A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. [TechWeb]( Follow Dark Reading:
[RSS](
April 04, 2024 LATEST SECURITY NEWS & COMMENTARY [How Soccer's 2022 World Cup in Qatar Was Nearly Hacked](
A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.
[Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass](
The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys â even quantum-resistant ones.
[XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack](
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.
[Are You Affected by the Backdoor in XZ Utils?](
In this Tech Tip, we outline how to check whether a system is impacted by the newly discovered backdoor in the open source xz compression utility.
[Feds to Microsoft: Clean Up Your Cloud Security Act Now](
A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.
[NIST Wants Help Digging Out of Its NVD Backlog](
The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward.
[Cloud Email Filtering Bypass Attack Works 80% of the Time](
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
[Suspected MFA Bombing Attacks Target Apple iPhone Users](
Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line.
[Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks](
Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.
[Attackers Abuse Google Ad Feature to Target Slack, Notion Users](
Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature.
[CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation](
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day.
[3 Strategies to Future-Proof Data Privacy](
To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques.
[Instilling the Hacker Mindset Organizationwide](
It's critical for security teams to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice.
[Collaboration Needed to Fight Ransomware](
A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs.
[Name That Edge Toon: Defying Gravity](
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Cybersecurity Is a Whole-of-Society Issue]( Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.
[Geopolitical Conflicts: 5 Ways to Cushion the Blow]( By prioritizing key areas, security leaders can navigate the complexities of geopolitical conflicts more effectively.
[The Biggest Mistake Security Teams Make When Buying Tools]( Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish. [MORE]( PRODUCTS & RELEASES [TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification]( [More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud]( [CyberRatings.org Announces Test Results for Cloud Network Firewall]( [TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers](
A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. LATEST FROM THE EDGE [Funding the Organizations That Secure the Internet](
Common Good Cyber is a global consortium connecting nonprofit, private sector, and government organizations to fund organizations focused on securing Internet infrastructure. LATEST FROM DR TECHNOLOGY [How to Tame SQL injection](
As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how. LATEST FROM DR GLOBAL ['Unfaking' News: How to Counter Disinformation Campaigns in Global Elections](
What cybersecurity professionals around the world can do to defend against the scourge of online disinformation in this year's election cycle. WEBINARS - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise](
- [Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response](
- [Upgrade your cybersecurity in the era of AI](
- [Understanding Today's Threat Actors](
- [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions](
- [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE](
- [Zero Trust Access For Dummies, 2nd Fortinet Special Edition](
- [2023 Work-from-Anywhere Global Study]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [Zero-Trust Adoption Driven by Data Protection](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122590&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_04.04.24&sp_cid=52866&utm_content=DR_NL_Dark%20Reading%20Weekly_04.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#cc
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)