UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector

An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system. [TechWeb]( Follow Dark Reading: [RSS]( May 09, 2024 LATEST SECURITY NEWS & COMMENTARY [UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector]( An attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system. [Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE]( Patch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution. [CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes]( The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year. [Microsoft Will Hold Executives Accountable for Cybersecurity]( At least a portion of executive compensation going forward will be tied to meeting security goals and metrics. [Security Teams & SREs Want the Same Thing: Let's Make It Happen]( Site reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams' experiences and outputs. [(Sponsored Article) Integrating Data Security Into the Security Operations Center]( Attackers have one motive: gaining access to the most critical data in the organization. It's time to bring data security into the SOC experience. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Does CISA's KEV Catalog Speed Up Remediation?]( Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough. [LockBit Honcho Faces Sanctions, With Aussie Org Ramifications]( Australian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev. [Spies Among Us: Insider Threats in Open Source Environments]( Does the open source ecosystem needs stricter security around contributors? [City of Wichita Public Services Disrupted After Ransomware Attack]( The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend. [MORE]( PRODUCTS & RELEASES [Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure]( [runZero Research Explores Unexpected Exposures in Enterprise Infrastructure]( [AttackIQ Partners With Cyber Poverty Line Institute to Provide Academy Courses to Underserved Communities]( [Introducing the NetBeacon Institute: Empowering a Safer Web]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Chinese Hackers Deployed Backdoor Quintet to Down MITRE]( MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain. LATEST FROM THE EDGE [Rethinking How You Work With Detection and Response Metrics]( Airbnb's Allyn Stott introduces maturity model inspired by the Hunting Maturity Model (HMM) to complement MITRE ATT&CK to improve security metrics analysis. LATEST FROM DR TECHNOLOGY [Anetac Targets Service Account Security]( The startup's new identity and access management platform uncovers poorly monitored service accounts and secures them from abuse. LATEST FROM DR GLOBAL [3-Year Iranian Influence Op Preys on Divides in Israeli Society]( Iran follows in Russia's disinformation footsteps but with a different, more economical, and potentially higher-impact model. WEBINARS - [Why Effective Asset Management is Critical to Enterprise Cybersecurity]( - [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Shining a light in the dark: observability and security, a SANS profile]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( - [Application Security's New Mandate in a DevOps World]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( - [The State of Incident Response]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( [View More White Papers >>]( FEATURED REPORTS - [2023 Global Threat Report]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123345&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.09.24&sp_cid=53393&utm_content=DR_NL_Dark%20Reading%20Daily_05.09.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#5c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)