Dark Reading-Security.

"Emergin threats:  Vulnerabilities to prepare for in 2025."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 26 December 2024, 2116 UTC.

Content and Source:  https://www.darkreading.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 

Dark Reading

161K followers31 articles per week#security#tech

32

Most popular

Emerging Threats & Vulnerabilities to Prepare for in 2025

11 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 7h

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

SEC Disclosures Up, But Not Enough Details Provided

by Fahmida Y. Rashid / 6h

While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don't meet the SEC's "material" standard.

LockBit Ransomware Developer Arrested in Israel

Israeli hacker faces US extradition

•

58by Becky Bracken, Senior Editor, Dark Reading / 6d

Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.

Yesterday

DDoS Attacks Surge as Africa Expands Its Digital Footprint

by Jai Vijayan, Contributing Writer / 13h

As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.

Dec 24, 2024

Deepfakes, Quantum Attacks Loom Over APAC in 2025

by Jai Vijayan, Contributing Writer / 2d

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.

Too Much 'Trust,' Not Enough 'Verify'

by Rob Sloan, Sam Curry / 2d

"Zero trust" doesn't mean "zero testing."

Trump 2.0 Portends Big Shift in Cybersecurity Policies

by Becky Bracken, Senior Editor, Dark Reading / 2d

Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds' role in cybersecurity.

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

by Robert Lemos, Contributing Writer / 2d

The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.

Dec 23, 2024

Non-Human Identities Gain Momentum, Requires Both Management, Security

by Don Tait / 2d

The number of Non-Human Identities (NHIs) in many organizations has exploded. Key trends, drivers, and market landscape in this fast-developing area are explored.

Name That Toon: Sneaking Around

by John Klossner / 3d

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

How CISOs Can Communicate With Their Boards Effectively

by Harold Rivas / 3d

With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable.

Middle East Cyberwar Rages On, With No End in Sight

4 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.

Dec 20, 2024

How to Protect Your Environment From the NTLM Vulnerability

by Roy Akerman / 6d

This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

2 TTPs

•

by Robert Lemos, Contributing Writer / 6d

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing.

How Nation-State Cybercriminals Are Targeting the Enterprise

8 TTPs

•

by Adam Finkelstein / 6d

Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort.

Managing Threats When Most of the Security Team Is Out of the Office

by Joan Goodchild / 6d

During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls.

Dec 19, 2024

OT/ICS Engineering Workstations Face Barrage of Fresh Malware

2 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 6d

•

New malware targets IoT OT systems

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

Fortinet Addresses Unpatched Critical RCE Vector

3 TTPs

•

by Tara Seals, Managing Editor, News, Dark Reading / 6d

•

CVE-2023-34990

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

6 TTPs

•

by Nate Nelson, Contributing Writer / 7d

•

CVE-2024-53677

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Malvertisers Fool Google With AI-Generated Decoy Content

8 TTPs

•

by Jai Vijayan, Contributing Writer / 7d

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

Supply Chain Risk Mitigation Must Be a Priority in 2025

by Rob T. Lee / 7d

A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.

Vendors Chase Potential of Non-Human Identity Management

5 TTPs

•

by Jeffrey Schwartz / 7d

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Bridging the 'Keyboard-to-Chair' Gap With Identity Verification

by Joan Goodchild / 7d

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Dec 18, 2024

CISA Releases Draft of National Cyber Incident Response Plan

CISA seeks public input on NCIRP

•

by Jennifer Lawinski / 7d

The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.

India Sees Surge in API Attacks, Especially in Banking, Utilities

by Robert Lemos, Contributing Writer / 7d

The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.

Interpol: Can We Drop the Term 'Pig Butchering'?

Interpol warns against "pig butchering" term

•

by Becky Bracken, Senior Editor, Dark Reading / 8d

The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.

Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

Russia labels Recorded Future undesirable

•

by Tara Seals, Managing Editor, News, Dark Reading / 8d

The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.

Manufacturers Lose Azure Creds to HubSpot Phishing Attack

6 TTPs

•

by Nate Nelson, Contributing Writer / 8d

•

Phishing campaign targets Azure credentials

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign

9 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 8d

•

Google Calendar phishing attacks increase

Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

APIs discovered by attackers quickly

•

8d

[no content]

The Importance of Empowering CFOs Against Cyber Threats

by Shai Gabay / 8d

Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

8 TTPs

•

by Jai Vijayan, Contributing Writer / 8d

•

Earth Koshchei conducts rogue RDP attacks

The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.

End of feed