 | | LATEST SECURITY NEWS & COMMENTARY |  The Most Popular IT Admin Password Is Totally Depressing Analysis of more than 1.8 million admin portals reveals IT leaders, with the highest privileges, are just as lazy about passwords as everyone else.  EPA Turns Off Taps on Water Utility Cyber Regulations Facing a potential cascade of legal challenges from industry groups and state attorneys general, the EPA has rescinded its cyber-rules. But where does that leave local water safety?  D-Link Confirms Breach, Rebuts Hacker's Claims About Scope The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.  Critical Citrix Bug Exploited as a Zero-Day, 'Patching Is Not Enough' The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.  Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.  UAE, US Partner to Bolster Financial Services Cybersecurity The two countries agree to share financial services information and provide cross-border training and best practices. Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.  'Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.  Watch Out: Attackers Are Hiding Malware in 'Browser Updates' Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves. Jupyter Notebook Ripe for Cloud Credential Theft, Researchers Warn If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.  Top 6 Mistakes in Incident Response Tabletop Exercises Avoid these errors to get the greatest value from your incident response training sessions. The Need for a Cybersecurity-Centric Business Culture Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.  How Data Changes the Cyber-Insurance Market Outlook By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.  Name That Toon: Modern Monarchy Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE NEWS / MORE COMMENTARY | | |
| | | EDITORS' CHOICE | | |
| | | | WEBINARS | | |
| | | | WHITE PAPERS | | |
| | |
|
| | | FEATURED REPORTS | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
