A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.
Follow Dark Reading:
 March 28, 2024
LATEST SECURITY NEWS & COMMENTARY
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers
A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.
'Tycoon' Malware Kit Bypasses Microsoft, Google MFA
Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram.
Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass
The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.
Apple Security Bug Opens iPhone, iPad to RCE
CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.
NIST's Vuln Database Downshifts, Prompting Questions About Its Future
NVD may be in peril, and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats.
Australian Government Doubles Down On Cybersecurity in Wake of Major Attacks
Government proposes more modern and comprehensive cybersecurity regulations for businesses, government, and critical infrastructures providers Down Under.
Patch Now: Critical Fortinet RCE Bug Under Active Attack
A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.
Ivanti Keeps Security Teams Scrambling With 2 More Vulns
Since the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks.
300K Internet Hosts at Risk for 'Devastating' Loop DoS Attack
Attackers can create a self-perpetuating, infinite scenario in such a way that volumes of traffic overwhelm network resources indefinitely.
Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of the top cloud services.
How New-Age Hackers Are Ditching Old Ethics
Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape.
Cyber Warfare: Understanding New Frontiers in Global Conflicts
An arms race is developing between those using technology to target adversaries and those using it prevent attacks from succeeding.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Getting Security Remediation on the Boardroom Agenda
IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management.

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
The issue can seem daunting, but most organizations have more agency and flexibility to deal with third-party risk than they think.

8 Strategies for Enhancing Code Signing Security
Strong code-signing best practices are an invaluable way to build trust in the development process and enable a more secure software supply chain.

MORE
PRODUCTS & RELEASES
New Cyber Threats to Challenge Financial Services Sector in 2024
Checkmarx Announces Partnership With Wiz
WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
GitHub Developers Hit in Complex Supply Chain Cyberattack
The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects.
LATEST FROM THE EDGE

AWS CISO: Pay Attention to How AI Uses Your Data
Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool and a double-edged sword.
LATEST FROM DR TECHNOLOGY

A Database-Oriented Operating System Wants to Shake Up Cloud Security
The operating system, DBOS, natively uses a relational database to reduce cost, ease application development, and maintain cybersecurity and integrity.
LATEST FROM DR GLOBAL

'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide
Pervasive and inexpensive phishing kit encompasses hundreds of templates targeting Kuwait Post, Etisalat, Jordan Post, Saudi Post, Australia Post, Singapore Post, and postal services in South Africa, Nigeria, Morocco, and more.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us