'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs

Credential-stealing emails are getting past artificial intelligence's "known good" email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks. [TechWeb]( Follow Dark Reading: [RSS]( March 20, 2024 LATEST SECURITY NEWS & COMMENTARY ['Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs]( Credential-stealing emails are getting past artificial intelligence's "known good" email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks. [5 Ways CISOs Can Navigate Their New Business Role]( CISOs can successfully make their business operations more secure and play a larger role in the organization's overall strategy, but there are pitfalls to avoid, Forrester analysts warn. [Fortra Releases Update on Critical Severity RCE Flaw]( The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue. ['PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE]( The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users. [The New CISO: Rethinking the Role]( Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step. [Name That Toon: Bridge the Gap]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group]( The purchase would have given Airbus more capabilities to address rising cyber threats in the aviation and aerospace industry. [Cheating Hack Halts Apex Legends E-Sports Tourney]( Electronic Arts is trying to track down the RCE exploit that allowed hackers to inject cheats into games during the recent Apex Legends Global Series. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Tracking Everything on the Dark Web Is Mission Critical]( On the Dark Web, stolen secrets are your enemy, and context is your friend. [Fujitsu: Malware on Company Computers Exposed Customer Data]( It remains unclear how long the IT services giant's systems were infiltrated and just how the cyberattack unfolded. ['GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors]( Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions. [6 CISO Takeaways From the NSA's Zero-Trust Guidance]( All companies — not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines. [MORE]( PRODUCTS & RELEASES [Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024]( [Red Canary Announces Full Coverage of All Major Cloud Providers]( [Expel Releases Updated Toolkit in Response to NIST 2.0]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents]( The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe. LATEST FROM THE EDGE [Hackers Posing as Law Firms Phish Global Orgs in Multiple Languages]( Companies trust lawyers with the most sensitive information they've got. Attackers are aiming to exploit that bond to deliver malware. LATEST FROM DR TECHNOLOGY [Detecting Cloud Threats With CloudGrappler]( The open-source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments. LATEST FROM DR GLOBAL [Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyberattacks]( Russia's government is pretending to be other governments in emails, with an eye toward stealing strategic intel. WEBINARS - [Securing Code in the Age of AI]( - [Making Sense of Security Operations Data]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Collective defense is more important than ever--is your workforce ready?]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [Causes and Consequences of IT and OT Convergence]( - [Secure Access for Operational Technology at Scale]( - [Incident Response Planning Guide]( - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122223&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.20.24&sp_cid=52584&utm_content=DR_NL_Dark%20Reading%20Daily_03.20.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#99 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)