Dark Reading Newsletter

 "Hybrid work exposes new vulnerabilities in print security."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 18 October 2024, 1403 UTC.

Content and Source:  https://www.darkreading.com

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

158K followers47 articles per week#security#tech

32

Most popular

Hybrid Work Exposes New Vulnerabilities in Print Security

6 TTPs

•

100+by Jai Vijayan, Contributing Writer / 1d

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.

Internet Archive Slowly Revives After DDoS Barrage

38by Kristina Beek, Associate Editor, Dark Reading / 19h

Days after facing a major breach, the site is still struggling to get fully back on its feet.

LLMs Are a New Type of Insider Adversary

by Shaked Reiner / 3d

The inherent intelligence of large language models gives them unprecedented capabilities like no other enterprise tool before.

Yesterday

Ex-Oracle, Google Engineers Raise $7m From Accel for Public Launch of Simplismart to Empower AI Adoption

Ex-Oracle Google engineers raise 7M$

•

17h

[no content]

Illinois Joins CoSN's Trusted Learning Environment (TLE) State Partnership Program for Student Data Privacy

17h

[no content]

Swift to Launch AI-Powered Fraud Defence to Enhance Cross-Border Payments

Swift launches AI fraud detection

•

17h

[no content]

Hong Kong Crime Ring Swindles Victims Out of $46M

Hong Kong arrests in crypto scam

•

by Dark Reading Staff / 17h

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

Anonymous Sudan Unmasked as Leaders Face Life in Prison

Sudanese nationals indicted for cyberattacks

•

by Nate Nelson, Contributing Writer / 20h

US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.

4 Ways to Address Zero-Days in AI/ML Security

by Dan McInerney / 21h

As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI.

Is a CPO Still a CPO? The Evolving Role of Privacy Leadership

by Arlo Gilbert / 23h

Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?

Oct 16, 2024

Iran's APT34 Abuses MS Exchange to Spy on Gulf Gov'ts

18 TTPs

•

by Nate Nelson, Contributing Writer / 1d

•

CVE-2024-30088

A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.

Chinese Researchers Tap Quantum to Break Encryption

China hacks encryption with quantum computer

•

by Jai Vijayan, Contributing Writer / 1d

But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.

71% of Hackers Believe AI Technologies Increase the Value of Hacking

Hackers see AI boosting hacking value

•

1d

[no content]

Port Raises $35M for its End-to-End Internal Developer Portal

Port raises 35M for developer tools

•

1d

[no content]

Bad Actors Manipulate Red-Team Tools to Evade Detection

Defense Evasion (Enterprise TA0005)

•

by Dark Reading Staff / 1d

•

EDRSilencer tool evades endpoint detection

By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.

Cyber Gangs Aren't Afraid of Prosecution

by Ilia Kolochenko / 1d

Challenges with cybercrime prosecution are making it easier for attackers to act with impunity. Law enforcement needs to catch up.

Sidewinder Casts Wide Geographic Net in Latest Attack Spree

23 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.

What Cybersecurity Leaders Can Learn From the Game of Golf

by Jeff Shiner / 2d

As in golf, security requires collaboration across the entire organization, from individual contributors in each department to the executive level and the board.

Oct 15, 2024

FHE Consortium Pushes for Quantum-Resilient Cryptography Standards

by Jennifer Lawinski, Contributing Writer / 2d

The FHE Technical Consortium for Hardware (FHETCH) brings together developers, hardware manufacturers, and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.

North Korea Hackers Get Cash Fast in Linux Cyber Heists

2 TTPs

•

by Dark Reading Staff / 2d

•

New FASTCash malware targets Linux

The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

5 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 2d

•

Darknet targets 2024 US election

Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.

WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

WordPress forks ACF plugin from WP Engine

•

by Jai Vijayan, Contributing Writer / 2d

WordPress moves could have security implications for sites using Advanced Custom Fields plug-in.

CISOs' Privacy Responsibilities Keep Growing

by Joan Goodchild / 3d

A heated regulatory landscape, uncertainty over AI use, and how it all ties back to cybersecurity means CISOs have to add privacy to their portfolios.

Even Orgs With SSO Are Vulnerable to Identity-Based Attacks

6 TTPs

•

by Edge Editors / 3d

Use SSO, don't use SSO. Have MFA, don't have MFA. An analysis of a snapshot of organizations using Push Security's platform finds that 99% of accounts are susceptible to phishing attacks.

Oct 14, 2024

The Lingering 'Beige Desktop' Paradox

by Dave Lewis / 3d

Organizations are grappling with the risks of having outdated hardware handling core workloads, mission-critical applications no one knows how to update or maintain, and systems that IT and security teams don't know about.

Southeast Asian Cybercrime Profits Fuel Shadow Economy

Southeast Asia faces rising transnational crime

•

by Robert Lemos, Contributing Writer / 3d

With cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.

Serious Adversaries Circle Ivanti CSA Zero-Day Flaws

8 TTPs

•

by Dark Reading Staff / 3d

Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.

Pokémon Gaming Company Employee Info Leaked in Hack

Game Freak hacked source code leaked

•

by Dark Reading Staff / 3d

The gaming company reports that the server has been rebuilt after the leak, but has not confirmed if its insider video game data was leaked.

Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly

Education sector faces 2500 weekly cyberattacks

•

by Dark Reading Staff / 3d

Education, including K-12 schools and universities, has become the third most targeted sector due to the high variety of sensitive data it stores in its databases.

ConfusedPilot Attack Can Manipulate RAG-Based AI Systems

by Elizabeth Montalbano, Contributing Writer / 3d

Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes.

Fighting Crime With Technology: Safety First

by Karen D. Schwartz, Contributing Writer / 3d

By combining human and nonhuman identity management in one solution, Flock Safety is helping law enforcement solve an impressive number of criminal cases every day.

Why Your Identity Is the Key to Modernizing Cybersecurity

by Alex Simons / 3d

Ultimately, the goal of creating a trusted environment around all digital assets and devices is about modernizing the way you do business.

End of feed