This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.
Follow Dark Reading:
 May 25, 2023
LATEST SECURITY NEWS & COMMENTARY
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns
This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.
CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown
Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security.
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams
In the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears.
Google Cloud Bug Allows Server Takeover From CloudSQL Service
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.
'Operation Magalenha' Attacks Give a Window Into Brazil's Cybercrime Ecosystem
A campaign against customers of Portuguese banks uses a capable financial malware strain dubbed PeepingTitle, written in the Delphi programming language.
Dangerous Regions: Isolating Branch Offices in High-Risk Countries
Organizations must be cautious about how they interact with other regions around the world in order to operate safely in an at-times adversarial landscape.
Lazarus Group Striking Vulnerable Windows IIS Web Servers
The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
Netflix's Password-Sharing Ban Offers Security Upsides
The streaming giant is looking to bolster flagging subscription growth and profits, but security researchers say the move offers a perfect opportunity to encourage better password hygiene and account safety.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.

5 Questions to Ask When Evaluating a New Cybersecurity Technology
Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

How Universities Can Bridge Cybersecurity's Gender Gap
It's time to invest in initiatives that engage young women in cybersecurity early and often.

MORE
EDITORS' CHOICE
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.
LATEST FROM DR GLOBAL

Bank of Ghana Opens SOC to Enable Threat Intelligence Sharing
Bank of Ghana's security operations center will boost visibility into threats and enable threat intelligence sharing, it says.
LATEST FROM THE EDGE

Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes
Ukraine head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism."
LATEST FROM DR TECHNOLOGY

Red Hat Tackles Software Supply Chain Security
The new Red Hat Trusted Software Supply Chain services help developers take a secure-by-design approach to build, deploy, and monitor software.
WEBINARS
  • Mastering Endpoint Security: The Power of Least Privilege

    Join us at one of our upcoming live and interactive events we will explore the critical role of least privilege in endpoint security, how it helps to systematically strengthen organization's security posture, and provides a solid foundation for endpoint security ...

  • Here's What Zero Trust Really Means

    Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

    The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

  • Successfully Managing Identity in Modern Cloud and Hybrid Environments

    Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Perception Point Report Finds That Advanced Phishing Attacks Grew by 356% in 2022
Memcyco Delivers Real-Time Brandjacking Detection and Protection Solution
Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities
Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations
MORE PRODUCTS & RELEASES
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023   |   Informa Tech  |   Privacy Statement   |   Terms & Conditions  |  Contact Us