Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.
| | | LATEST SECURITY NEWS & COMMENTARY | | Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers. BianLian Cybercrime Group Changes Up Extortion Methods, Warns CISA CISA urges small and midsized organizations as well as critical infrastructure to implement mitigations immediately to shield themselves from further data exfiltration attacks. Attackers Target macOS With 'Geacon' Cobalt Strike Tool Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems. Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise Lemon Group's Guerrilla malware model an example of how threat actors are monetizing compromised Android devices, researchers say. TSA Official: Feds Improved Cybersecurity Response Post-Colonial Pipeline US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident has moved the needle in public-private cooperation. Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure It's as they say: Teams is only as strong as its weakest links. Microsoft's collaboration platform offers Tabs, Meetings, and Messages functions, and they all can be exploited. Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme Attackers compromised the personal email of a new employee and, when the initial attack failed, attempted through socially engineered messages to get the company to pay them off. RA Ransomware Group Emerges With Custom Spin on Babuk The freshly minted ransomware gang is customizing leaked Babuk source code to go after cyber targets in the US and South Korea — and it's expanding its operations quickly. Microsoft Advisories Are Getting Worse A predictable patch cadence is nice, but the software giant can do more. Talking Security Strategy: Cybersecurity Has a Seat at the Boardroom Table Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions. I Was an RSAC Innovation Sandbox Judge — Here's What I Learned Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo. Name That Toon: One by One Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. AI Is About to Be Everywhere: Where Will Regulators Be? Regulators should apply a healthy skepticism to generative AI developments to guarantee a competitive marketplace. MORE NEWS / MORE COMMENTARY | | |
| | | | | WEBINARS | | Here's What Zero Trust Really Means Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ... Next-Generation Supply Chain Security Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ... | | View More Dark Reading Webinars >> |
|
| | | | |
|
| | | FEATURED REPORTS | | How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... The Promise and Reality of Cloud Security Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... 10 Hot Talks From Black Hat USA 2022 Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... | | View More Dark Reading Reports >> |
|
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
