'Voldemort' Malware Curses Orgs Using Global Tax Authorities

The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control. [TechWeb]( Follow Dark Reading: [RSS]( September 03, 2024 LATEST SECURITY NEWS & COMMENTARY ['Voldemort' Malware Curses Orgs Using Global Tax Authorities]( The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control. [Commercial Spyware Vendors Have a Copycat in Top Russian APT]( Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics. [Ransomware Gangs Pummel Southeast Asia]( Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year. [Why Identity Teams Need to Start Reporting to the CISO]( Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's time identity security was owned by a leader with a security background, like the CISO. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [PoC Exploit for Zero-Click Vulnerability Made Available to the Masses]( The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors. [Hundreds of LLM Servers Expose Corporate, Health & Other Online Data]( LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering. [Why LLMs Are Just the Tip of the AI Security Iceberg]( With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact. [Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges]( The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world. [How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture]( Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs. [MORE]( PRODUCTS & RELEASES [Cobalt Appoints Sonali Shah as CEO]( [AuthenticID Unveils Enhanced Smart ReAuth™ for Instant Biometric Reauthentication]( [SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024]( [77% of Educational Institutions Spotted a Cyberattack Within the Last 12 Months]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Iran's 'Fox Kitten' Group Aids Ransomware Attacks on US Targets]( In a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised. LATEST FROM THE EDGE [NASA Focuses on Cybersecurity of Its Mission-Critical Software]( The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission-critical software. Cybersecurity is now part of the evaluation. LATEST FROM DR TECHNOLOGY [Check Point, Cisco Boost AI Investments With Latest Deals]( Cisco's deal to acquire Robust Intelligence will make it possible to use red-team algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform. LATEST FROM DR GLOBAL [South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel]( The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch. WEBINARS - [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security]( - [The Rise of AI-Powered Malware and Application Security Best Practices]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The ROI of RevealX Against Ransomware]( - [Generative AI Gifts]( - [The Future of Passwords and the Passwordless Evolution]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( [View More White Papers >>]( FEATURED REPORTS - [State of Enterprise Cloud Security]( - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125469&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.03.24&sp_cid=54924&utm_content=DR_NL_Dark%20Reading%20Daily_09.03.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#91 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)