Affirm & Others Emerge as Victims in Evolve Breach | Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication

A ransomware attack has become a supply chain issue, thanks to the victim's partnerships with other financial services companies. [TechWeb]( Follow Dark Reading: [RSS]( July 04, 2024 LATEST SECURITY NEWS & COMMENTARY [Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach]( A ransomware attack has become a supply chain issue, thanks to the victim's partnerships with other financial services companies. [Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication]( Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials. [Patch Now: Cisco Zero-Day Under Fire From Chinese APT]( Threat actor "Velvet Ant" has been exploiting a vulnerability in Cisco's NX-OS Software for managing a variety of switches, executing commands and dropping custom malware. [Ransomware Eruption: Novel Locker Malware Flows From ‘Volcano Demon']( Attackers clear logs before exploitation and use "no caller ID" numbers to negotiate ransoms, complicating detection and forensics efforts. ['RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems]( The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root. [Apple CocoaPods Bugs Expose Millions of Apps to Code Injection]( Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade. [CISA Flags Memory-Unsafe Code in Major Open Source Projects]( Despite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebases anytime soon. [Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks]( Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse. [MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers]( While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate. [Prudential Data Breach Victim Count Soars to 2.5M]( The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals. [CISA Releases Guidance on Network Access, VPNs]( CISA outlines how modern cybersecurity relies on network visibility to defend against threats and scams. [CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. [Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content]( Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more. [Stress-Testing Our Security Assumptions in a World of New & Novel Risks]( Categorizing and stress-testing fundamental assumptions is a necessary exercise for any leader interested in ensuring long-term security and resilience in the face of an uncertain future. [Friend or Foe? AI's Complicated Role in Cybersecurity]( Staying informed about the latest AI security solutions and best practices is critical in remaining a step ahead of increasingly clever cyberattacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Papua New Guinea Sets High Bar in Data Security]( The small island nation's new data protection and governance policy reflects a forward-thinking cybersecurity strategy. [Unfounded Fears: AI Extinction-Level Threats & the AI Arms Race]( There is an extreme lack of evidence of AI-related danger, and proposing or implementing limits on technological advancement isn't the answer. [Achieve Next-Level Security Awareness by Creating Secure Social Norms]( By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected. [Thinking About Security, Fast & Slow]( To be effective, managing risk demands both fast responses and strategic thinking. [MORE]( PRODUCTS & RELEASES [Bloom Health Centers Provides Notice of Data Security Incident]( [Human Technology Inc. — Notification of Data Breach]( [Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development]( [Interlock Launches ThreatSlayer Web3 Security Extension and Incentivized Crowdsourced Internet Security Community]( [Landmark Admin, LLC Provides Notice of Data Privacy Incident]( [The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester - Notice of Data Security Incident]( [Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures]( [Odaseva Raises $54M Series C Round to Expand Product Offerings and Continue Category Leadership]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Dark Reading Confidential: Meet the Ransomware Negotiators]( Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion." LATEST FROM THE EDGE [What Cybersecurity Defense Looks Like for School Districts]( Dark Reading chats with Johnathan Kim, director of technology at the Woodland Hills School District in North Braddock, Penn., about why cybercriminals target schools — and what they can do about it. LATEST FROM DR TECHNOLOGY [3 Ways to Chill Attacks on Snowflake]( Multifactor authentication is a good first step, but businesses should look to collect and analyze data to hunt for threats, manage identities more closely, and limit the impact of attacks. LATEST FROM DR GLOBAL [South Africa National Healthcare Lab Still Reeling From Ransomware Attack]( The cyberattack disrupted national laboratory services, which could slow response to disease outbreaks such as mpox, experts warn. WEBINARS - [Search Capabilities with PostgreSQL: From Standard to Semantic]( In the digital age, the ability to sift through vast amounts of text data efficiently and effectively is crucial. PostgreSQL, a robust open-source relational database, offers various search functionalities that cater to multiple needs, from simple pattern matching to linguistic ... - [Generative AI: Use Cases and Risks in 2024]( This webinar reviews use cases and risks in the leading generative AI applications and models, including market favorites ChatGPT, DALL-E 2, and AutoGPT. [View More Dark Reading Webinars >>]( WHITE PAPERS - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [Threat Hunting's Evolution:From On-Premises to the Cloud]( - [Data Protection Essentials: Proactive PII Leak Prevention and Data Mapping for GDPR]( - [Google Threat Intelligence]( - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [5 Essential Insights into Generative AI for Security Leaders]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( - [Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022]( - [2023 Global Threat Report]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124384&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_07.04.24&sp_cid=54150&utm_content=DR_NL_Dark%20Reading%20Weekly_07.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#0c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)