From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution.
| | | LATEST SECURITY NEWS & COMMENTARY | | It's Time for Cybersecurity to Talk About Climate Change From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change. OWASP Lead Flags Gaping Hole in Software Supply Chain Security SBOMs aren't enough: Developers need to dig deeper into how software is built by using a process called binary source validation. 'Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause. DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023 Dark Reading News Desk returns for a second day of interviews from Black Hat USA 2023. The livestream will start at 10 a.m. PT. Microsoft Patches Zero-Day Bug Under Active Exploit in August Update Attackers are already exploiting one of Microsoft's August Patch Tuesday fixes in the wild, which offers up a low attack complexity for cyberattackers. Black Hat Opens With Call to Steer AI from Predictions to Policy Without cybersecurity guardrails now, AI will be harder to harness in the future. Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints. Apple Users See Big Mac Attack, Says Accenture Accenture's Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue. Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods. Tesla Jailbreak Unlocks Theft of In-Car Paid Features Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs. Google, Microsoft Take Refuge in Rust Language's Better Security More tech giants are turning to the Rust programming language for its built-in memory safety and other security features. Salesforce Zero-Day Exploited to Phish Facebook Credentials The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections. Exclusive: CISA Sounds the Alarm on UEFI Security Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says. Burger King Serves Up Sensitive Data, No Mayo The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data. Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market. Selling Software to the US Government? Know Security Attestation First Challenging new safety requirements are needed to improve security and work toward a more secure future. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
