Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.
| | | LATEST SECURITY NEWS & COMMENTARY | | Mudge Blows Whistle on Alleged Twitter Security Nightmare Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries. CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice. Fake DDoS Protection Alerts Distribute Dangerous RAT Adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks. New 'BianLian' Ransomware Variant on the Rise Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language. Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims. Charming Kitten APT Wields New Scraper to Steal Email Inboxes Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials. China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access. VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks. Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero' HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves. How to Upskill Tech Staff to Meet Cybersecurity Needs Cybersecurity is the largest current tech skills gap; closing it requires a concerted effort to upskill existing staff. Cyber Resiliency Isn't Just About Technology, It's About People To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel. Identity Security Pain Points and What Can Be Done Replacing passwords is not as easy as people think, but there is hope. Why Empathy Is the Key to Better Threat Modeling Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between security and development teams. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
