The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Follow Dark Reading:
 November 27, 2023
LATEST SECURITY NEWS & COMMENTARY
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Rootkit Turns Kubernetes From Orchestration to Subversion
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
Web Shells Gain Sophistication for Stealth, Persistence
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
Idaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
Qatar Cyber Agency Runs National Cyber Drills
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
(Sponsored Article) Sky's the Limit, but What About API Security? Challenges in the Cloud-First Era
APIs enable cloud transformation but bring security risks, demanding robust, adaptive strategies to safeguard data and operations.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.

Maximize Cybersecurity Returns: 5 Key Steps to Enhancing ROI
Cybersecurity isn't a one-time task. It's an ongoing effort that needs regular checks, updates, and teamwork.

Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.

MORE
EDITORS' CHOICE
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
LATEST FROM THE EDGE

AI Helps Uncover Russian State-Sponsored Disinformation in Hungary
Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
LATEST FROM DR TECHNOLOGY

Generative AI Takes on SIEM
IBM joins CrowdStrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
LATEST FROM DR GLOBAL

The Persian Gulf's March to the Cloud Presents Global Opportunities
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
WEBINARS
  • Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven

    In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ...

  • SecOps & DevSecOps in the Cloud

    Security teams today face the dual challenge of securing cloud-native applications as well as their software development processes that increasingly operate in the cloud. At the same time, attacks are rising against misconfigured cloud instances as well as a new ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Lasso Security Emerges From Stealth With $6M Seed Funding for Gen AI and Advanced LLM Cybersecurity
Netskope Delivers the Next Gen SASE Branch, Powered by Borderless SD-WAN
Illumio Delivers Zero-Trust Segmentation Platform With the Addition of CloudSecure
Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Tips for a Streamlined Transition to Zero Trust
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us