as part of its incident response.

Cloudflare Falls Victim to Okta Breach, Atlassian Systems Cracked

The cyberattackers, believed to be state sponsored, didn't get far into Cloudflare's global network, but not for lack of trying.

China Infiltrates US Critical Infrastructure in Ramp-up to Conflict

Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.

Fulton County Court System Still Hobbled by Cyberattack

Even clients are having a difficult time searching for information on cases online.

Critical Bugs in Canon Small Office Printers Allow Code Execution, DDoS

A grouping of serious printer bugs, unveiled at last summer's Pwn2Own, were patchless for months, but are finally fixed now.

Microsoft Azure HDInsight Bugs Expose Big Data to Breaches

Security holes in a big data tool could lead to big data compromise.

Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists

Deepfakes are fast becoming more realistic, and access to them more democratic, enabling even ordinary attackers to enact major fraud. What's the most effective way to fight back?

Teens Committing Scary Cybercrimes: What's Behind the Trend?

Crypto theft, sextortion tactics, swattings, and ransomware: teenagers are increasingly taking up cybercrime for fun and profit — and experts credit an array of contributing factors.

How to Prepare for Elevated Cybersecurity Risk at the Super Bowl

Super Bowl 2024 in Las Vegas is a magnet for cybercrime. Here are a few things businesses should consider to minimize their risk.

CISO Corner: Gen Z Challenges, CISO Liability & Cathay Pacific Case Study

Dark Reading's roundup of strategic cyber-operations insights for chief information security officers.

Why Gen Z Is the New Force Reshaping OT Security

Modernizing legacy operational technology (OT) systems to align with younger workers' technology habits, skills, and expectations can enhance security and resiliency.

How Neurodiversity Can Help Fill the Cybersecurity Workforce Shortage

Many people with ADHD, autism, dyslexia, and other neurodiverse conditions bring new perspectives that can help organizations solve cybersecurity challenges.

Interpol's 'Synergia' Op Nabs Dozens of Cybercriminals, Zaps Global C2s

The largest number of takedowns in Africa were in South Sudan and Zimbabwe.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
How the SEC's Rules on Cybersecurity Incident Disclosure Are Exploited Cyber hygiene is no longer a nice-to-have but necessary for organizations that want to survive the relentless barrage of cyberattacks being unleashed daily. The Imperative for Robust Security Design in the Health Industry It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information. CMMC Is the Starting Line, Not the Finish Cybersecurity Maturity Model Certification (CMMC) and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies. MORE

PRODUCTS & RELEASES

New Report From Flare Highlights Pervasive Threat of Initial Access Brokers in NATO Countries

Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision

Akamai Announces Content Protector to Stop Scraping Attacks

IONIX Completes $42M Financing Round to Expand Threat Exposure Management Across the Entire Attack Surface

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

macOS Malware Campaign Showcases Novel Delivery Technique

Threat actor behind the Activator macOS backdoor is using pirated apps to distribute the malware in what could be a botnet-building operation.

LATEST FROM THE EDGE

Name That Edge Toon: The Great Escape

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

LATEST FROM DR TECHNOLOGY

Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem

With prompt injection, AI puts new spin on an old security problem

LATEST FROM DR GLOBAL

UAE Cybersecurity Official Warns of VPN Abuse

More than 6 million VPNs are now deployed on devices in the United Arab Emirates.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

The State of Supply Chain Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

View More Dark Reading Reports >>