Dark Reading Daily -- April 25, 2024

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

LATEST SECURITY NEWS & COMMENTARY

Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

Attacker Social-Engineered Backdoor Code Into XZ Utils

Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.

Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign

A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.

2023: A 'Good' Year for OT Cyberattacks

Attacks increased by "only" 19% last year. But that number is expected to grow significently.

Lights On in Leicester: Streetlights in Disarray After Cyberattack

The city is stymied in efforts to pinpoint the issue since its IT systems were shut down in the wake of the cyberattack.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Russia's Fancy Bear Pummels Windows Print Spooler Bug The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America. Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month. Lessons for CISOs From OWASP's LLM Top 10 It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line. Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices. MORE

PRODUCTS & RELEASES

Black Girls Do Engineer Signs Education Partnership Agreement With NSA

CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills

KnowBe4 to Acquire Egress

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

LATEST FROM THE EDGE

Rethinking How You Work With Detection and Response Metrics

Airbnb's Allyn Stott introduces maturity model inspired by the Hunting Maturity Model (HMM) to complement MITRE ATT&CK to improve security metrics analysis.

LATEST FROM DR TECHNOLOGY

Fortify AI Training Datasets From Malicious Poisoning

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

LATEST FROM DR GLOBAL

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>