Dark Reading-Cybersecurity News.

"China's Silk Typhoon APT shifts to IT supply chain attacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 09 March 2025, 1348 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

165K followers35 articles per week

#security#tech

45

Most popular

China's Silk Typhoon APT Shifts to IT Supply Chain Attacks

9 TTPs

•

by Jai Vijayan, Contributing Writer / 3d

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.

CISA Cuts: A Dangerous Gamble in a Dangerous World

by Steve Durbin / 2d

The Cybersecurity and Infrastructure Security Agency's role in risk management needs to expand, not shrink.

How Cyberattacks Affect Your Staff

by Chris Butler / 1d

Businesses have a responsibility to safeguard their workforce, which is best achieved by preparing and equipping the whole organization to better face these worst-case cyber scenarios.

Mar 7, 2025

'Spearwing' RaaS Group Ruffles Feathers in Cyber Threat Scene

by Kristina Beek, Associate Editor, Dark Reading / 1d

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.

MITRE EMB3D for OT & ICS Threat Modeling Takes Flight

by Robert Lemos, Contributing Writer / 1d

Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction.

Static Scans, Red Teams, and Frameworks Aim to Find Bad AI Models

by Robert Lemos, Contributing Writer / 1d

With hundreds of artificial intelligence models found harboring malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.

Cybercrime's Cobalt Strike Use Plummets 80% Worldwide

by Nate Nelson, Contributing Writer / 1d

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.

Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks

3 TTPs

•

by Rob Wright / 1d

•

CVE-2025-22224 & 2 others

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

Taylor Swift Ticket Thieves Charged in Court for Resale Operation

by Kristina Beek, Associate Editor, Dark Reading / 1d

The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.

Mar 6, 2025

Intel Maps New vPro Chips to MITRE's ATT&CK Framework

by Agam Shah / 2d

The PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE's ATT&CK.

Armis Acquires Otorio to Expand OT Exposure Management Platform

Armis acquires Otorio for cybersecurity

•

by Jeffrey Schwartz / 2d

Armis will integrate Otorio's Titan platform with its cloud-based Centrix, bringing an on-premises option to the cloud-only offering.

'EncryptHub' OPSEC Failures Reveal TTPs & Big Plans

19 TTPs

•

by Nate Nelson, Contributing Writer / 2d

•

EncryptHub attacks 618 organizations globally

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?

Under Pressure: US Charges China's APT-for-Hire Hackers

US charges Chinese hackers espionage

•

by Alexander Culafi, Senior News Writer, Dark Reading / 2d

The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.

Women Faced the Brunt of Cybersecurity Cutbacks in 2024

by Kristina Beek, Associate Editor, Dark Reading / 2d

Many women are finding that they are unhappy in their cybersecurity roles, largely due to the layoffs their companies are experiencing, cutbacks, and return to in-office work policies.

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety

by Adam Strange / 2d

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

Deepfake Videos of YouTube CEO Phish Creators

YouTube warns of deepfake phishing

•

by Kristina Beek, Associate Editor, Dark Reading / 2d

YouTube creators are being targeted by scammers seeking out their credentials, using deepfake tactics to lure them in with a false sense of legitimacy.

Cybersecurity's Future Is All About Governance, Not More Tools

by Shirley Salzman / 3d

As CISOs take a seat at the boardroom table, the focus shifts from stacking security tools to driving accountability, efficiency, and strategic risk management.

Mar 5, 2025

Ransomware Attacks Build Against Saudi Construction Firms

Command and Control (Enterprise TA0011)

•

by Robert Lemos, Contributing Writer / 3d

Cybercriminals are ramping up their efforts in the Kingdom and targeting more than just petroleum firms; now, they're aiming for Middle East organizations in the IT, government, construction, and real estate sectors too.

Aryon Security Launches to Tackle Cloud Misconfigurations

Aryon Security raises 9M$ for cloud

•

by Arielle Waldman / 3d

The new cloud security startup uses AI to scan cloud applications and systems for issues before they are deployed.

Espionage Actor 'Lotus Blossom' Targets Southeast Asia

7 TTPs

•

by Alexander Culafi, Senior News Writer, Dark Reading / 3d

•

Lotus Blossom group targets industries

The threat actor, of unknown origin, is deploying a proprietary backdoor malware known as "Sagerunex" against critical infrastructure in Hong Kong, Philippines, Taiwan, and Vietnam.

Qualcomm, MediaTek Release Security Fix Bonanza

3 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

The chipmakers patched bugs, mostly critical and high severity, that affect everything from smartphones to TVs to artificial intelligence platforms.

'Crafty Camel' APT Targets Aviation, OT With Polygot Files

8 TTPs

•

by Nate Nelson, Contributing Writer / 3d

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

Bogus 'BianLian' Gang Sends Snail-Mail Extortion Letters

2 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 3d

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.

Why Security Leaders Are Opting for Consulting Gigs

by Richard Marcus / 3d

Many CISOs are weighing the benefits of going virtual as a consultant. Can the pendulum swing in the other direction?

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

by Richard Thurston / 4d

A global report published by the World Economic Forum points to a new "world order characterized by greater instability, polarizing narratives, eroding trust, and insecurity.