Dark Reading Daily -- March 28, 2024

The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.

LATEST SECURITY NEWS & COMMENTARY

Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass

The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.

Millions of Hotel Rooms Worldwide Vulnerable to Door Lock Exploit

Hotel locks have been vulnerable to cyber compromise for decades and are extending their run into the digital age.

'Tycoon' Malware Kit Bypasses Microsoft, Google MFA

Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram.

Zero-Day Bonanza Drives More Exploits Against Enterprises

Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google.

DHS Proposes Critical Infrastructure Reporting Rules

CISA will administer the new reporting requirements for cyber incidents and ransomware payments.

Getting Security Remediation on the Boardroom Agenda

IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management.

Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East

Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Apple Security Bug Opens iPhone, iPad to RCE CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices. Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under. How New-Age Hackers Are Ditching Old Ethics Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. 8 Strategies for Enhancing Code Signing Security Strong code-signing best practices are an invaluable way to build trust in the development process and enable a more secure software supply chain. MORE

PRODUCTS & RELEASES

WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification

New Cyber Threats to Challenge Financial Services Sector in 2024

Checkmarx Announces Partnership With Wiz

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers

A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.

LATEST FROM THE EDGE

A CISO's Guide to Materiality and Risk Determination

For many CISOs, "materiality" remains an ambiguous term. Even so, they need to be able to discuss materiality and risk with their boards.

LATEST FROM DR TECHNOLOGY

Using East-West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK

Ensuring that traffic visibility covers both client-server and server-server communications helps NetOps teams analyze and spot potential threats early on, avoiding catastrophic effects.

LATEST FROM DR GLOBAL

Vietnam Securities Broker Suffers Cyberattack That Suspended Trading

Attackers "encrypted" VNDirect's data in an attack that kept the broker offline for days.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>