Cyber Staffing Shortages Remain CISOs' Biggest Challenge | Microsoft Discloses 4 Zero-Days in September Update

Besides operational issues connected to a talent shortage, the cost of running security platforms — and their training costs — also keeps CISOs up at night. [TechWeb]( Follow Dark Reading: [RSS]( September 12, 2024 LATEST SECURITY NEWS & COMMENTARY [Cyber Staffing Shortages Remain CISOs' Biggest Challenge]( Besides operational issues connected to a talent shortage, the cost of running security platforms — and their training costs — also keeps CISOs up at night. [Microsoft Discloses 4 Zero-Days in September Update]( This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year. [300K Victims' Data Compromised in Avis Car Rental Breach]( Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed. [Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens]( In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps. [Akira Ransomware Actors Exploit SonicWall Bug for RCE]( CISA has added CVE-2024-40766 to its Known Exploited Vulnerabilities catalog. [Malvertising Campaign Builds a Phish for Lowe's Employees]( Retail employees are being duped into divulging their credentials by typosquatting malvertisements. [Indian Army Propaganda Spread by 1.4K AI-Powered Social Media Accounts]( For three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X. [Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets]( A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain. [Feds Warn on Russian Actors Targeting Critical Infrastructure]( In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine. [How Law Enforcement's Ransomware Strategies Are Evolving]( The threat of ransomware hasn't gone away. But law enforcement has struck a blow by adjusting its tactics and taking out some of the biggest adversaries in the ransomware scene. [The Role of Trust Anchors in Modern IT Security]( To fully realize the benefits trust anchors provide, organizations need to implement processes and technologies that maintain the privacy and security of trust anchors and the personal data they contain. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How to Establish & Enhance Endpoint Security]( Endpoint security has been around for decades, but changes in device use and the quick evolution of new attacks have triggered the development of new security techniques. [Platform Engineering Is Security Engineering]( For modern applications built on Kubernetes and microservices, platform engineering is not just about building functional systems but also about embedding security into the fabric of those systems. [Using Transparency & Sharing to Defend Critical Infrastructure]( No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats [MORE]( PRODUCTS & RELEASES [Poppy Gustafsson to Step Down As CEO of Darktrace; Jill Popelka Appointed Successor]( [HackerOne Appoints Kara Sprague As CEO]( [Xiphera Develops Quantum-Resilient Hardware Security Solutions for Space]( [Kiteworks Bolsters Its Secure Data Collection Capabilities With 123FormBuilder Acquisition]( [Palo Alto Networks® Closes Acquisition of IBM's QRadar SaaS Assets]( [AppCD Closes $12.3M Seed Round and Rebrands to StackGen]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Cybersecurity Talent Shortage Prompts White House Action]( The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed. LATEST FROM THE EDGE [UnDisruptable27 Project Wants to Shore Up Critical Infrastructure Security]( The Institute for Security and Technology's UnDisruptable27 project connects technology firms with the public sector to strengthen US cyber defenses in case of attacks on critical infrastructure. [SOAR Is Dead, Long Live SOAR]( Business intelligence firm Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay. LATEST FROM DR GLOBAL [Dark Reading Expands Its Coverage to the Asia-Pacific Region]( The latest step in a journey to serve cybersecurity professionals in other regions of the world. WEBINARS - [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations]( - [Harnessing the Power of Automation to Boost Enterprise Cybersecurity]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [RevealX Catches Ransomware Within Days of Deployment at WCH]( - [SANS Security Awareness Maturity Model]( - [Ten Elements of Insider Risk in Highly Regulated Industries]( - [OT Cybersecurity Glossary & Quick Start Guide]( - [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [IT Risk & Compliance Platforms: A Buyer's Guide]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125671&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_09.12.24&sp_cid=55042&utm_content=DR_NL_Dark%20Reading%20Weekly_09.12.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#bc If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)