North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report.
Follow Dark Reading:
 March 04, 2024
LATEST SECURITY NEWS & COMMENTARY
Microsoft Zero-Day Used by Lazarus in Rootkit Attack
North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report.
CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok
Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike.
Millions of Malicious Repositories Flood GitHub
GitHub and cyberattackers are waging a quiet, automated war over malicious repos.
NIST Cybersecurity Framework 2.0: 4 Steps to Get Started
The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.
Taiwan's Biggest Telco Breached by Suspected Chinese Hackers
Stolen data from Chunghwa Telecom — including government-related details — are up for sale on the Dark Web, the Taiwanese defense ministry confirms.
CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit
A sophisticated threat actor using an MO similar to Scattered Spider is camouflaging itself with convincing impersonation techniques in targeted attacks.
Tips on Managing Diverse Security Teams
The better a security team works together, the bigger the direct impact on how well it can protect the organization.
Biometrics Regulation Heats Up, Portending Compliance Headaches
A growing thicket of privacy laws regulating biometrics is aimed at protecting consumers amid increasing cloud breaches and AI-created deepfakes. But for businesses that handle biometric data, staying compliant is easier said than done.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models
The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.

Echoes of SolarWinds in New 'Silver SAML' Attack Technique
A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.

MTTR: The Most Important Security Metric
Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries.

MORE
PRODUCTS & RELEASES
Entro Extends Machine Secrets and Identities Protection With Machine Identity Lifecycle Management
Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO
Troutman Pepper Forms Incidents and Investigations Team
Tenable Introduces Visibility Across IT, OT, and IoT Domains
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs
Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.
LATEST FROM THE EDGE

It's 10 p.m. Do You Know Where Your AI Models Are Tonight?
Lack of AI model visibility and security puts the software supply chain security problem on steroids.
LATEST FROM DR TECHNOLOGY

Cloud Apps Make the Case for Pen-Testing-as-a-Service
Applications are increasingly distributed, expanding companies' cloud attack surfaces and requiring regular testing to find and fix vulnerabilities — and avoid the risk of a growing sprawl of services.
LATEST FROM DR GLOBAL

Infrastructure Cyberattacks, AI-Powered Threats Pummel Africa
Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in cyberattacks on the continent.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us