Scammers Fake DocuSign Templates to Blackmail & Steal From Companies

Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise. [TechWeb]( Follow Dark Reading: [RSS]( May 16, 2024 LATEST SECURITY NEWS & COMMENTARY [Scammers Fake DocuSign Templates to Blackmail & Steal From Companies]( Cybercriminals are trafficking DocuSign assets that allow for easy extortion and business email compromise. [Patch Now: Another Google Zero-Day Under Exploit in the Wild]( Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week. [Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks]( Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions. [FBI, DoJ Shut Down BreachForums, Launch Investigation]( Instead of online contraband, the website now asks anyone with information that could help with the investigation to contact authorities. [D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day]( A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution. [3 Tips for Becoming the Champion of Your Organization's AI Committee]( CISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success. [(Sponsored Article) A Cyber-Resiliency Plan Focused on Offensive Security]( The convergence of cyber resiliency and business planning is gaining strategic importance and enabling more successful and sustainable outcomes. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Dangerous Google Chrome Zero-Day Allows Sandbox Escape]( Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild. [Unprotected Session Tokens Can Undermine FIDO2 Security]( While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says. [There Is No Cyber Labor Shortage]( There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places. [As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs]( Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members. [MORE]( PRODUCTS & RELEASES [Alkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network Infrastructure]( [Notice of a Data Breach]( [Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings]( [runZero Research Explores Unexpected Exposures in Enterprise Infrastructure]( [MORE PRODUCTS & RELEASES]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Windows DWM Zero-Day Poised for Mass Exploit]( CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors. LATEST FROM THE EDGE [Heartbleed: When Is It Good to Name a Vulnerability?]( Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately. LATEST FROM DR TECHNOLOGY [Google's AI Watermarks Will Identify Deepfakes]( Thy SynthID line of watermarking techniques can be used to identify AI-generated images, video, and text. LATEST FROM DR GLOBAL [Nigeria Halts Cybersecurity Tax After Public Outrage]( In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity. WEBINARS - [Assessing Software Supply Chain Risk]( - [Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [SecOps Checklist]( - [Purple AI Datasheet]( - [2023 Global Threat Report]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [Making Sense of Your Security Data: The 6 Hardest Problems]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [Zero-Trust Adoption Driven by Data Protection]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123507&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.16.24&sp_cid=53514&utm_content=DR_NL_Dark%20Reading%20Daily_05.16.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#4b If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)