'Cuttlefish' Zero-Click Malware Steals Private Cloud Data

The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses. [TechWeb]( Follow Dark Reading: [RSS]( May 02, 2024 LATEST SECURITY NEWS & COMMENTARY ['Cuttlefish' Zero-Click Malware Steals Private Cloud Data]( The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses. [Shadow APIs: An Overlooked Cyber-Risk for Orgs]( Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security. [Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft]( Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection. [UnitedHealth Congressional Testimony Reveals Rampant Security Fails]( The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change's backup strategy failed. [Qantas Customers' Boarding Passes Exposed in Flight App Mishap]( Some customers found that they had the ability to cancel a stranger's flight to another country after opening the app, which was showing other individuals' flight details. [The Cybersecurity Checklist That Could Save Your M&A Deal]( With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after. [(Sponsored Article) The Need to Secure AI Use Is Real. Are Organizations Prepared?]( Generative AI brings both excitement and anxiety. Learn how to build a multifaceted approach to enable the secure use of AI in your organization. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024]( Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI. [Attackers Planted Millions of Imageless Repositories on Docker Hub]( The purported metadata for each these containers had embedded links to malicious files. [R Programming Bug Exposes Orgs to Vast Supply Chain Risk]( The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. [Okta: Credential-Stuffing Attacks Spike via Proxy Networks]( Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks. [MORE]( PRODUCTS & RELEASES [Intel 471 Acquires Cyborg Security]( [Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs]( [ESET PROTECT Portfolio Now Includes New MDR Tiers and Features]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches]( MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. LATEST FROM THE EDGE [Facebook at 20: Contemplating the Cost of Privacy]( As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information. LATEST FROM DR TECHNOLOGY [Fortify AI Training Datasets From Malicious Poisoning]( Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data. LATEST FROM DR GLOBAL ['DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?]( A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace. WEBINARS - [Extending Access Management: Securing Access for all Identities, Devices, and Applications]( - [Â Key Findings from the State of AppSec Report 2024]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [Application Security's New Mandate in a DevOps World]( - [The State of Incident Response]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123235&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.02.24&sp_cid=53295&utm_content=DR_NL_Dark%20Reading%20Daily_05.02.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#38 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)