China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.
| | | LATEST SECURITY NEWS & COMMENTARY | | APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy. Researchers Discover First-Ever Major Ransomware Targeting macOS In targeting Apple users, LockBit is going where no major ransomware gang has gone before. But it's a warning shot, and Mac users need not worry yet. QBot Expands Initial Access Malware Strategy With PDF-WSF Combo The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload. 'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk. Recycled Core Routers Expose Sensitive Corporate Network Info Researchers are warning about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data. NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits An investigation concludes that NSO Group was hired in 2022 to deploy Pegasus spyware against human rights workers in Mexico and other targets. 'Zaraza' Bot Targets Google Chrome to Extract Login Credentials The data-stealing malware threatens the cyber safety of individual and organizational privacy by infecting a range of Web browsers. Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged To address the rising risk of online fraud, stolen identities, and cyberattacks, innovative organizations have begun converging their security functions — here's how yours can prepare. Beyond CVEs: The Key to Mitigating High-Risk Security Exposures Use ongoing exposure management to parse the riskiest exposures and probable attack paths, then identify and plug the choke points. (Sponsored Article) Human Detection and Response: A New Approach to Building a Strong Security Culture Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management. MORE NEWS / MORE COMMENTARY | | |
|
| | | FEATURED REPORTS | | The 10 Most Impactful Types of Vulnerabilities for Enterprises Today The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... The Promise and Reality of Cloud Security Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... 10 Hot Talks From Black Hat USA 2022 Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... | | View More Dark Reading Reports >> |
|
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
