Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.
Follow Dark Reading:
 May 18, 2023
LATEST SECURITY NEWS & COMMENTARY
Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.
BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA
CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks.
Attackers Target macOS With 'Geacon' Cobalt Strike Tool
Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.
Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise
Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say.
TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline
US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation.
Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure
It's as they say: Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited.
Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme
Attackers compromised the personal email of a new employee and, when the initial attack failed, attempted through socially engineered messages to get the company to pay them off.
RA Ransomware Group Emerges With Custom Spin on Babuk
The freshly minted ransomware gang is customizing leaked Babuk source code to go after cyber targets in the US and South Korea — and it's expanding its operations quickly.
Microsoft Advisories Are Getting Worse
A predictable patch cadence is nice, but the software giant can do more.
Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table
Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.
I Was an RSAC Innovation Sandbox Judge — Here's What I Learned
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.
Name That Toon: One by One
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
AI Is About to Be Everywhere: Where Will Regulators Be?
Regulators should apply a healthy skepticism to generative AI developments to guarantee a competitive marketplace.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Startup Competition Secures ML Systems, Vulnerabilities in Automation
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.

4 Big Mistakes to Avoid in OT Incident Response
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.

Why Economic Downturns Put Innovation at Risk & Threaten Cyber Safety
Supplementing staff by hiring hackers to seek holes in a company's defense makes economic sense in a downturn. Could they be cybersecurity's unlikely heroes in a recession?

MORE
EDITORS' CHOICE
How Cybercriminals Adapted to Microsoft Blocking Macros by Default
One long-awaited security move caused a ripple effect in the cybercrime ecosystem.
LATEST FROM DR GLOBAL

Houthi-Backed Spyware Effort Targets Yemen Aid Workers
Pro-Houthi OilAlpha uses spoofed Android apps to monitor victims across the Arab peninsula working to bring stability to Yemen.
LATEST FROM THE EDGE

Making Sure Lost Data Stays Lost
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.
LATEST FROM DR TECHNOLOGY

Integrating Cyber Resiliency With FPGAs
Field programmable gate arrays are particularly useful for organizations that are embracing new edge computing devices and applications.
WEBINARS
  • Here's What Zero Trust Really Means

    Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ...

  • Next-Generation Supply Chain Security

    Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...

  • 10 Hot Talks From Black Hat USA 2022

    Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
XM Cyber Announces Partnership With SAP to Deliver Robust Security for Hybrid Environments
Circle Security Technology Partnership With ForgeRock to Accelerate the Prevention-First Era in Digital Security
Lacework Appoints Lea Kissner as Chief Information Security Officer
Trend Micro Reports Consistent Earnings Results for Q1 2023
Juniper Research Study Reveals Staggering Cost of Vulnerable Software Supply Chains
MORE PRODUCTS & RELEASES
CURRENT ISSUE

How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us