How Soccer's 2022 World Cup in Qatar Was Nearly Hacked | Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass

A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. [TechWeb]( Follow Dark Reading: [RSS]( April 04, 2024 LATEST SECURITY NEWS & COMMENTARY [How Soccer's 2022 World Cup in Qatar Was Nearly Hacked]( A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. [Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass]( The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones. [XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack]( Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse. [Are You Affected by the Backdoor in XZ Utils?]( In this Tech Tip, we outline how to check whether a system is impacted by the newly discovered backdoor in the open source xz compression utility. [Feds to Microsoft: Clean Up Your Cloud Security Act Now]( A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials. [NIST Wants Help Digging Out of Its NVD Backlog]( The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward. [Cloud Email Filtering Bypass Attack Works 80% of the Time]( A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them. [Suspected MFA Bombing Attacks Target Apple iPhone Users]( Several Apple device users have experienced recent incidents where they have received incessant password reset prompts and vishing calls from a number spoofing Apple's legitimate customer support line. [Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks]( Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities. [Attackers Abuse Google Ad Feature to Target Slack, Notion Users]( Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature. [CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day. [3 Strategies to Future-Proof Data Privacy]( To meet changing privacy regulations, regularly review data storage strategies, secure access to external networks, and deploy data plane security techniques. [Instilling the Hacker Mindset Organizationwide]( It's critical for security teams to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice. [Collaboration Needed to Fight Ransomware]( A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs. [Name That Edge Toon: Defying Gravity]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Why Cybersecurity Is a Whole-of-Society Issue]( Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves. [Geopolitical Conflicts: 5 Ways to Cushion the Blow]( By prioritizing key areas, security leaders can navigate the complexities of geopolitical conflicts more effectively. [The Biggest Mistake Security Teams Make When Buying Tools]( Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish. [MORE]( PRODUCTS & RELEASES [TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification]( [More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud]( [CyberRatings.org Announces Test Results for Cloud Network Firewall]( [TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers]( A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. LATEST FROM THE EDGE [Funding the Organizations That Secure the Internet]( Common Good Cyber is a global consortium connecting nonprofit, private sector, and government organizations to fund organizations focused on securing Internet infrastructure. LATEST FROM DR TECHNOLOGY [How to Tame SQL injection]( As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency urged companies to redouble efforts to quash SQL injection vulnerabilities. Here's how. LATEST FROM DR GLOBAL ['Unfaking' News: How to Counter Disinformation Campaigns in Global Elections]( What cybersecurity professionals around the world can do to defend against the scourge of online disinformation in this year's election cycle. WEBINARS - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise]( - [Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The State of Incident Response]( - [Upgrade your cybersecurity in the era of AI]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [Zero Trust Access For Dummies, 2nd Fortinet Special Edition]( - [2023 Work-from-Anywhere Global Study]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122590&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_04.04.24&sp_cid=52866&utm_content=DR_NL_Dark%20Reading%20Weekly_04.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#cc If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)