Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.
Follow Dark Reading:
 April 21, 2022
LATEST SECURITY NEWS & COMMENTARY
Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities
Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.
Security-as-Code Gains More Support, but Still Nascent
Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.
Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls
Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.
Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans
Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past.
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
Data Scientists, Watch Out: Attackers Have Your Number
Researchers should take extra care in deploying data-science applications to the cloud, as cybercriminals are already targeting popular data-science tools such as Jupyter Notebook.
Denonia Malware Shows Evolving Cloud Threats
Cloud security is constantly evolving and consistently different than defending on-premises assets. Denonia, a recently discovered serverless cryptominer drives home the point.
How Russia Is Isolating Its Own Cybercriminals
Sanctions imposed by the Biden administration, coupled with Russia's proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future.
Cybersecurity Act of 2022: A Step in the Right Direction With a Significant Loophole
The act contains a loophole added late in the process that will impede progress toward the goal of increasing US cybersecurity: a complete carve-out of DNS from the reporting requirements and other obligations outlined in the bill.
Name That Toon: Helping Hands
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
The Misconceptions of 2021's Black Swan Cyber Events
Organizations can defend themselves from future unknows attacks by implementing targeted security hardening measures, turning on built-in security protections, and leveraging existing technology stack to achieve microsegmentation and credential hygiene.
Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises
Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.

From Passive Recovery to Active Readiness
This is the shift that companies need to make after a cyberattack.

How to Interpret the EU's Guidance on DNS Abuse Worldwide
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.

MORE
EDITORS' CHOICE

6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)
Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others.
LATEST FROM THE EDGE

Adversaries Look for "Attackability" When Selecting Targets
A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.
LATEST FROM DR TECHNOLOGY

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps
IT departments must account for the business impact and security risks such applications introduce.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Building an Effective Active Directory Security Strategy

    For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ...

  • Incorporating a Prevention Mindset into Threat Detection and Response

    Cybercriminals are becoming more sophisticated and their attacks are increasingly difficult to detect. While threat detection and response is a critical component of enterprise security defense, activities geared towards prevention could save security teams a lot of time and resources ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Incognia Introduces New Location-Based Device Authorization Solution
Lightspin Secures Infrastructure as Code Files with New GitHub Integration
RF Code Announces Sentry, a New Edge Solution for Remote Locations
New Kiteworks Report Reveals Significant Risk Maturity Gap
Verica Launches Prowler Pro to Make AWS Security Simpler for Customers
Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region
Absolute Software Introduces Ransomware Response Offering
greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform
Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us