Dark Reading Daily -- October 23, 2024

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

LATEST SECURITY NEWS & COMMENTARY

Tricky CAPTCHA Caught Dropping Lumma Stealer Malware

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

If it's exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

OPA for Windows Vulnerability Exposes NTLM Hashes

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

Most US Political Campaigns Lack DMARC Email Protection

Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

What Today's SOC Teams Can Learn From Baseball

There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches. Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page' The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page. Why I'm Excited About the Future of Application Security The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage. Name That Toon: The Big Jump Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Unmanaged Cloud Credentials Pose Risk to Half of Orgs These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say. MORE

PRODUCTS & RELEASES

Honeywell and Google Cloud to Accelerate Auto Operations With AI Agents for the Industrial Sector

SoftwareOne Launches Cloud Competency Centre in Malaysia

Retail & Hospitality ISAC Launches Program Aimed at Securing Supply Chains

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Cisco Disables DevHub Access After Security Breach

The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.

LATEST FROM THE EDGE

Breaking Barriers: Making Cybersecurity Accessible For Neurodiverse Professionals

Cybersecurity is not "one size fits all." Employers, recruiters, and managers need to embrace neurodiversity through inclusive hiring practices, tailored training programs, and adaptive management styles.

LATEST FROM DR TECHNOLOGY

Time to Get Strict With DMARC

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.

LATEST FROM DR GLOBAL

Russia-Linked Hackers Attack Japan's Govt, Ports

Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>