Attackers Target Check Point VPNs to Access Corporate Networks

Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place. [TechWeb]( Follow Dark Reading: [RSS]( May 29, 2024 LATEST SECURITY NEWS & COMMENTARY [Attackers Target Check Point VPNs to Access Corporate Networks]( Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place. [CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks]( In attacks over the past three months, threat actors have exploited more than 80 vulnerabilities to accelerate distribution of the Mirai variant. [90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play]( The dangerous Anatsa banking Trojan is among the malware being spread to Android users via decoy mobile apps in recent months. [The SEC's New Take on Cybersecurity Risk Management]( Insights from three companies that recently reported breaches under the new disclosure regulations. [OpenAI Forms Another Safety Committee After Dismantling Prior Team]( The committee is being set up as the ChatGPT creator begins to train its latest large language model, GPT-5, which will reach "a new level of capabilities." [(Sponsored Article) Managing Your GenAI Einstein Risks Intelligently]( Organizations that can mitigate the risks inherent in Salesforce's powerful new Einstein Copilot have a lot to gain. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft's 'Recall' Feature Draws Criticism From Privacy Advocates]( Despite Microsoft's reassurances, multiple security researchers describe the technology as problematic for users and their organizations. [90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play]( The dangerous Anatsa banking Trojan is among the malware being spread to Android users via decoy mobile apps in recent months. [When 'No' & 'Good Enough' Challenge Cybersecurity]( As the digital landscape evolves, these words must become an impetus for innovation and dialogue, not insurmountable barriers. [Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack]( With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials. [MORE]( PRODUCTS & RELEASES [Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets]( [Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024]( [Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing]( [SOCRadar Secures $25.2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Google Discovers Fourth Zero-Day in Less Than a Month]( The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors. LATEST FROM THE EDGE [Making the Case for 'Reasonable' Cybersecurity]( Reasonable cybersecurity is highly subjective and organizations need to plan carefully in order to quantify cyber risk and apply security controls. LATEST FROM DR TECHNOLOGY [Picking the Right Database Tech for Cybersecurity Defense]( Graph and streaming databases are helping defenders deal with complex, real-time threat and cybersecurity data to find weak points before attackers. LATEST FROM DR GLOBAL [Pakistani 'Transparent Tribe' APT Aims for Cross-Platform Impact]( Targeting India's government, defense, and aerospace sectors, the cyber-threat group now attacks Linux as well as Windows in its quest to compromise the Indian military's homegrown MayaOS Linux systems. WEBINARS - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( - [Assessing Software Supply Chain Risk]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Generative AI Gifts]( - [Shining a light in the dark: observability and security, a SANS profile]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [How Enterprises Secure Their Applications]( - [The State of Incident Response]( [View More White Papers >>]( FEATURED REPORTS - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( - [Industrial Networks in the Age of Digitalization]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123729&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.29.24&sp_cid=53692&utm_content=DR_NL_Dark%20Reading%20Daily_05.29.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ef If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)