Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
Follow Dark Reading:
 June 08, 2023
LATEST SECURITY NEWS & COMMENTARY
US Aerospace Contractor Hacked With 'PowerDrop' Backdoor
Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
Researchers Spot a Different Kind of Magecart Card-Skimming Campaign
In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the threat actor is also hijacking targeted domains to deliver the malware to other sites.
Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace
No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.
Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Streamers Ditch Netflix for Dark Web After Password Sharing Ban
Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates.
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks
Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.
Cyber Essentialism & 'Doing Less With Less'
Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy.
The Case for a Federal Cyber-Insurance Backstop
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.
After 'Inception' Attack, New Due Diligence Requirements Are Needed
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Where SBOMs Stand Today
It's been two years since Executive Order 14028. By using SBOMs as a standard, organizations can manage software risks, protect their reputation, and improve their cybersecurity posture.

Want Sustainable Security? Find Middle Ground Between Tech & Education
The winning recipe for sustainable security combines strategic user education and tactical automation of well-constructed processes.

Filling the Gaps: How to Secure the Future of Hybrid Work
By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.

MORE
EDITORS' CHOICE
Cl0p Claims the MOVEit Attack; Here's How the Gang Did It
A researcher guides Dark Reading through the most important bits of Cl0p's latest exploit.
LATEST FROM DR GLOBAL

'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft
SMS campaigns targeting members of the public in the United Arab Emirates have been detected.
LATEST FROM THE EDGE

Name That Edge Toon: Spring Chickens
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
LATEST FROM DR TECHNOLOGY

Defenders Buckle Up for a Future of Detecting Deepfakes
Today technology companies have high success rates against generative AI-created voices and videos, but future detection will be much more difficult.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services
Radiflow's CIARA 4.0 Delivers Actionable Insights to Simplify the Management of OT Cyber-Risk at Industrial Facilities
BeyondID Launches Initiative to Accelerate Zero Trust With Okta Identity Engine
ILTA and Conversant Group Release Cybersecurity Benchmarking Survey of the Legal Industry
Red Sift Launches Relevance Detection as GPT-4-Powered Asset Discovery and Classification Solution
Netskope Intelligent SSE Selected by Transdev to Secure and Connect its Hybrid Workforce
Cyversity and United Airlines to Provide Cybersecurity Training Scholarships to Cyversity Members
With SEC Rule Changes on the Horizon, Research Reveals Only 14% of CISOs Have Traits Desired for Cyber Expert Board Positions
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Everything You Need to Know About DNS Attacks
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us