The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months. [TechWeb]( Follow Dark Reading:
[RSS](
April 25, 2024 LATEST SECURITY NEWS & COMMENTARY [MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs](
The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself â including exploiting the Ivanti bugs that attackers have been swarming on for months.
[Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros](
Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms â and in some cases, individual consultants â to obtain licenses to do business, but concerns remain.
[Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments](
An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
[Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware](
It turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.
[FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat](
Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.
[GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories](
Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.
[Rebalancing NIST: Why 'Recovery' Can't Stand Alone](
The missing ingredient in NIST's newest cybersecurity framework? Recovery.
['MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity](
Malformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.
[Cyberattack Takes Frontier Communications Offline](
The local phone and business communications company said that attackers accessed unspecified PII, after infiltrating its internal networks.
[Lessons for CISOs From OWASP's LLM Top 10](
It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.
[2023: A 'Good' Year for OT Cyberattacks](
Attacks increased by "only" 19% last year. But that number is expected to grow significently. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Name That Toon: Last Line of Defense]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
[AI Lowers Barrier for Cyber-Adversary Manipulation in 2024 Election]( Securing the presidential election requires vigilance and hardened cybersecurity defenses.
[Where Hackers Find Your Weak Spots]( The five intelligence sources that power social engineering scams. [MORE]( PRODUCTS & RELEASES [KnowBe4 to Acquire Egress]( [Black Girls Do Engineer Signs Education Partnership Agreement With NSA]( [CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills]( [Miggo Launches Application Detection and Response (ADR) Solution]( [Auburn's McCrary Institute and Oak Ridge National Laboratory to Partner on Regional Cybersecurity Center](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs](
An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE. LATEST FROM THE EDGE [5 Hard Truths About the State of Cloud Security 2024](
Dark Reading talks cloud security with John Kindervag, the godfather of zero trust. LATEST FROM DR TECHNOLOGY [Cisco's Complex Road to Deliver on Its Hypershield Promise](
The tech giant tosses together a word salad of today's business drivers â AI, cloud-native, digital twins â and describes a comprehensive security strategy for the future, but can the company build the promised platform? LATEST FROM DR GLOBAL [North Korea APT Triumvirate Spied on South Korean Defense Industry For Years](
Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them). WEBINARS - [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks](
- [Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Enterprises Secure Their Applications](
- [Making Sense of Your Security Data: The 6 Hardest Problems](
- [The State of Incident Response](
- [Understanding Today's Threat Actors](
- [A Solution Guide to Operational Technology Cybersecurity](
- [Demystifying Zero Trust in OT](
- [Causes and Consequences of IT and OT Convergence]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [Zero-Trust Adoption Driven by Data Protection](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123064&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_04.25.24&sp_cid=53192&utm_content=DR_NL_Dark%20Reading%20Weekly_04.25.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#7f
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)