Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
| | | LATEST SECURITY NEWS & COMMENTARY | | US Aerospace Contractor Hacked With 'PowerDrop' Backdoor Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer. Researchers Spot a Different Kind of Magecart Card-Skimming Campaign In addition to injecting a card skimmer into target Magento, WooCommerce, Shopify, and WordPress sites, the threat actor is also hijacking targeted domains to deliver the malware to other sites. Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks. Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries. Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say. Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated. Streamers Ditch Netflix for Dark Web After Password Sharing Ban Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates. ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software. Cyber Essentialism & 'Doing Less With Less' Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy. The Case for a Federal Cyber-Insurance Backstop By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack. After 'Inception' Attack, New Due Diligence Requirements Are Needed To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
