CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects

In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs. [TechWeb]( Follow Dark Reading: [RSS]( March 26, 2024 LATEST SECURITY NEWS & COMMENTARY [CISA Seeks to Curtail 'Unforgivable' SQL Injection Defects]( In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs. [Dubious NuGet Package May Portend Chinese Industrial Espionage]( A .NET package available for download right now is either a stealthy industrial systems backdoor or nothing at all. [Chinese State-Sponsored Hackers Charged, Sanctions Levied by US]( The US and the UK charge seven Chinese nationals for operating as part of threat group APT31. [UN Adopts Resolution for 'Secure, Trustworthy' AI]( Countries around the world are signaling support of secure AI practices, but not necessarily committing to them. [Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach]( The issue can seem daunting, but most organizations have more agency and flexibility to deal with third-party risk than they think. [(Sponsored Article) What SolarWinds Means for DevSecOps]( The SEC's SolarWinds indictment plus its new four-day rule for disclosing cybersecurity incidents have serious implications for DevSecOps teams. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Russian APT Releases More Deadly Variant of AcidRain Wiper Malware]( New AcidPour variant can attack a significantly broader range of targets including IoT devices, storage area networks, and handhelds. [Cyber Warfare: Understanding New Frontiers in Global Conflicts]( An arms race is developing between those using technology to target adversaries and those using it prevent attacks from succeeding. [Why AI Obituary Scams Are a Cyber-Risk for Businesses]( Scammers now use AI to instantly whip up SEO-friendly bereavement scams, and it's never been easier to swindle mourners or use them to get to their employers. [Connectivity Standards Alliance Meets Device Security Challenges With a Unified Standard and Certification]( The new IoT Device Security Specification 1.0, with accompanying certification, aims to offer a unified industry standard and increase consumer awareness. [MORE]( PRODUCTS & RELEASES [Akamai Research Finds 29% of Web Attacks Target APIs]( [Kaspersky Identifies Three New Android Malware Threats]( [Saudi Arabia's National Cybersecurity Authority Announces the GCF Annual Meeting 2024]( [Expel Releases Updated Toolkit in Response to NIST 2.0]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [GitHub Developers Hit in Complex Supply Chain Cyberattack]( The attacker employed various techniques, including distributing malicious dependencies via a fake Python infrastructure linked to GitHub projects. LATEST FROM THE EDGE [It's Time to Stop Measuring Security in Absolutes]( All-or-nothing security policies strain resources by aiming for perfection. We need a better way to assess progress. LATEST FROM DR TECHNOLOGY [A Database-Oriented Operating System Wants to Shake Up Cloud Security]( The operating system, DBOS, natively uses a relational database to reduce cost, ease application development, and maintain cybersecurity and integrity. LATEST FROM DR GLOBAL [Africa Tackles Online Disinformation Campaigns During Major Election Year]( Cyber-disinformation campaigns targeting Africa have taken off in 2024, as 18 nations prepare to hold elections, and cybersecurity efforts are key to taming the threat. WEBINARS - [Defending Against Today's Threat Landscape with MDR]( - [Building a Modern Endpoint Strategy for 2024 and Beyond]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Stopping Active Adversaries: Lessons from the Cyber Frontline]( - [Endpoint Best Practices to Block Ransomware]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( - [Zero Trust Access For Dummies, 2nd Fortinet Special Edition]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122373&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.26.24&sp_cid=52706&utm_content=DR_NL_Dark%20Reading%20Daily_03.26.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#46 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)