Dark Reading Daily.
"Cyberattackers alter implant on 30K compromised Cisco IOS XE Devices."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 24 October 2023, 1418 UTC. Content provided by email subscription to "Dark Reading Daily."
Source: https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGwHLnQJBGbGnqnMDDXcMxXpqjz ("Dark Reading Daily").
Please click link or scroll down to read your selections. Thank for joining us today.
Russ Roberts (https://hawaiicybersecurityjournal.net).
Follow Dark Reading:
October 24, 2023
LATEST SECURITY NEWS & COMMENTARY Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE DevicesA seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend — but it turns out the malicious implants were just hiding.'Log in with...' Feature Allows Full Online Account Takeover for MillionsHundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires -- and other online services likely have the same problems.Valve's 2FA Mandate for Game Developers Shows SMS StickinessDespite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.Ragnar Locker Ransomware Boss Arrested in ParisCops track down ransomware developer and seize Ragnar Locker infrastructure and data-leak site, Europol says.Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes MobileA spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.Freelance Market Flooded With North Korean IT ActorsOrganizations should be careful that the workers they hire on a freelance and temporary basis are not operatives working to funnel money to North Korea's WMD program, US DOJ says.Telling Small Businesses to Buy Cyber Insurance Isn't EnoughTo protect themselves from threats, companies also need proactive cybersecurity.City of Philadelphia Releases Cyber-Breach NoticeThe investigation is ongoing, and the city will contact those who may have potentially been affected by the breach, it said.(Sponsored Article) The Silent Threat of APIs: What the New Data Reveals About Unknown RiskThe rapid growth of APIs creates a widening attack surface and increasing unknown cybersecurity risks.MORE NEWS / MORE COMMENTARY HOT TOPICS Cisco Finds New Zero-Day Bug, Pledges Patches in Days
A patch for the max-severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat.
Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid
To make cybersecurity an organizationwide priority, CISOs must avoid these common input, empathy, and alignment obstacles.
Patch Now: APTs Continue to Pummel WinRAR Bug
State-sponsored cyber-espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
Name That Toon: Modern Monarchy
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
MORE
EDITORS' CHOICE 9 Innovative Ways to Boost Security Hygiene for Cyber Awareness MonthIf we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious.LATEST FROM THE EDGE
How State and Local Governments Can Serve Citizens More SecurelyLooking at the top 10 priorities of state CIOs underscores the importance of securing applications and APIs in complex environments.LATEST FROM DR TECHNOLOGY
Open Source Security Agents Promise Greater Simplicity, FlexibilityEndpoint management based on open source agents, such as osquery, could simplify IT management and security while giving larger firms more customization options.LATEST FROM DR GLOBAL
Hola Espana: 'Grandoreiro' Trojan Targets Global Banking CustomersBrasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.
WEBINARS - Modern Threats, Modern Security: 3 Practical Tips for CISOs to Stop Cyber Threats in the Age of AI
Join our Cloudflare security experts as they share advice on how modernize your threat defense and highlight: --Trends in cybersecurity like the emergence of AI, multi-channel attacks, and cybercrime-as-a-service --Practical threat defense use cases based on recent cyberattacks and customer ...
- Building an Effective Active Directory Security Strategy
For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ...
View More Dark Reading Webinars >>
FEATURED REPORTS - What Ransomware Groups Look for in Enterprise Victims
Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...
- Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...
- How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
CURRENT ISSUE
| ||||||||||||
October 24, 2023 | ||||||||||||
|
|
|
How to Deploy Zero Trust for Remote Workforce Security
ReplyForward
ReplyForward |
Comments
Post a Comment
Please leave a comment about our recent post.