A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents.
| | | LATEST SECURITY NEWS & COMMENTARY | | W3LL Gang Compromises Thousands of Microsoft 365 Accounts A secretive phishing cabal boasts a sophisticated affiliate network and a modular, custom toolset that's claiming victims on three continents. Google's Souped-up Chrome Store Review Process Foiled by Data-Stealer Researchers have discovered that despite Google's adoption of the Manifest V3 security standard to protect against malicious plug-ins, attackers can still get bad extensions past its review process. AtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses All it takes is a simple copy-paste to undo a VPN service used by millions worldwide. NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website. Researchers Discover Critical Vulnerability in PHPFusion CMS No patch is available yet for the bug, which can enable remote code execution under the correct circumstances. Peiter 'Mudge' Zatko Lands Role as CISA Senior Technical Adviser The former hacker and Twitter security executive will use his role to help fulfill the Biden administration's plans for the National Cybersecurity Strategy. Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous. Apple iPhone 14 Pro Offered Up to the Hacking Masses Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration. Securing Your Legacy: Identities, Data, and Processes Legacy systems of all kinds pose significant cybersecurity risks. Here's how to mitigate them. Realism Reigns on AI at Black Hat and DEF CON Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings. As LotL Attacks Evolve, So Must Defenses Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
