Update to the NIST framework adds new "govern" function for cybersecurity.
| | | LATEST SECURITY NEWS & COMMENTARY | | What's New in the NIST Cybersecurity Framework 2.0 Update to the NIST framework adds new "govern" function for cybersecurity. Microsoft Cloud Security Woes Inspire DHS Security Review Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try. PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, the vendor says. XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections. Dell Credentials Bug Opens VMware Environments to Takeover Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs. Mirai Common Attack Methods Remain Consistent, Effective While relatively unchanged, the notorious IoT botnet still continues to drive DDoS. 3 Major Email Security Standards Prove Too Porous for the Task Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC, since threat actors are apparently using the same filters as legitimate users. Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service Monitoring platform is trusted by Cisco, Savannah River Nuclear Solutions, and others in CISA's critical infrastructure Sectors, say Synopsys researchers. EvilProxy Cyberattack Flood Targets Execs via Microsoft 365 A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations AI Steals Passwords by Listening to Keystrokes With Scary Accuracy The AI model trained on typing recorded over a smartphone was able to steal passwords with 95% accuracy. Discord.io Temporarily Shuts Down Amid Breach Investigation The platform plans to revamp its website code and conduct "a complete overhaul" of its security practices. What CISA and NSA Guidance Means for Critical Infrastructure Security Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats. 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources. How & Why Cybercriminals Fabricate Data Leaks A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks. Boards Don't Want Security Promises — They Want Action CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
