"Fortinet warns of yet another critical RCE flaw."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.   Accessed on 19 March 2024, 1454 UTC.

Content and Source: https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml/Dark Reading.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

148K followers46 articles per week#security#tech

40

MOST POPULAR

Fortinet Warns of Yet Another Critical RCE Flaw

Exploitation for Client Execution (Enterprise T1203)

•

100+by Jai Vijayan, Contributing Writer / 4d

CVE-2024-48788, like many other recent Fortinet flaws, will likely be an attractive target, especially for nation-state-backed actors.

The New CISO: Rethinking the Role

by James Doggett / 53min

Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step.

'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs

by Nathan Eddy, Contributing Writer / 2h

Credential-stealing emails are getting past artificial intelligence's "known good" email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks.

YESTERDAY

North Korea-Linked Group Levels Multistage Cyberattack on South Korea

by Robert Lemos, Contributing Writer / 14h

Kimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.

ML Model Repositories: The Next Big Supply Chain Attack Target

by Jai Vijayan, Contributing Writer / 16h

Machine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years via npm, PyPI, and other open source repos.

Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents

by Nate Nelson, Contributing Writer / 17h

The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.

Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024

18h

[no content]

Fujitsu: Malware on Company Computers Exposed Customer Data

Fujitsu hacked, warns data breach

•

by Becky Bracken, Editor, Dark Reading / 18h

It remains unclear how long the IT services giant's systems were infiltrated and just how the cyberattack unfolded.

Tracking Everything on the Dark Web Is Mission Critical

by Itzik Alvas / 1d

On the Dark Web, stolen secrets are your enemy, and context is your friend.

MAR 17, 2024

South African Government Pension Data Leak Fears Spark Probe

LockBit ransomware targets GEPF

•

by John Leyden, Contributing Writer / 1d

LockBit ransomware gang claims 668GB of data it dumped online was stolen from South Africa's pension agency.

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage

by Jesper Trolle / 1d

With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats.

MAR 15, 2024

'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors

by Jai Vijayan, Contributing Writer / 3d

Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions.

NHS Breach, HSE Bug Expose Healthcare Data in the British Isles

by Nate Nelson, Contributing Writer / 3d

Whoopsies in Ireland and Scotland speak to a tenuousness of cyber protections for sensitive private healthcare data.

6 CISO Takeaways From the NSA's Zero-Trust Guidance

by Robert Lemos, Contributing Writer / 3d

All companies — not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines.

ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?

by Alex Haynes / 4d

Compare how well OpenAI's and Google's generative AI products handle infosec professionals' top 10 tasks.