The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
Follow Dark Reading:
 April 25, 2024
LATEST SECURITY NEWS & COMMENTARY
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros
Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.
FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat
Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.
Rebalancing NIST: Why 'Recovery' Can't Stand Alone
The missing ingredient in NIST's newest cybersecurity framework? Recovery.
'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity
Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.
Cyberattack Takes Frontier Communications Offline
The local phone and business communications company said that attackers accessed unspecified PII, after infiltrating its internal networks.
Lessons for CISOs From OWASP's LLM Top 10
It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.
2023: A 'Good' Year for OT Cyberattacks
Attacks increased by "only" 19% last year. But that number is expected to grow significently.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Name That Toon: Last Line of Defense
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

AI Lowers Barrier for Cyber-Adversary Manipulation in 2024 Election
Securing the presidential election requires vigilance and hardened cybersecurity defenses.

Where Hackers Find Your Weak Spots
The five intelligence sources that power social engineering scams.

MORE
PRODUCTS & RELEASES
KnowBe4 to Acquire Egress
Black Girls Do Engineer Signs Education Partnership Agreement With NSA
CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills
Miggo Launches Application Detection and Response (ADR) Solution
Auburn's McCrary Institute and Oak Ridge National Laboratory to Partner on Regional Cybersecurity Center
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
LATEST FROM THE EDGE

5 Hard Truths About the State of Cloud Security 2024
Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.
LATEST FROM DR TECHNOLOGY

Cisco's Complex Road to Deliver on Its Hypershield Promise
The tech giant tosses together a word salad of today's business drivers — AI, cloud-native, digital twins — and describes a comprehensive security strategy for the future, but can the company build the promised platform?
LATEST FROM DR GLOBAL

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years
Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us