"CISOs and their companies struggle to comply with SEC disclosure rules."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 17 May 2024, 1510 UTC.

Content and Source:  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml/Dark Reading.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

150K followers48 articles per week#security#tech

65

TODAY

CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules

by Robert Lemos, Contributing Writer / 1h

Most companies still can't determine whether a breach is material within the four days mandated by the SEC, skewing incident response.

Whose Data Is It Anyway? Equitable Access in Cybersecurity

by Barrett Lyon / 1h

Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data.

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days

Exploitation for Privilege Escalation (Enterprise T1068)

•

by Nate Nelson, Contributing Writer / 3h

A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.

YESTERDAY

Addressing the Cybersecurity Vendor Ecosystem Disconnect

by Andrew Morris / 17h

How security teams can bridge the gap between short-term profits and long-term business needs.

There Is No Cyber Labor Shortage

by Rex Booth / 17h

There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.

Santander Falls Victim to Data Breach Involving Third-Party Provider

Santander data breach affects clients

•

by Kristina Beek, Associate Editor, Dark Reading / 17h

The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.

US AI Experts Targeted in SugarGh0st RAT Campaign

SugarGh0st RAT targets US AI experts

•

by Jai Vijayan, Contributing Writer / 19h

Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group.

Asian Threat Actors Use New Techniques to Attack Familiar Targets

5 TTPs

•

by Microsoft Security / 19h

Generative AI and software supply chain attacks are being exploited to disrupt, manipulate, and steal.

GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft

Obfuscated Files or Information (Enterprise T1027)

•

by Nate Nelson, Contributing Writer / 19h

Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access.

FCC Reveals 'Royal Tiger' Robocall Campaign

FCC names Royal Tiger robocall threat

•

by Kristina Beek, Associate Editor, Dark Reading / 1d

In a first-ever move, the commission's enforcement bureau has high hopes that official classification will allow law enforcement partners to better combat these kinds of threats.

The Fall of the National Vulnerability Database

by Brian Fox / 1d

Since its inception, three key factors have affected the NVD's ability to classify security concerns — and what we're experiencing now is the result.

Windows Quick Assist Anchors Black Basta Ransomware Gambit

7 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

Quick Assist exploited for ransomware

When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.

Patch Now: Another Google Zero-Day Under Exploit in the Wild

CVE-2024-4947

•

by Dark Reading Staff / 1d

Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.

Google's AI Watermarks Will Identify Deepfakes

Google expands SynthID watermarking system

•

by Agam Shah, Contributing Writer / 1d

The SynthID line of watermarking techniques can be used to identify images, video, and text generated by artificial intelligence.

MAY 15, 2024

Nigeria Halts Cybersecurity Tax After Public Outrage

CBN directs banks cybersecurity levy

•

by Robert Lemos, Contributing Writer / 1d

In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity.

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks

2 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

•

CVE-2023-52424

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings

Palo Alto Networks

•

1d

[no content]

Notice of a Data Breach

1d

[no content]

Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure

Alkira raises $100M for networking

•

1d

[no content]

FBI, DoJ Shut Down BreachForums, Launch Investigation

by Dark Reading Staff / 1d

Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities.

Scammers Fake Docusign Templates to Blackmail & Steal From Companies

by Nate Nelson, Contributing Writer / 1d

Cybercriminals are trafficking Docusign assets that allow for easy extortion and business email compromise.

D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day

4 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.

3 Tips for Becoming the Champion of Your Organization's AI Committee

by Matan Getz / 2d

CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success.