"Schneider Electric clawed by 'Hellcat' Ransomware Gang." 

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 06 November 2024, 1431 UTC.

Content and Source:  Email subscription via https://feedly.com.  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

159K followers43 articles per week#security#tech

21

Most popular

Schneider Electric Clawed by 'Hellcat' Ransomware Gang

Schneider Electric suffers data breach

•

by Dark Reading Staff / 17h

The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

by Jennifer Lawinski, Contributing Writer / 1h

SANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks.

On Election Day, Disinformation Worries Security Pros the Most

Russia spreads election disinformation video

•

by Tara Seals, Managing Editor, News, Dark Reading / 1d

A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.

Yesterday

Canadian Authorities Arrest Attacker Who Stole Snowflake Data

5 TTPs

•

by Dark Reading Staff / 15h

•

Canadian hacker arrested for Snowflake breach

The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.

Attacker Hides Malicious Activity in Emulated Linux Environment

14 TTPs

•

by Jai Vijayan, Contributing Writer / 15h

•

CRON#TRAP infects Windows with backdoored VMs

The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.

Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America

by Becky Bracken, Senior Editor, Dark Reading / 17h

Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.

City of Columbus Drops Case on Cyberattack Whistleblower

Columbus ransomware attack exposes 500000

•

by Kristina Beek, Associate Editor, Dark Reading / 21h

The security researcher who notified the media of the breach will be free from the city's lawsuit, but not without a caveat.

Docusign API Abused in Widescale, Novel Invoice Attack

8 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 22h

•

DocuSign APIs exploited for phishing

Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.

Oh, the Humanity! How to Make Humans Part of Cybersecurity Design

by Robert Lemos, Contributing Writer / 23h

Government and industry want to jump-start the conversation around "human-centric cybersecurity" to boost the usability and effectiveness of security products and services.

How to Win at Cyber by Influencing People

by Gregory R. Simpson / 23h

Zero trust is a mature approach that will improve your organization's security.

Dark Reading Confidential: Quantum Has Landed, So Now What?

by Dark Reading Staff / 1d

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner's point of view -- with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.

Nov 4, 2024

Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

4 TTPs

•

by Robert Lemos, Contributing Writer / 1d

•

Iranian hackers expand attack targets

The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israel and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.

Antivirus, Anti-Malware Lead Demand for AI/ML Tools

by Dark Reading Staff / 1d

Companies are attaching the artificial intelligence term to everything these days, but in cybersecurity, machine learning is more than hype.

APT36 Refines Tools in Attacks on Indian Targets

14 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

•

APT36 launches ElizaRAT malware

The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.

Okta Fixes Auth Bypass Bug After 3-Month Lull

by Dark Reading Staff / 1d

The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.

OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

by Robert Lemos, Contributing Writer / 1d

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed

Google AI finds SQLite vulnerability

•

by Elizabeth Montalbano, Contributing Writer / 1d

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Name That Edge Toon: Aerialist's Choice

by John Klossner, Cartoonist / 1d

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Can Automatic Updates for Critical Infrastructure Be Trusted?

by John Paul Cunningham / 1d

The true measure of our cybersecurity prowess lies in our capacity to endure.

4 Main API Security Risks Organizations Need to Address

by Jai Vijayan, Contributing Writer / 2d

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

OWASP Releases AI Security Guidance

by Jennifer Lawinski, Contributing Writer / 2d

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

End of feed