Dark Reading Daily -- August 22, 2023

Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.

More Than Half of Browser Extensions Pose Security Risks

Spin.AI's risk assessment of some 300,000 browser extensions found 51% had overly permissive access and could execute potentially malicious behaviors.

Newer, Better XLoader Signals a Dangerous Shift in macOS Malware

Malware aimed at macOS is no longer just a knockoff of a Windows bug, as a new infostealer proliferating on Mac laptops demonstrates.

Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.

When Leadership Style Is a Security Risk

Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk.

Controversial Cybercrime Law Passes in Jordan

The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.

The Physical Impact of Cyberattacks on Cities

Understanding potential threats and regularly updating response plans are the best lines of defense in the new world of cyberattacks.

(Sponsored Article) How to Prepare for ChatGPT's Risk Management Challenges

ChatGPT promises to transform all sorts of corporate business functions, but your business needs to be prepared to address the new risks that come with it.

Chinese APT Targets Hong Kong in Supply Chain Attack

Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.

Fed Warning: US Space Industry Subject to Foreign Spying, Disruptions

The space industry must improve security as foreign intelligence entities seek to steal trade secrets and disrupt space-based infrastructure, US agencies caution.

Unveiling the Hidden Risks of Routing Protocols

Neglecting security of Border Gateway Protocol (BGP) and other routing protocols has created multiple vulnerabilities that must be addressed.

Generative AI Is Scraping Your Data. So, Now What?

AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.

Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology

Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.

LATEST FROM THE EDGE

'Cuba' Ransomware Group Uses Every Trick in the Book

How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations.

LATEST FROM DR TECHNOLOGY

PKI Maturity Model Aims to Improve Crypto Infrastructure

Joining a growing group of cybersecurity-related "maturity models," PKIMM allows companies to measure their progress and benchmark themselves against other firms.

LATEST FROM DR GLOBAL

Energy One Investigates Cyberattack

Energy One is trying to determine the initial point of entry and whether personal information has been compromised.

The Secrets of Successful SecOps Data Analytics