Dark Reading Daily -- October 21, 2024

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.

LATEST SECURITY NEWS & COMMENTARY

CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

MacOS Safari 'HM Surf' Exploit Exposes Camera, Mic, Browser Data

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise

The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.

Vulnerabilities, AI Compete for Software Developers' Attention

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
Iran's APT34 Abuses MS Exchange to Spy on Gulf Gov'ts A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies. Is a CPO Still a CPO? The Evolving Role of Privacy Leadership Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle? Bad Actors Manipulate Red-Team Tools to Evade Detection By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated. 4 Ways to Address Zero-Days in AI/ML Security As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI. MORE

PRODUCTS & RELEASES

Illinois Joins CoSN's Trusted Learning Environment (TLE) State Partnership Program for Student Data Privacy

Swift to Launch AI-Powered Fraud Defence to Enhance Cross-Border Payments

Ex-Oracle, Google Engineers Raise $7m From Accel for Public Launch of Simplismart to Empower AI Adoption

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Anonymous Sudan Unmasked as Leader Faces Life in Prison

US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.

LATEST FROM THE EDGE

EU Adopts Cyber Resilience Act to Regulate Internet of Things

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.

LATEST FROM DR TECHNOLOGY

Time to Get Strict With DMARC

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.

LATEST FROM DR GLOBAL

Hong Kong Crime Ring Swindles Victims Out of $46M

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>