Dark Reading.

"Why data privacy isn't the same as data security."

Views expressed in this cybesecurity, cyber crime update are those of the reporters and correspondents.  

Content and Source:  https://www.darkreading.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 Dark Reading

166K followers40 articles per week

#security#tech

19

Today

Why Data Privacy Isn't the Same as Data Security

by Chris Borkenhagen / 1h

Failing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.

Threat Actors Use 'Spam Bombing' Technique to Hide Malicious Motives

by Alexander Culafi, Senior News Writer, Dark Reading / 2h

Darktrace researchers detailed "spam bombing," a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.

Google Merges Security Offerings Into a Cohesive Suite

by Agam Shah / 2h

Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference.

Advanced Preparation Was Key to a Secure Paris Olympics

by Richard Thurston / 2h

The security teams associated with the 2024 Olympic Games in Paris focused on in-depth penetration testing, crisis management exercises, and collaboration to defend against potential cyberattacks.

Yesterday

US Comptroller Cyber 'Incident' Compromises Org's Emails

3 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 17h

•

Hackers accessed US bank regulators' emails

A review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a "major cyber incident."

CrushFTP Exploitation Continues Amid Disclosure Dispute

Persistence (Enterprise TA0003)

•

by Rob Wright / 17h

•

CVE-2025-2825

Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

5 TTPs

•

by Jai Vijayan, Contributing Writer / 18h

•

Oracle faces criticism over security incidents

The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

Tariffs May Prompt Increase in Global Cyberattacks

by Robert Lemos, Contributing Writer / 18h

Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.

China-Linked Hackers Continue Harassing Ethnic Groups With Spyware

Spyware targets Uyghur Tibetan Taiwanese groups

•

by Elizabeth Montalbano, Contributing Writer / 21h

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.

Using Post-Quantum Planning to Improve Security Hygiene

by Murali Palanisamy / 1d

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future.

Industry Asks for Clarity on Proposed HIPAA Cybersecurity Rules

by Arielle Waldman / 1d

Healthcare and IT security practitioners worry that some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment.

Aurascape Brings Visibility, Security Controls to Manage AI Applications

Aurascape secures 50M for AI security

•

by Arielle Waldman / 1d

The cybersecurity startup has emerged from stealth with an AI-native security platform to automate security policies for AI applications.

Apr 8, 2025

Microsoft Drops Another Massive Patch Update

12 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.

UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare

AI enhances cyberwarfare threats globally

•

by Kristina Beek, Associate Editor, Dark Reading / 1d

Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI's ability to supercharge attacks.

2 Android Zero-Day Bugs Under Active Exploit

by Kristina Beek, Associate Editor, Dark Reading / 1d

Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.

How Democratized Development Creates a Security Nightmare

by Fernando José Karl / 1d

No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems.

Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube

IoC > 1 domain

•

by Elizabeth Montalbano, Contributing Writer / 2d

•

10 TTPs

•

Neptune RAT targets Windows passwords

The malware's creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise.

Experts Optimistic About Secure by Design Progress

by Arielle Waldman / 2d

Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? According to security experts Chris Wysopal and Jason Healey, the landscape is improving.

Palo Alto Networks Begins Unified Security Rollout

by Jeffrey Schwartz / 2d

Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation platform.

End of feed