A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
| | | LATEST SECURITY NEWS & COMMENTARY | | Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild. Generative AI Projects Pose Major Cybersecurity Risk to Enterprises Developers' enthusiasm for ChatGPT and other LLM tools leaves most organizations largely unprepared to defend against the vulnerabilities that the nascent technology creates. Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs. China's 'Volt Typhoon' APT Turns to Zoho ManageEngine for Fresh Cyberattacks A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks. Microsoft Teams Attack Skips the Phish to Deliver Malware Directly Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent. Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn. It's Open Season on Law Firms for Ransomware & Cyberattacks Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity. Trojanized Super Mario Installer Goes After Gamer Data A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene. 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices. Suspicious Smartwatches Mailed to US Army Personnel Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise. Lessons From a Pen Tester: 3 Steps to Stay Safer From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data. 3 Steps to Successfully & Ethically Navigate a Data Breach In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust. How Government Contractors & Agencies Should Navigate New Cyber Rules The impending regulations highlight the increasing importance of enhanced network security and regulatory compliance across the government sector. 5 Steps for Minimizing Dark Data Risk Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | Making Sense of Security Operations Data Most security operations centers aren't suffering from not having enough data- they have too much. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that your SOC team is focusing on the ... How to Use Threat Intelligence to Mitigate Third Party Risk Threat intelligence provides security teams with insights into the kinds of attacks that may target their organizations and prioritize their security activities. But what if the risk is coming from third-party partners and systems? In this webinar, experts discuss how ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
| | | FEATURED REPORTS | | How to Use Threat Intelligence to Mitigate Third-Party Risk The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... Shoring Up the Software Supply Chain Across Enterprise Applications Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... | | View More Dark Reading Reports >> |
|
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
