A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks.
| LATEST SECURITY NEWS & COMMENTARY | Initial Access Broker Market Booms, Posing Growing Threat to Enterprises A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks. ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn The powerful AI bot can produce malware without malicious code, making it tough to mitigate. CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it. Java, .NET Developers Prone to More Frequent Vulnerabilities About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data. Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them. Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity A security vendor's investigation of infrastructure associated with a new, crypto-focused Magecart skimmer leads to discovery of cryptoscam sites, malware distribution marketplace, Bitcoin mixers, and more. Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations. Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated. Cybercriminals Target Telecom Provider Networks The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say. Vulnerable Historian Servers Imperil OT Networks These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks. The Dangers of Default Cloud Configurations Default settings can leave blind spots but avoiding this issue can be done. ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks. Kubernetes-Related Security Projects to Watch in 2023 Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes. Cybersecurity and the Myth of Quiet Quitting People are working harder than ever, but they're not happy about it — and the insider threat is all too real. Why Businesses Need to Think Like Hackers This Year Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal." MORE NEWS / MORE COMMENTARY | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|