Dark Reading Daily -- March 29, 2024

Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.

LATEST SECURITY NEWS & COMMENTARY

Suspected MFA Bombing Attacks Target Apple iPhone Users

Pervasive LLM Hallucinations Expand Code Developer Attack Surface

The tendency of popular AI-based tools to recommend nonexistent code libraries offers a bigger opportunity than thought to distribute malicious packages.

Corporations With Cyber Governance Create Almost 4X More Value

Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.

Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks

Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.

US Puts Up $10M Bounty on BlackCat Ransomware Gang Members

Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure.

Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East

Government, manufacturing, and the energy industry are the top targets of advanced, persistent threat actors, with phishing attacks and remote exploits the most common vectors.

3 Strategies to Future-Proof Data Privacy

To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques.

(Sponsored Article) What SolarWinds Means for DevSecOps

The SEC's SolarWinds indictment plus its new four-day rule for disclosing cybersecurity incidents have serious implications for DevSecOps teams.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Tycoon' Malware Kit Bypasses Microsoft, Google MFA Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. Getting Security Remediation on the Boardroom Agenda IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management. Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. How New-Age Hackers Are Ditching Old Ethics Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. MORE

PRODUCTS & RELEASES

Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth

Checkmarx Announces Partnership With Wiz

WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification

New Cyber Threats to Challenge Financial Services Sector in 2024

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass

The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.

LATEST FROM THE EDGE

It's Time to Stop Measuring Security in Absolutes

All-or-nothing security policies strain resources by aiming for perfection. We need a better way to assess progress.

LATEST FROM DR TECHNOLOGY

Strata Identity Releases New Authentication Recipes

The Microsoft Identity Cookbook is a collection of orchestration recipes to help organizations adopt cloud-based identity providers.

LATEST FROM DR GLOBAL

Indian Government, Oil Companies Breached by 'HackBrowserData'

The malicious actor used Slack channels as an exfiltration point to upload the stolen data.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>