Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.
Follow Dark Reading:
 August 25, 2022
LATEST SECURITY NEWS & COMMENTARY
Mudge Blows Whistle on Alleged Twitter Security Nightmare
Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.
CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit
The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
Fake DDoS Protection Alerts Distribute Dangerous RAT
Adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.
New 'BianLian' Ransomware Variant on the Rise
Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.
Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.
Charming Kitten APT Wields New Scraper to Steal Email Inboxes
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials.
China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload
The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access.
VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data
An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.
Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero'
HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.
How to Upskill Tech Staff to Meet Cybersecurity Needs
Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff.
Cyber Resiliency Isn't Just About Technology, It's About People
To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.
Identity Security Pain Points and What Can Be Done
Replacing passwords is not as easy as people think, but there is hope.
Why Empathy Is the Key to Better Threat Modeling
Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
DevSecOps Gains Traction — but Security Still Lags
Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds.

Facing the New Security Challenges That Come With Cloud
Organizations relying on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities do so at their peril.

Apathy Is Your Company's Biggest Cybersecurity Vulnerability — Here's How to Combat It
Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect.

MORE
EDITORS' CHOICE
Patch Now: 2 Apple Zero-Days Exploited in Wild
The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response.
LATEST FROM THE EDGE

Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack
SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company’s software.
LATEST FROM DR TECHNOLOGY

Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits
The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Optiv's Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants
Acronis' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023
CyberRatings.org Announces New Web Browser Test Results for 2022
Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats
Proofpoint Introduces a Smarter Way to Stay Compliant with New Intelligent Compliance Platform
Secure Code Warrior Spotlights the Importance of Developer Security Skills with 2nd Annual Devlympics Competition
Coalfire Federal Among First Authorized to Conduct CMMC Assessments
Novant Health Notifies Patients of Potential Data Privacy Incident
Sophos Identifies Potential Tag-Team Ransomware Activity
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Living on the Edge: Building and Maintaining Security at the Network Edge
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us