XZ Utils Scare Exposes Hard Truths About Software Security

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects. [TechWeb]( Follow Dark Reading: [RSS]( April 11, 2024 LATEST SECURITY NEWS & COMMENTARY [XZ Utils Scare Exposes Hard Truths About Software Security]( Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects. [Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners]( Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang. [NSA Updates Zero-Trust Advice to Reduce Attack Surfaces]( Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users. [TA547 Uses an LLM-Generated Dropper to Infect German Orgs]( It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet. [How Nation-State DDoS Attacks Impact Us All]( Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality. [Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data]( Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Round 2: Change Healthcare Targeted in Second Ransomware Attack]( RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company. [EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities]( As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits. [Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply]( We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now. [Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware]( We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues. [MORE]( PRODUCTS & RELEASES [MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals]( [National Security Agency Announces Dave Luber As Director of Cybersecurity]( [Wiz Acquires Gem Security to Expand Cloud Detection and Response Offering]( [ESET Launches a New Solution for Small Office/Home Office Businesses]( [Veriato Launches Next Generation Insider Risk Management Solution]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk]( Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical." LATEST FROM THE EDGE [Tips for Securing the Software Supply Chain]( Industry experts share how to implement comprehensive security strategies necessary to secure the software supply chain in Dark Reading's latest Tech Insights report. LATEST FROM DR TECHNOLOGY [Selecting the Right Authentication Protocol for Your Business]( Prioritizing security and user experience will help you build a robust and reliable authentication system for your business. LATEST FROM DR GLOBAL [Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance]( Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries. WEBINARS - [The fuel in the new AI race: Data]( - [Defending Against Today's Threat Landscape with MDR]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Application Security's New Mandate in a DevOps World]( - [How Enterprises Secure Their Applications]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122767&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.11.24&sp_cid=52962&utm_content=DR_NL_Dark%20Reading%20Daily_04.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#71 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)