Update to the NIST framework adds new "govern" function for cybersecurity.
Follow Dark Reading:
 August 17, 2023
LATEST SECURITY NEWS & COMMENTARY
What's New in the NIST Cybersecurity Framework 2.0
Update to the NIST framework adds new "govern" function for cybersecurity.
Microsoft Cloud Security Woes Inspire DHS Security Review
Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try.
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks
Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says.
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
Dell Credentials Bug Opens VMware Environments to Takeover
Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs.
Mirai Common Attack Methods Remain Consistent, Effective
While relatively unchanged, the notorious IoT botnet still continues to drive DDoS.
3 Major Email Security Standards Prove Too Porous for the Task
Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users.
Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers.
EvilProxy Cyberattack Flood Targets Execs via Microsoft 365
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations
AI Steals Passwords by Listening to Keystrokes With Scary Accuracy
The AI model trained on typing recorded over a smartphone was able to steal passwords with 95% accuracy.
Discord.io Temporarily Shuts Down Amid Breach Investigation
The platform plans to revamp its website code and conduct "a complete overhaul" of its security practices.
What CISA and NSA Guidance Means for Critical Infrastructure Security
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.
5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.
How & Why Cybercriminals Fabricate Data Leaks
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.
Boards Don't Want Security Promises — They Want Action
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Cybersecurity: It's Time to Trust the Machines
When it comes to cybersecurity automation, the pluses outweigh the minuses.

Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges
Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.

Bolstering Africa’s Cybersecurity
A thriving economy needs several factors to continue an upward trajectory — but is Africa in a position to enable these factors to take place?

MORE
EDITORS' CHOICE
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models
Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.
LATEST FROM THE EDGE

8 AI Risk and Resilience Firms CISOs Should Track
Check out our list of emerging firms that are building technology and services to assess the risk posture of AI systems and ML models.
LATEST FROM DR TECHNOLOGY

Lock Down APIs to Prevent Breaches
Developers need to focus on creating secure web and mobile applications because flaws in Web application programming interfaces (APIs) have left companies open to attack.
LATEST FROM DR GLOBAL

The Gulf's Dizzying Tech Ambitions Present Risk & Opportunity
Threats and opportunities are abound for the UAE and Gulf states, so can they deal with being a cybersecurity stronghold?
WEBINARS
  • The Threat Hunter's Playbook: Mastering Cloud Defense Strategies

    Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ...

  • Where and When Automation Makes Sense For Enterprise Cybersecurity

    A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Kaspersky Password Manager Adds 2FA One-Time Password Storage and New Browser Support
Dig Security State of Cloud Data Security 2023 Report Finds Exposed Sensitive Data in More Than 30% of Cloud Assets
67% of Federal Government Agencies Are Confident in Meeting Zero Trust Executive Order Deadline
OX Security Receives Strategic Investment From IBM Ventures
edX and Drake State Technical and Community College Launch Free Training Program
Call for Applications Open for DataTribe's Sixth Annual Cybersecurity Startup Challenge
Beyond Identity Launches Passkey Adoption Tool, The Passkey Journey
MORE PRODUCTS & RELEASES
CURRENT ISSUE

The Secrets of Successful SecOps Data Analytics
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us