Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.
| | | LATEST SECURITY NEWS & COMMENTARY | | Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago. Scattered Spider Pivots to SaaS Application Attacks Microsoft last year described the threat actor — known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus — as one of the most dangerous current adversaries. 'ONNX' MFA Bypass Targets Microsoft 365 Accounts The service, likely a rebrand of a previous operation called "Caffeine," mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics. Emojis Control the Malware in Discord Spy Campaign Pakistani hackers are spying (▀̿Ĺ̯▀̿ ̿) on the highly sensitive organizations in India by using emojis (Ծ_Ծ) as malicious commands (⚆ᗝ⚆) and the old Dirty Pipe Linux flaw. Apple Intelligence Could Introduce Device Security Risks The company focused heavily on data and system security in the announcement of its generative AI platform, Apple Intelligence, but experts worry that companies will have little visibility into data security. PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager. Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine The Arid Viper APT group is deploying AridSpy malware with Trojanized messaging applications and second-stage data exfiltration. Space: The Final Frontier for Cyberattacks A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race. North Korea's Moonstone Sleet Widens Distribution of Malicious Code The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain. 'Sleepy Pickle' Exploit Subtly Poisons ML Models A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted. Name That Toon: Future Shock Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. The Software Licensing Disease Infecting Our Nation's Cybersecurity Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors. Addressing Misinformation in Critical Infrastructure Security As the lines between the physical and digital realms blur, widespread understanding of cyber threats to critical infrastructure is of paramount importance. MORE NEWS / MORE COMMENTARY | | | | | | PRODUCTS & RELEASES | | DataBee Launches Innovations for Enhanced Threat Monitoring and Zero Trust Implementation KnowBe4 Launches PhishER Plus Threat Intel Feature Aim Security Closes $18M Series A to Secure Generative AI Enterprise Adoption KnowBe4 Launches Risk & Insurance Partner Program NetSPI Acquires Hubble, Adds CAASM to Complement its IEASM MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
