It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it.
| | | LATEST SECURITY NEWS & COMMENTARY | | Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy It's never been easier to hide malware in plain sight in open source software package repositories, and "DiscordRAT 2.0" now makes it easy to take advantage of those who stumble upon it. Bing Chat LLM Tricked Into Circumventing CAPTCHA Filter By reframing the narrative of the filter, the large-language model chatbot was more willing to solve the visual puzzle and override its programming. 'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space. Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology. Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials Thousands of messages are being sent weekly in a campaign that uses links hosted on legitimate websites to evade natural language processing and URL-scanning email protections. FBI: Crippling 'Dual Ransomware Attacks' on the Rise Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage. Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request. New Cisco IOS Zero-Day Delivers a Double Punch The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them. DHS: Physical Security a Concern in Johnson Controls Cyberattack An internal memo cites DHS floor plans that could have been accessed in the breach. 4 Legal Surprises You May Encounter After a Cybersecurity Incident Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. Looking Beyond the Hype Cycle of AI/ML in Cybersecurity Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps? Making Sense of Today's Payment Cybersecurity Landscape PCI DSS v4.0 is the future of the payment card industry's information security standard, but businesses must continue to look beyond this guidance and engage in proactive strategies of their own. Breaches Are the Cost of Doing Business, but NIST Is Here to Help Treating the NIST Cybersecurity Framework as a business requirement is a strong step toward preventing breaches. Threat Data Feeds and Threat Intelligence Are Not the Same Thing It's important to know the difference between the two terms. Here's why. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
