XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack

Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse. [TechWeb]( Follow Dark Reading: [RSS]( April 02, 2024 LATEST SECURITY NEWS & COMMENTARY [XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack]( Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse. [Cyberattacks Wreaking Physical Disruption on the Rise]( Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024. [Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break?]( While some cybercriminals have bypassed guardrails to force legitimate AI models to turn bad, building their own malicious chatbot platforms and making use of open source models are a greater threat. [AT&T Confirms 73M Customers Affected in Data Leak]( AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine. [Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings]( UK regulator said that one of the world's most toxic sites accumulated cybersecurity "offenses" from 2019 to 2023. [India Repatriates Citizens Duped Into Forced Cyber Fraud Labor in Cambodia]( So far some 250 citizens have been rescued and returned to India after being lured to Cambodia in an phony employment scheme. [Collaboration Needed to Fight Ransomware]( A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Suspected MFA Bombing Attacks Target Apple iPhone Users]( Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line. [CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day. [Geopolitical Conflicts: 5 Ways to Cushion the Blow]( By prioritizing key areas, security leaders can navigate the complexities of geopolitical conflicts more effectively. [Getting Security Remediation on the Boardroom Agenda]( IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management. [MORE]( PRODUCTS & RELEASES [Flare Acquires Foretrace to Accelerate Threat Exposure Management Growth]( [Checkmarx Announces Partnership With Wiz]( [WiCyS and ISC2 Launch Spring Camp for Cybersecurity Certification]( [New Cyber Threats to Challenge Financial Services Sector in 2024]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Cloud Email Filtering Bypass Attack Works 80% of the Time]( A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them. LATEST FROM THE EDGE [Funding the Organizations Securing the Internet]( Common Good Cyber is a global consortium connecting nonprofit, private sector, and government organizations to fund organizations focused on securing Internet infrastructure. LATEST FROM DR TECHNOLOGY [Microsoft Beefs Up Defenses in Azure AI]( Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks. LATEST FROM DR GLOBAL [Cybersecurity Threats Intensify in the Middle East During Ramadan]( How security teams in the region fortify their defenses amid short-staffing — and increased DDoS, phishing, and ransomware campaigns — during the Muslim holy month. WEBINARS - [Defending Against Today's Threat Landscape with MDR]( - [Cybersecurity Strategies for Small and Med Sized Businesses]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response]( - [Upgrade your cybersecurity in the era of AI]( - [Understanding Today's Threat Actors]( - [Causes and Consequences of IT and OT Convergence]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [2023 Work-from-Anywhere Global Study]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122510&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.02.24&sp_cid=52810&utm_content=DR_NL_Dark%20Reading%20Daily_04.02.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#14 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)