"Middle East cybersecurity efforts catch up after late start."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 November 2024, 1355 UTC.

Content and Source:  Email subscription from https://feedly.com.   https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

159K followers42 articles per week#security#tech

17

Most popular

Middle East Cybersecurity Efforts Catch Up After Late Start

by Robert Lemos, Contributing Writer / 1h

Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.

New Essay Competition Explores AI's Role in Cybersecurity

by Edge Editors / 46min

The essays are to focus on the impact that artificial intelligence will have on European policy.

Facebook Asks Supreme Court to Dismiss Cambridge Analytica Lawsuit

Supreme Court reviews Facebook lawsuit

•

by Jai Vijayan, Contributing Writer / 1d

Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.

Yesterday

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

8 TTPs

•

by Jai Vijayan, Contributing Writer / 15h

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Amazon Employee Data Compromised in MOVEit Breach

by Dark Reading Staff / 15h

The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.

CrowdStrike Spends to Boost Identity Threat Detection

CrowdStrike acquires Adaptive Shield

•

by Jeffrey Schwartz, Contributing Writer / 17h

Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.

'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse

13 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 20h

•

GoIssue phishing tool targets GitHub

Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.

Citrix Issues Patches for Zero-Day Recording Manager Bugs

4 TTPs

•

by Jai Vijayan, Contributing Writer / 20h

There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."

What Listening to My Father Taught Me About Cybersecurity

by Joshua Goldfarb / 21h

It's polite to listen to advice that people are willing to share, but not all of it will be useful for you. Here's how to separate the wheat from the chaff.

Citrix 'Recording Manager' Zero-Day Bug Allows Unauthenticated RCE

by Tara Seals, Managing Editor, News, Dark Reading / 22h

The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.

The Power of the Purse: How to Ensure Security by Design

by Gary Barlet / 22h

CISA should make its recommended goals mandatory and perform audits to ensure compliance.

Incident Response, Anomaly Detection Rank High on Planned ICS Security Spending

by Jennifer Lawinski, Contributing Writer / 1d

The "SANS 2024 State of ICS/OT Cybersecurity" report suggests organizations are going to shift spending from security technologies protecting industrial control systems and operational technology environments to nontechnical activities, such as training and incident response.

Nov 11, 2024

Halliburton Optimistic Amid $35M Data Breach Loss

Halliburton misses profit estimates

•

by Dark Reading Staff / 1d

Though its third-quarter earnings report confirms that the company remains on track, it's unclear how that will be affected if the threat actors commit further damage.

Revamped Remcos RAT Deployed Against Microsoft Windows Users

17 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 1d

Windows users are at risk for full device takeover by an emerging malicious version of the Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.

Flexible Structure of Zip Archives Exploited to Hide Malware Undetected

5 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

Hackers exploit ZIP file concatenation

Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via phishing.

Open Source Security Incidents Aren't Going Away

by Michael Lieberman / 1d

Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively.

Nov 10, 2024

AI & LLMs Show Promise in Squashing Software Bugs

Google AI finds SQLite vulnerability

•

by Robert Lemos, Contributing Writer / 2d

Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them, too, but here's why defenders may retain the edge.

End of feed