Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
Follow Dark Reading:
 April 13, 2023
LATEST SECURITY NEWS & COMMENTARY
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector
Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
Microsoft: NSO Group-Like 'QuaDream' Actor Selling Mobile Spyware to Governments
Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.
Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
Pair of Apple Zero-Days Under Active Exploit; Patch & Update Accordingly
Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.
Cybercriminals 'CAN' Steal Your Car, Using Novel IoT Hack
Your family's SUV could be gone in the night thanks to a headlight crack and hack attack.
Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Workplace AI Warnings
In three separate incidents, engineers at the Korean electronics giant reportedly shared sensitive corporate data with the AI-powered chatbot.
Russia's Joker DPR Claims Access to Ukraine Troop Movement Data
A hacktivist group working with Russia claims it breached DELTA, the Ukrainian battlefield management system (BMS).
'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks
In next-gen, credential-harvesting attacks, phishing emails use cloud services and are free from the typical bad grammar or typos they've traditionally used (and which users have learned to spot).
Rethinking Cybersecurity's Structure & the Role of the Modern CISO
A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity.
How Password Managers Can Get Hacked
Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.
LastPass Breach Reveals Important Lessons
Devastating cyberattacks often can be prevented with basic cybersecurity measures.
Bad Actors Will Use Large Language Models — but Defenders Can, Too
Security teams need to find the best, most effective uses of large language models for defensive purposes.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
What to Discuss at RSA Conference — and It's Not ChatGPT
In-person conversations are a productive way to understand the state of the industry and learn new techniques. Take advantage of peers' experience, compare notes, and boost your skill set.

Where Are the Women? Making Cybersecurity More Inclusive
Stepped-up recruiting efforts along with better work-life balance policies and mentoring and recruitment programs will help balance the scales.

Australia Is Scouring the Earth for Cybercriminals — the US Should Too
It's time to get ahead of attacks before they even happen.

MORE
EDITORS' CHOICE
7 Things Your Ransomware Response Playbook Is Likely Missing
Incident response experts share their secrets for success when it comes to creating a professional-grade ransomware response playbook. Are you ready for the worst?
LATEST FROM THE EDGE

How and Why to Put Multicloud to Work
Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency.
LATEST FROM DR TECHNOLOGY

Fight AI With AI
By developing new tools to defend against adversarial AI, companies can help ensure that artificial intelligence is developed and used in a responsible and safe manner.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
  • The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

    The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ...

  • Shoring Up the Software Supply Chain Across Enterprise Applications

    Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ...

  • The Promise and Reality of Cloud Security

    Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ...
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Menlo Security Illustrates Importance of Browser Security as 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption
VulnCheck Named CVE Numbering Authority for Common Vulnerabilities and Exposures
Report Reveals ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections
Opera Adds Free VPN to Opera for iOS
(ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Shoring Up the Software Supply Chain Across Enterprise Applications
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2023  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us