It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
Follow Dark Reading:
 October 05, 2023
LATEST SECURITY NEWS & COMMENTARY
Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy
It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
Bing Chat LLM Tricked Into Circumventing CAPTCHA Filter
By reframing the narrative of the filter, the large-language model chatbot was more willing to solve the visual puzzle and override its programming.
'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover
The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.
Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections.
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
New Cisco IOS Zero-Day Delivers a Double Punch
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
DHS: Physical Security a Concern in Johnson Controls Cyberattack
An internal memo cites DHS floor plans that could have been accessed in the breach.
4 Legal Surprises You May Encounter After a Cybersecurity Incident
Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident.
Looking Beyond the Hype Cycle of AI/ML in Cybersecurity
Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps?
Making Sense of Today's Payment Cybersecurity Landscape
PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own.
Breaches Are the Cost of Doing Business, but NIST Is Here to Help
Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches.
Threat Data Feeds and Threat Intelligence Are Not the Same Thing
It's important to know the difference between the two terms. Here's why.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
How to Measure Patching and Remediation Performance
Tracking metrics like MTTR, MTTD, MTTP, and MTTC can demonstrate the effectiveness of your patch management process and your value to the business.

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.

Which DFIR Challenges Does the Middle East Face?
Demand for digital forensics and incident response (DFIR) surges in the Middle East, a new IDC report finds. Is automation the answer?

MORE
EDITORS' CHOICE
Johnson Controls International Disrupted by Major Cyberattack
The company filed with the SEC and is assessing its operations and financial damages.
LATEST FROM THE EDGE

Insurance Companies Have a Lot to Lose in Cyberattacks
Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect.
LATEST FROM DR TECHNOLOGY

7 Ways SMBs Can Secure Their WordPress Sites
This Tech Tip outlines seven easy fixes that small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities.
LATEST FROM DR GLOBAL

Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
The Israeli company developed highly-targeted, mobile malware that would make any APT jealous.
WEBINARS
  • Data Analytics That Matter Most to The Modern Enterprise

    Security teams are overwhelmed with incident data, alerts, and log files. Each endpoint and each application generate its own set of data. How do you know which ones are useful? How do you collect, aggregate, and analyze security data so ...

  • Tips for A Streamlined Transition to Zero Trust

    From identifying the potential attack surface to determining policy, there is a clear path to zero trust and best practices to make the transition as smooth as possible - both for your organization and your customers. Zero trust is more ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Okta Launches Cybersecurity Workforce Development Initiative to Help Close the Tech and Cybersecurity Skills Gap
Mitiga Secures Strategic Investment From Cisco
BeyondID Introduces Identity-First Model for Zero-Trust Maturity
37% Intimidated, 39% Frustrated With Online Security Highlighting Digital Anxiety
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The State of Supply Chain Threats
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us