The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
| | | LATEST SECURITY NEWS & COMMENTARY | | MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months. Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain. Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser. Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine. FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said. GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional. Rebalancing NIST: Why 'Recovery' Can't Stand Alone The missing ingredient in NIST's newest cybersecurity framework? Recovery. 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes. Cyberattack Takes Frontier Communications Offline The local phone and business communications company said that attackers accessed unspecified PII, after infiltrating its internal networks. Lessons for CISOs From OWASP's LLM Top 10 It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line. 2023: A 'Good' Year for OT Cyberattacks Attacks increased by "only" 19% last year. But that number is expected to grow significently. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | KnowBe4 to Acquire Egress Black Girls Do Engineer Signs Education Partnership Agreement With NSA CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills Miggo Launches Application Detection and Response (ADR) Solution Auburn's McCrary Institute and Oak Ridge National Laboratory to Partner on Regional Cybersecurity Center MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
