"New docuseries spotlights hackers who shaped cybersecurity."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.   Accessed on 14 January 2025, 1353 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

10 articles selected

10

Most popular

New Docuseries Spotlights Hackers Who Shaped Cybersecurity

31by Andrada Fiscutean / 5d

"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs

8 TTPs

•

22by Nate Nelson, Contributing Writer / 4d

•

Banshee Stealer evades macOS antivirus

The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.

The Path Toward Championing Diversity in Cybersecurity Education

by Laurie Salvail / 3d

To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.

Yesterday

CISA Releases the Cybersecurity Performance Goals Adoption Report

CISA reports surge in cyber hygiene

•

15h

[no content]

K2 Secures Navy SeaPort Next Generation Contract

16h

[no content]

Grupo Bimbo Ventures Announces Investment in NanoLock Security

16h

[no content]

Microsoft Cracks Down on Malicious Copilot AI Use

Microsoft disrupts AI hacking scheme

•

by Kristina Beek, Associate Editor, Dark Reading / 16h

According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw

7 TTPs

•

by Jai Vijayan, Contributing Writer / 16h

•

CVE-2024-50603

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

5 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 20h

•

YouTube users targeted by malware

Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.

Telefonica Breach Exposes Jira Tickets, Customer Data

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 21h

•

Telefonica suffers major data breach

The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.

The Shifting Landscape of Open Source Security

by Christopher Robinson / 22h

By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.

Jan 11, 2025

Threat Actors Exploit a Critical Ivanti RCE Bug, Again

7 TTPs

•

by Nate Nelson, Contributing Writer / 2d

•

CVE-2025-0282

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

Jan 10, 2025

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

7 TTPs

•

by Nate Nelson, Contributing Writer / 3d

•

CVE-2025-0282

New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.

Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic

8 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

•

CrowdStrike phishing targets developers with

Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.

Russia Carves Out Commercial Surveillance Success Globally

Russian surveillance tech expands globally

•

by Robert Lemos, Contributing Writer / 3d

Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.

Jan 9, 2025

Chinese APT Group Is Ransacking Japan's Secrets

8 TTPs

•

by Becky Bracken, Senior Editor, Dark Reading / 4d

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

Hacking Group 'Silk Typhoon' Linked to US Treasury Breach

4 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

•

Chinese hackers breach US Treasury

The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department's Office of Foreign Assets Control.

New AI Challenges Will Test CISOs & Their Teams in 2025

by Josh Lemos / 4d

CISOs need to recognize the new threats AI can present — while also embracing AI-powered solutions to stay ahead of those threats.

Jan 8, 2025

India Readies Overhauled National Data Privacy Rules

India drafts Digital Data Protection rules

•

by Nate Nelson, Contributing Writer / 5d

The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy.

Fed 'Cyber Trust' Label: Good Intentions That Fall Short

White House launches Cyber Trust Mark

•

by Kristina Beek, Associate Editor, Dark Reading / 5d

The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.

CrowdStrike Achieves FedRAMP Authorization for New Modules

5d

[no content]

Trend Micro and Intel Innovate to Weed Out Covert Threats

Trend Micro Intel enhance ransomware detection

•

5d

[no content]

Green Bay Packers' Online Pro Shop Sacked by Payment Skimmer

4 TTPs

•

by Tara Seals, Managing Editor, News, Dark Reading / 5d

•

Packers Pro Shop data breach

Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit card data from 8,500 fans.

Zivver Report Reveals Critical Challenges in Email Security for 2025

5d

[no content]

Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC's IoT Program

Palindrome Technologies approved for FCC IoT

•

5d

[no content]

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

6 TTPs

•

200+by Elizabeth Montalbano, Contributing Writer / 5d

•

PayPal phishing scam exploits Microsoft 365

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

Best Practices & Risks Considerations in LCNC and RPA Automation

by Jordan Bonagura / 5d

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

1Password Acquires SaaS Access Management Provider Trelica

1Password acquires Trelica for security

•

by Jeffrey Schwartz / 6d

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.