The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
| | | LATEST SECURITY NEWS & COMMENTARY | | Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. Rootkit Turns Kubernetes From Orchestration to Subversion Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. Fake Browser Updates Targeting Mac Systems With Infostealer A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn. Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with. Web Shells Gain Sophistication for Stealth, Persistence A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal. Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications. 3 Ways to Stop Unauthorized Code From Running in Your Network As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code. Idaho National Nuclear Lab Targeted in Major Data Breach The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy. Qatar Cyber Agency Runs National Cyber Drills Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes. (Sponsored Article) Sky's the Limit, but What About API Security? Challenges in the Cloud-First Era APIs enable cloud transformation but bring security risks, demanding robust, adaptive strategies to safeguard data and operations. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ... SecOps & DevSecOps in the Cloud Security teams today face the dual challenge of securing cloud-native applications as well as their software development processes that increasingly operate in the cloud. At the same time, attacks are rising against misconfigured cloud instances as well as a new ... | | View More Dark Reading Webinars >> |
|
| | |
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
