Dark Reading Daily -- July 28, 2023

Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers

Some 40% of Ubuntu Linux cloud workloads subject to GameOverlay security bugs in the OverlayFS module.

Millions of People Affected in MOVEit Attack on US Gov't Vendor

Living up to its name, Maximus sees a whale of a breach that affects millions of people's sensitive government records, including health data.

Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology

Airline violates privacy protections of the EU's General Data Protection Regulation, plaintiff says, seeking a $210 million fine.

Despite Post-Log4j Security Gains, Developers Can Still Improve

Developers need more software security safeguards earlier in the process, especially as AI becomes more common.

TSA Updates Pipeline Cybersecurity Requirements

The updates will require pipeline owners and operators to do more than just plan for potential cyberattacks; now, those plans will need to be tested.

Group-IB Co-Founder Sentenced to 14 Years in Russian Penal Colony

Ilya Sachkov, convicted of treason by the Kremlin, will serve time in one of Russia's prison camps, which feature rigid schedules and isolation from the outside world, critics say.

Why Today's CISOs Must Embrace Change

With change happening faster than ever before, tools can help bridge capability gaps, along with accelerated workforce training.

What Will CISA's Secure Software Development Attestation Form Mean?

The proposed attestation form is meant to help secure the software chain and formalizes the role of the SBOM as the first line of defense.

'Nitrogen' Ransomware Effort Lures IT Pros via Google, Bing Ads

Forget temps and new employees. A new malicious campaign compromises organizations through a high risk, high reward vector: IT professionals.

Peloton Bugs Expose Enterprise Networks to IoT Attacks

Hackers have three key pathways — the OS, apps, and malware — for leveraging the popular home fitness equipment as initial access for data. compromise, ransomware, and more.

Kubernetes and the Software Supply Chain

Trusted content is paramount in securing the supply chain.

Cybercrime as a Public Health Crisis

The impact of fraud on a victim's health and well-being can be more painful than the financial loss.

Massive macOS Campaign Targets Crypto Wallets, Data

Threat actors are distributing new "Realst" infostealer via fake blockchain games, researchers warn.

LATEST FROM DR TECHNOLOGY

Cyclops Launches From Stealth With Generative AI-Based Search Tool

The contextual cybersecurity search platform helps security teams gather information about the organization’s environment and security posture.

LATEST FROM THE EDGE

Why CISOs Should Get Involved With Cyber Insurance Negotiation

Everyone benefits — the CISO, the company, and the insurer — when CISOs are included in arranging cyber insurance.

LATEST FROM DR GLOBAL

Israeli-Trained Azerbaijan Cyber Students Mark Inaugural Graduation

Azerbaijan minister pledges to train many more cyber specialists in the coming years to improve regional cyber-readiness.

How to Use Threat Intelligence to Mitigate Third-Party Risk