Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign

Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally. [TechWeb]( Follow Dark Reading: [RSS]( April 26, 2024 LATEST SECURITY NEWS & COMMENTARY [Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign]( Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally. [The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains]( Hackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect. [Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries]( Mobile malware-as-a-service operators are upping their game by automatically churning out hundreds of unique samples on a whim. [SolarWinds 2024: Where Do Cyber Disclosures Go From Here?]( Get updated advice on how, when, and where we should disclose cybersecurity incidents under the SEC's four-day rule after SolarWinds, and join the call to revamp the rule to remediate first. [Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare]( Cyberattacks on logistics are becoming increasingly common, and the potential impact is enormous. [FTC Issues $5.6M in Refunds to Customers After Ring Privacy Settlement]( The refunds will be made to individual affected customers through thousands of PayPal payments, available to be redeemed for a limited time. [Chinese Keyboard Apps Open 1B People to Eavesdropping]( Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign]( A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall. [2023: A 'Good' Year for OT Cyberattacks]( Attacks increased by "only" 19% last year. But that number is expected to grow significently. [Lessons for CISOs From OWASP's LLM Top 10]( It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line. [Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug]( Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month. [MORE]( PRODUCTS & RELEASES [KnowBe4 to Acquire Egress]( [Black Girls Do Engineer Signs Education Partnership Agreement With NSA]( [CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs]( An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE. LATEST FROM THE EDGE [How Boards Can Prepare for Quantum Computers]( Quantum computing on the level that poses a threat to current cybersecurity measures is still years off. Here's what enterprises can do now to avoid future disruptions. LATEST FROM DR TECHNOLOGY [Chip Giants Finalize Specs Baking Security into Silicon]( Caliptra 1.0 offers a blueprint for integrating security features directly into microprocessors. LATEST FROM DR GLOBAL [PCI Launches Payment Card Cybersecurity Effort in the Middle East]( The payment card industry pushes for more security in financial transactions to help combat increasing fraud in the region. WEBINARS - [Is AI Identifying Threats to Your Network?]( - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Application Security's New Mandate in a DevOps World]( - [How Enterprises Secure Their Applications]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [Causes and Consequences of IT and OT Convergence]( - [Secure Access for Operational Technology at Scale]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123084&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.26.24&sp_cid=53214&utm_content=DR_NL_Dark%20Reading%20Daily_04.26.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#29 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)