Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.
| | | LATEST SECURITY NEWS & COMMENTARY | | Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says. Security-as-Code Gains More Support, but Still Nascent Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps. Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say. Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past. New Malware Tools Pose 'Clear and Present Threat' to ICS Environments The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure. Data Scientists, Watch Out: Attackers Have Your Number Researchers should take extra care in deploying data-science applications to the cloud, as cybercriminals are already targeting popular data-science tools such as Jupyter Notebook. Denonia Malware Shows Evolving Cloud Threats Cloud security is constantly evolving and consistently different than defending on-premises assets. Denonia, a recently discovered serverless cryptominer drives home the point. How Russia Is Isolating Its Own Cybercriminals Sanctions imposed by the Biden administration, coupled with Russia's proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future. Cybersecurity Act of 2022: A Step in the Right Direction With a Significant Loophole The act contains a loophole added late in the process that will impede progress toward the goal of increasing US cybersecurity: a complete carve-out of DNS from the reporting requirements and other obligations outlined in the bill. Name That Toon: Helping Hands Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. The Misconceptions of 2021's Black Swan Cyber Events Organizations can defend themselves from future unknows attacks by implementing targeted security hardening measures, turning on built-in security protections, and leveraging existing technology stack to achieve microsegmentation and credential hygiene. Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner. Google Emergency Update Fixes Chrome Zero-Day Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four. MORE NEWS / MORE COMMENTARY | | | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To update your profile, change your e-mail address, or unsubscribe, click here. | | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
