Dark Reading Cybersecurity News

"Top 3 Data Breaches for 2023, and what lies ahead for 2024."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 29 January 2024, 1530 UTC.

Content and Source:  https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml ("DarkReading.com").

Please scroll down to read your selections.  Thank for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

145K followers49 articles per week#security#tech

69

MOST POPULAR

Top 3 Data Breaches of 2023, and What Lies Ahead in 2024

5 TTPs

•

by Gad Rosenthal / 26min

Take a look at last year's most impactful data breaches and what companies can do to protect themselves going forward.

Microsoft Shares New Guidance in Wake of 'Midnight Blizzard' Cyberattack

5 TTPs

•

41by Jai Vijayan, Contributing Writer / 2d

•

Microsoft discloses Midnight Blizzard attack

Threat actors created and abused OAuth apps to access Microsoft's corporate email environment and remain there for weeks.

Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers

Resource Hijacking (Enterprise T1496)

•

by Elizabeth Montalbano, Contributing Writer / 3d

•

Google Kubernetes Engine security loophole

Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.

JAN 26, 2024

NRC Issues Recommendations for Better Network, Software Security

by Jeffrey Schwartz, Contributing Writer / 2d

The Network Resilience Coalition pushes adoption of standards like SSDF, OpenEoX and CISA's Secure By Design and Default framework.

Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records

NSA buys Americans' internet data

•

2d

[no content]

Black Kite Unveils Monthly Ransomware Dashboards

2d

[no content]

Bastille Raises $44M Series C Investment Led by Goldman Sachs Asset Management

Goldman Sachs invests in Bastille

•

2d

[no content]

Newly ID'ed Chinese APT Hides Backdoor in Software Updates

2 TTPs

•

by Nate Nelson, Contributing Writer / 2d

•

Blackwood APT deploys NSPX30 implant

The threat actor went more than half a decade before being discovered — thanks to a remarkable backdoor delivered in invisible adversary-in-the-middle attacks.

Series of Cyberattacks Hit Ukrainian Critical Infrastructure Organizations

by Dark Reading Staff / 2d

It's unclear if the attacks — which hit oil and gas, postal service, transport safety, and railway organizations in the nation — were related.

Saudi Arabia Boosts Railway Cybersecurity

Strategic collaboration between sirar by stc and

•

by John Leyden, Contributing Writer / 3d

Saudi rail provider partners will help Saudi Telecommunication Company (stc) to keep its security on track.

Redefining Cybersecurity for a Comprehensive Security Posture

by Ayan Halder / 3d

The integration of different disciplines of cybersecurity and fraud management is a necessary evolution in the face of increasingly sophisticated digital threats.

Pegasus Spyware Targets Togolese Journalists' Mobile Devices

Pegasus spyware targets Togolese journalists

•

by Dark Reading Staff / 3d

An investigation into 2021 intrusions uncovered multiple infections on the phones of journalists in the African country.

ICS Ransomware Danger Rages Despite Fewer Attacks

by Becky Bracken, Editor, Dark Reading / 3d

Refined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find.

CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs' Evolving Role

by Tara Seals, Managing Editor, News, Dark Reading / 3d

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

JAN 25, 2024

Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures

3d

[no content]

SecurityScorecard Launches MAX

3d

[no content]

Airline Gets SASE to Modernize Operations

by Karen D. Schwartz, Contributing Writer / 3d

Cathay, a travel lifestyle brand that includes the Cathay Pacific airline, had a growing cybersecurity problem made worse by its aging technology infrastructure. It solved part of the problem by replacing legacy technology with a modern one that has security built in.

Pwn2Own 2024: Tesla Hacks, Dozens of Zero-Days in Electrical Vehicles

by Nate Nelson, Contributing Writer / 3d

Hacking teams pick apart electrical vehicles (EVs), exposing them for what they are: safety-critical computers without commensurate security.

'Midnight Blizzard' Breached HPE Email Months Before Microsoft Hack

2 TTPs

•

by Jai Vijayan, Contributing Writer / 3d

The Russian APT behind the SolarWinds attacks exfiltrated data from HPE email accounts last May.

Abu Dhabi Investment Firm Warns About Scam Efforts

by Dark Reading Staff / 3d

A top financial entity warned that its brand is being used to spread cyber scams, as fraud efforts persist throughout the country.

Protecting Children's Data Needs to Be a Priority for All

by Steve Yin / 3d

With rampant K-12 breaches fueling a fraud epidemic, cooperation and resolve are needed for progress.

Critical Cisco Unified Communications RCE Bug Allows Root Access

2 TTPs

•

by Tara Seals, Managing Editor, News, Dark Reading / 3d

•

CVE-2024-20253

The vulnerability, tracked as CVE-2024-20253, makes enterprise communications infrastructure and customer service call centers sitting ducks for unauthenticated cyberattackers.

'CherryLoader' Malware Allows Serious Privilege Execution

2 TTPs

•

by Nate Nelson, Contributing Writer / 3d

•

CherryLoader: Go-based malware delivering payloads

A sporty, modular downloader allows hackers to cherry-pick their exploits — in this case, two powerful tools for gaining admin access in a Windows system.

Hackers Blast Violent Gaza Message at a Popular Israeli Movie Theater

by Nate Nelson, Contributing Writer / 3d

A psyop targeting ordinary moviegoers is the latest in a string of similar attacks in the country since Oct. 7.

The CISO Role Undergoes a Major Evolution

by Mark Bowling / 4d

Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.

Hook Younger Users With Cybersecurity Education Designed for Them

by Tatiana Walk-Morris / 4d

Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective.