Dark Reading Daily -- September 13, 2023

Microsoft Patches a Pair of Actively Exploited Zero-Days

Five critical bugs, zero-days exploited in the wild, Exchange Server, and more headline Microsoft's September 2023 Patch Tuesday release. Here's what to patch now.

MGM Resorts Cyberattack Hobbles Las Vegas Strip Operations

Hospitality behemoth struggles to recover following a Sunday cyber incident that looks a lot like a ransomware attack.

China's Winnti APT Compromises National Grid in Asia for 6 Months

Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off.

Critical Google Chrome Zero-Day Bug Exploited in the Wild

The security vulnerability could lead to arbitrary code execution by way of application crashing.

Millions of Facebook Business Accounts Bitten by Python Malware

The "MrTonyScam" has a surprisingly high success rate, spreading a Python-based stealer to some 100,000 business accounts per week.

ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities

By code or by command, cybercriminals are circumventing ethical and safety restrictions to use generative AI chatbots in the way that they want.

'Anonymous Sudan' Sets Its Sights on Telegram in DDoS Attack

Telegram has not stated why it has suspended the group's primary account, but it is likely due to its use of bots.

The Double-Edged Sword of Cyber Espionage

State-sponsored attacks are alarming and difficult to prevent, but they suffer from a fundamental weakness that can be leveraged by defenders.

(Sponsored Article) Better SaaS Security Goes Beyond Procurement

The impulse to achieve strong SaaS security adherence through strict gatekeeping during procurement fails to reduce the risk that matters most.

'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key

China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.

Overcoming the Rising Threat of Session Hijacking

Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.

Attackers Abuse Google Looker Studio to Evade DMARC, Email Security

Cyberattackers are tapping the legitimacy of the Web-based data-visualization tool in a campaign aimed at stealing credentials and defrauding hundreds of business users.

LATEST FROM THE EDGE

Name That Edge Toon: Prized Possessions

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

LATEST FROM DR TECHNOLOGY

IBM Adds Data Security Broker to Encrypt Data in Multiclouds

The data security broker from Baffle brings field- and file-level encryption of sensitive data to new IBM Cloud Security Compliance Center.

LATEST FROM DR GLOBAL

Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen

Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.

What Ransomware Groups Look for in Enterprise Victims