A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
Follow Dark Reading:
 June 29, 2023
LATEST SECURITY NEWS & COMMENTARY
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
Generative AI Projects Pose Major Cybersecurity Risk to Enterprises
Developers' enthusiasm for ChatGPT and other LLM tools leaves most organizations largely unprepared to defend against the vulnerabilities that the nascent technology creates.
Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.
China's 'Volt Typhoon' APT Turns to Zoho ManageEngine for Fresh Cyberattacks
A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks.
Microsoft Teams Attack Skips the Phish to Deliver Malware Directly
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
It's Open Season on Law Firms for Ransomware & Cyberattacks
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.
Trojanized Super Mario Installer Goes After Gamer Data
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
Suspicious Smartwatches Mailed to US Army Personnel
Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
3 Steps to Successfully & Ethically Navigate a Data Breach
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.
How Government Contractors & Agencies Should Navigate New Cyber Rules
The impending regulations highlight the increasing importance of enhanced network security and regulatory compliance across the government sector.
5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Preventing Cyberattacks on Schools Starts With K–12 Cybersecurity Education
By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.

Why the FDA's SBOM Mandate Changes the Game for OSS Security
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem.

3 Strategies for Bringing Rigor to Software Security
With the National Cybersecurity Strategy planning to add real teeth into enforcement actions, software vendors have extra incentive to reduce applications' security debt.

MORE
EDITORS' CHOICE
6 Ways Cybersecurity Is Gut-Checking the ChatGPT Frenzy
Generative AI chatbots like ChatGPT are the buzziest of the buzzy right now, but the cyber community is starting to mature when it comes to assessing where it should fit into our lives.
LATEST FROM DR TECHNOLOGY

Cl0p in Your Network? Here's How to Find Out
Companies targeted by hacking groups with Cl0p ransomware typically have several chances to catch the attack prior to the payload being deployed, experts say.
LATEST FROM THE EDGE

Why Legacy System Users Prioritize Uptime Over Security
For line-of-business execs, the fear of mission-critical systems grinding to a halt overrides their cybersecurity concerns. How can CISOs overcome this?
LATEST FROM DR GLOBAL

Black Hat Asia 2023: Cybersecurity Maturity and Concern in Asia
Black Hat Asia 2023 showed that cybersecurity is nascent among organizations in Asia with opportunities for improvement.
WEBINARS
  • Making Sense of Security Operations Data

    Most security operations centers aren't suffering from not having enough data- they have too much. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that your SOC team is focusing on the ...

  • How to Use Threat Intelligence to Mitigate Third Party Risk

    Threat intelligence provides security teams with insights into the kinds of attacks that may target their organizations and prioritize their security activities. But what if the risk is coming from third-party partners and systems? In this webinar, experts discuss how ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How to Use Threat Intelligence to Mitigate Third-Party Risk

    The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks
Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection
Astrix Security Raises $25M in Series A Funding
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise
Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers
Airgap Networks Acquires NetSpyGlass
Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors
Silobreaker Unveils Geopolitical Threat Intelligence Capabilities With RANE at Infosecurity Europe 2023
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us