Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.
Follow Dark Reading:
 August 24, 2023
LATEST SECURITY NEWS & COMMENTARY
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign
Attackers use remote monitoring and management tools at MSPs to gain unfettered access to target networks.
North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT
The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.
Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology
Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.
CISA Committee Tackles Remote Monitoring and Management Protections
CISA's public-private partnership produces RMM strategies to shore up critical infrastructure and to educate the MSPs that provide remote access to them.
LinkedIn Suffers 'Significant' Wave of Account Hacks
Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks
Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, researchers say.
DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws
Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.
Researchers Trick an iPhone Into Faking Airplane Mode
How mobile attackers could gaslight iPhone users, allowing the perfect cover for post-exploitation malicious activity.
Name That Toon: Swift as an Arrow
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Unveiling the Hidden Risks of Routing Protocols
Neglecting security of Border Gateway Protocol (BGP) and other routing protocols has created multiple vulnerabilities that must be addressed.
When Leadership Style Is a Security Risk
Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.
Generative AI Is Scraping Your Data. So, Now What?
AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
How Innovation Accelerators Are at Work on the Dark Side
Digital commerce remains the richest target for cybercriminals, yet physical payment threats remain strong.

5 Early Warning Indicators That Are Key to Protecting National Secrets
The Defense Department must modernize user activity monitoring by prioritizing data that can be used early to proactively mitigate insider risk.

The Physical Impact of Cyberattacks on Cities
Understanding potential threats and regularly updating response plans are the best lines of defense in the new world of cyberattacks.

MORE
EDITORS' CHOICE
Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts
Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says.
LATEST FROM THE EDGE

'Cuba' Ransomware Group Uses Every Trick in the Book
How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations.
LATEST FROM DR TECHNOLOGY

AI Risk Database Tackles AI Supply Chain Risks
The open source tool — a collaboration between Robust Intelligence, MITRE, and Indiana University — assesses heavily shared, public machine learning models for risk.

LATEST FROM DR GLOBAL

Energy One Investigates Cyberattack
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.
WEBINARS
  • Managing Security In a Hybrid Cloud Environment

    Many enterprises have embraced hybrid- and multi-clouds. They spread their workloads across private data centers and public cloud, or across multiple cloud providers. How do you manage security when the tools are all different? How do you enforce security controls ...

  • The Threat Hunter's Playbook: Mastering Cloud Defense Strategies

    Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

  • How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

    Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Grip Security Raising $41M Series B Led by Third Point Ventures
Forescout Joins MISA and Announces Integration With Microsoft Sentinel
Absolute Dental Services Notifies Patients of Data Security Incident
ProjectDiscovery Announces $25M Series A Financing and Launch of Cloud Platform
Israel-US Binational Industrial R&D Foundation to Invest $3.85M in Critical Infrastructure Cybersecurity Projects
ISC2 Announces Milestone as Community Grows to Half a Million
CyCognito Finds Large Volume of Personal Identifiable Information in Vulnerable Cloud and Web Applications
MORE PRODUCTS & RELEASES
CURRENT ISSUE

What Ransomware Groups Look for in Enterprise Victims
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us