Don't Answer the Phone: Inside a Real-Life Vishing Attack | Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists

Dark Reading Weekly [TechWeb]( Follow Dark Reading: [RSS]( March 21, 2024 LATEST SECURITY NEWS & COMMENTARY [Don't Answer the Phone: Inside a Real-Life Vishing Attack]( Successful attackers focus on the psychological manipulation of human emotions, which is why anyone, even a tech-savvy person, can become a victim. [Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists]( The hacktivist group Anonymous Sudan claims credit for a cyberattack that disrupted Alabama state government earlier this week. [5 Ways CISOs Can Navigate Their New Business Role]( CISOs can successfully make their business operations more secure and play a larger role in the organization's overall strategy, but there are pitfalls to avoid, Forrester analysts warn. ['Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs]( Credential-stealing emails are getting past artificial intelligence's "known good" email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks. [Fortinet Warns of Yet Another Critical RCE Flaw]( CVE-2024-48788, like many other recent Fortinet flaws, will likely be an attractive target, especially for nation-state-backed actors. ['PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE]( The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users. [6 CISO Takeaways From the NSA's Zero-Trust Guidance]( All companies — not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines. [Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents]( The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe. [Connectivity Standards Alliance Meets Device Security Challenges With a Unified Standard and Certification]( The new IoT Device Security Specification 1.0, with accompanying certification, aims to offer a unified industry standard and increase consumer awareness. [Name That Toon: Bridge the Gap]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [The New CISO: Rethinking the Role]( Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step. [Tracking Everything on the Dark Web Is Mission Critical]( On the Dark Web, stolen secrets are your enemy, and context is your friend. [ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?]( Compare how well OpenAI's and Google's generative AI products handle infosec professionals' top 10 tasks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [AI Won't Solve Cybersecurity's Retention Problem]( To fix retention and skills gaps, we need to encourage more women and minorities to build careers in cybersecurity. [How to Identify a Cyber Adversary: What to Look For]( There are many factors involved in attributing a cyber incident to a specific threat actor. [3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage]( With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats. [MORE]( PRODUCTS & RELEASES [Kaspersky Identifies Three New Android Malware Threats]( [Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024]( [Expel Releases Updated Toolkit in Response to NIST 2.0]( [Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients]( [Nozomi Networks Secures $100M Investment to Defend Critical Infrastructure]( [Akamai Research Finds 29% of Web Attacks Target APIs]( [Red Canary Announces Full Coverage of All Major Cloud Providers]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Federal Warning Highlights Cyber Vulnerability of US Water Systems]( The White House urged operators of water and wastewater systems to review and beef up their security controls against attacks by Iran- and China-based groups. LATEST FROM THE EDGE [New Regulations Make D&O Insurance a Must for CISOs]( CISOs currently hold all of the responsibility to stop cyberattacks yet have none of the authority to fund the technological defenses that regulations require. LATEST FROM DR TECHNOLOGY [Using East–West Network Visibility to Detect Threats in Later Stages of MITRE ATT&CK]( Ensuring that traffic visibility covers both client-server and server-server communication helps NetOps teams to analyze and spot potential threats early to avoid catastrophic effects. LATEST FROM DR GLOBAL [North Korea-Linked Group Levels Multistage Cyberattack on South Korea]( Kimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence. WEBINARS - [Defending Against Today's Threat Landscape with MDR]( - [Building a Modern Endpoint Strategy for 2024 and Beyond]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [Cheat Sheet - 5 Strategic Security Checkpoints]( - [Understanding Today's Threat Actors]( - [Secure Access for Operational Technology at Scale]( - [Endpoint Best Practices to Block Ransomware]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [Threat Intelligence: Data, People and Processes]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122254&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_03.21.24&sp_cid=52613&utm_content=DR_NL_Dark%20Reading%20Weekly_03.21.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#f2 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)