Forget temps and new employees. A new malicious campaign compromises organizations through a high risk, high reward vector: IT professionals.
Follow Dark Reading:
 July 27, 2023
LATEST SECURITY NEWS & COMMENTARY
'Nitrogen' Ransomware Effort Lures IT Pros via Google, Bing Ads
Forget temps and new employees. A new malicious campaign compromises organizations through a high risk, high reward vector: IT professionals.
10 Free Purple Team Security Tools to Check Out
Check out this curated list of cool tools and platforms for both offensive security experts and defenders, all of which will be released or demoed at Black Hat USA 2023.
Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover
Researchers have delivered working exploits for RouterOS, which when combined with default admin passwords can be a recipe for cyber disaster.
Massive macOS Campaign Targets Crypto Wallets, Data
Threat actors are distributing new "Realst" infostealer via fake blockchain games, researchers warn.
'FraudGPT' Malicious Chatbot Now for Sale on Dark Web
The subscription-based, generative AI-driven offering joins a growing trend toward "generative AI jailbreaking" to create ChatGPT copycat tools for cyberattacks.
China Propaganda Spreads via US News Sites, Freelancers, Times Square
A widespread disinformation campaign aimed at Americans wasn't that effective, but it was certainly creative, even slipping in influence articles to legitimate news outlets like AZCentral.com.
Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway
Citrix is urging organizations to immediately patch the unauthenticated RCE vulnerability.
Peloton Bugs Expose Enterprise Networks to IoT Attacks
Hackers have three key pathways — the OS, apps, and malware — for leveraging the popular home fitness equipment as initial access for data. compromise, ransomware, and more.
Google Categorizes 6 Real-World AI Attacks to Prepare for Now
The models powering generative AI like ChatGPT are open to several common attack vectors that organizations need to understand and get ready for, according to Google's dedicated AI Red Team.
Kubernetes and the Software Supply Chain
Trusted content is paramount in securing the supply chain.
Designing a Security Strategy for Defending Multicloud Architectures
Complex security issues arise when different clouds and computing models interact.
Cybercrime as a Public Health Crisis
The impact of fraud on a victim's health and well-being can be more painful than the financial loss.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Should You Be Using a Cybersecurity Careers Framework?
Frameworks can help improve hiring practices and retention, and help guide education — which makes them an important asset worth exploiting.

Beyond ChatGPT: Organizations Must Protect Themselves Against the Power of AI
Artificial intelligence-powered threats are already affecting businesses, schools, hospitals, and individuals, and it will only get worse as AI advances.

The Dark Side of AI
Sophisticated fraudsters are exploiting ChatGPT and CAPTCHAs to evade enterprise security defenses.

MORE
EDITORS' CHOICE
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps
China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
LATEST FROM DR TECHNOLOGY

Kyndryl Expands Managed Security Services With More SOC Options
The "SOC as a platform" offers organizations with integrated security and IT operations management.
LATEST FROM THE EDGE

Companies Must Have Corporate Cybersecurity Experts, SEC Says
Enterprises now must describe their management's expertise in cybersecurity. But what exactly does that entail?
LATEST FROM DR GLOBAL

Zero-Day Vulnerabilities Discovered in Global Emergency Services Communications Protocol
Weak encryption algorithms leave radio communications open to attack and abuse.
WEBINARS
  • Where and When Automation Makes Sense For Enterprise Cybersecurity

    A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ...

  • Best Practices and Tools for OT and IT Security

    For years, information technology and operations technology systems have existed in parallel, but that is no longer the case. As the attack against Colonial Pipeline illustrated, attacks against IT can potentially impact OT, and vice versa. OT environments have their ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Coro Acquires Network Security Startup Privatise
SE Labs Unveils Latest Comparative Analysis of Endpoint Detection and Response Products
Managing Human Risk: Discoveries From SANS 2023 Security Awareness Report
Rezilion Uncovers High-Risk Vulnerabilities Missing From CISA KEV Catalog
Why Computer Security Advice Is More Confusing Than It Should Be
50% of Zero Trust Programs Risk Failure According to PlainID Survey
KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us