Dark Reading Daily -- July 29, 2024

Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.

LATEST SECURITY NEWS & COMMENTARY

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.

CrowdStrike Outage Losses Estimated at a Staggering $5.4B

Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.

Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs

The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.

US Offers $10M Reward for Information on North Korean Hacker

The individual is part of a DPRK-backed group known as Andariel, which is known for using the 'Maui' ransomware strain to target and extort healthcare entities.

Nvidia Embraces LLMs & Commonsense Cybersecurity Strategy

Nvidia doesn't just make the chips that accelerate a lot of AI applications — the company regularly creates and uses its own large language models, too.

Distributing Security Responsibilities (Responsibly)

Outlining the wider organization's proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Feds Warn of North Korean Cyberattacks on US Critical Infrastructure The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others said. Unexpected Lessons Learned From the CrowdStrike Event How your organization can leverage the disruptive CrowdStrike update to become more resilient. Microsoft's Internet Explorer Gets Revived to Lure in Windows Victims Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since. Is Our Water Safe to Drink? Securing Our Critical Infrastructure Our critical systems can be protected from looming threats by embracing a proactive approach, investing in education, and fostering collaboration between IT and OT professionals. MORE

PRODUCTS & RELEASES

Check Point Research Reports Highest Increase of Global Cyber Attacks Seen in Last Two Years

Seemplicity 2024 Remediation Operations Report: Rising Exposure Management Risk

EC-Council Democratizes Hands-On Cybersecurity Training With 8 Cyber Courses

Cloud Security Alliance Introduces Certificate of Cloud Security Knowledge

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

LATEST FROM THE EDGE

Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills

A two-day presentation will examine the social-behavioral aspects of cybersecurity leadership to drive team success.

LATEST FROM DR TECHNOLOGY

Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?

Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case.

LATEST FROM DR GLOBAL

China-Backed Phishing Attack Targets India Postal System Users

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

2024 InformationWeek US IT Salary Report

View More Dark Reading Reports >>