The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
Follow Dark Reading:
 April 23, 2024
LATEST SECURITY NEWS & COMMENTARY
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs
State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.
ToddyCat APT Is Stealing Data on 'Industrial Scale'
The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar
An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims' Microsoft credentials.
Zero Trust Takes Over: 63% of Orgs Implementing Globally
Though organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner.
Where Hackers Find Your Weak Spots
The five intelligence sources that power social engineering scams.
(Sponsored Article) Commercial WebApp Security Tools Are Too Restrictive
Limits imposed by commercial WebApp dynamic application security testing (DAST) tools are counterproductive because they treat security as a luxury.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat
Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.

AI Lowers Barrier for Cyber-Adversary Manipulation in 2024 Election
Securing the presidential election requires vigilance and hardened cybersecurity defenses.

'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity
Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.

Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.

MORE
PRODUCTS & RELEASES
Miggo Launches Application Detection and Response (ADR) Solution
Auburn's McCrary Institute and Oak Ridge National Laboratory to Partner on Regional Cybersecurity Center
Redgate Launches Enterprise Edition of Redgate Monitor
BeyondTrust Acquires Entitle, Strengthening Privileged Identity Security Platform
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam
CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent user into handing over their high-value credentials.
LATEST FROM THE EDGE

Countering Voice Fraud in the Age of AI
Caller ID spoofing and AI voice deepfakes are supercharging phone scams. Fortunately, we have tools that help organizations and people protect themselves against the devious combination.
LATEST FROM DR TECHNOLOGY

Open Source Tool Looks for Signals in Noisy AWS Cloud Logs
Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks.
LATEST FROM DR GLOBAL

Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros
Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us