A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.
| | | LATEST SECURITY NEWS & COMMENTARY | | How Soccer's 2022 World Cup in Qatar Was Nearly Hacked A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones. XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse. Are You Affected by the Backdoor in XZ Utils? In this Tech Tip, we outline how to check whether a system is impacted by the newly discovered backdoor in the open source xz compression utility. Feds to Microsoft: Clean Up Your Cloud Security Act Now A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials. NIST Wants Help Digging Out of Its NVD Backlog The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward. Cloud Email Filtering Bypass Attack Works 80% of the Time A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them. Suspected MFA Bombing Attacks Target Apple iPhone Users Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line. Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities. Attackers Abuse Google Ad Feature to Target Slack, Notion Users Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature. CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day. 3 Strategies to Future-Proof Data Privacy To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques. Instilling the Hacker Mindset Organizationwide It's critical for security teams to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice. Collaboration Needed to Fight Ransomware A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs. Name That Edge Toon: Defying Gravity Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud CyberRatings.org Announces Test Results for Cloud Network Firewall TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
