Praying Mantis Threat Group Targeting US Firms in Sophisticated Attacks

[TechWeb]( Follow Dark Reading: [RSS]( July 27, 2021 LATEST SECURITY NEWS & COMMENTARY [Praying Mantis Threat Group Targeting US Firms in Sophisticated Attacks]( Group's advanced memory-resident attacks similar to those employed in sustained campaign against Australian companies and government last year, security vendor says. [Some 65% of Organizations Now Weigh Their 'Cyber Maturity']( New ISACA survey data also shows a 35% increase in cyberattacks over the past year. [Software Time-to-Fix Plateaus as More Apps Tested]( The average critical vulnerability took 202 days to fix over the past 12 months, a scarce improvement over 205 days from the prior year. [How CIS Controls v8 Impacts SMBs]( The Center for Internet Security has made big changes to its Control specs, including a greater focus on vendor relationships and cloud technologies. [Why Trust Matters for the National Artificial Intelligence Research Resource Task Force]( As the National Artificial Intelligence Research Resource Task Force sets about its work preparing recommendations for the creation of an AI research resource in the United States, fundamental problems of trust must be addressed. [Google Debuts New Bug Hunting Platform]( The new platform brings bug reporting for all Google targets into one place. [Apple Patches Zero-Day in iOS, iPadOS, macOS]( The vulnerability affects IOMobileFramebuffer, a kernel extension for managing the screen framebuffer. [MORE NEWS & COMMENTARY]( HOT TOPICS [7 Hot Cyber Threat Trends to Expect at Black Hat]( A sneak peek of some of the main themes at Black Hat USA next month. [When Software Updates Get Hacked]( Darned if you do, darned if you don't: Software fixes have become extensively automated, which works when software supply chains are secure. Yet with attackers focused on compromising those pipelines, is automated patching such a good idea? [Biden Administration Responds to Geopolitical Cyber Threats]( In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks. [MORE]( EDITORS' CHOICE [Attackers' Use of Uncommon Programming Languages Continues to Grow]( Attackers use uncommon languages — such as Go, D, Nim, and Rust — to evade detection or make their development process more efficient. [IoT Search Engines Make It Easy to Find Vulnerable Devices, and That's a Problem]( Here are five tips to protect your company. LATEST FROM THE EDGE [How Do I Let Go of 'Human Error' as an Explanation for Incidents?]( Successfully learning from incidents requires a deeper and more expansive perspective of them. Tech Resources - [Preparing an Endpoint Security Strategy to Address Ransomware]( - [Privileged Account Management for Dummies]( - [The 7 Step Guide to Third Party Risk Management]( - [Defending Against Critical Threats]( - [The 2021 Security Outcomes Study]( - [The 2021 Small and Midsize Business Security Outcomes Study]( - [Tessian Human Layer Security for Microsoft Office 365]( [ACCESS TECH LIBRARY NOW]( - [Unifying Your Endpoint Security Strategy]( For enterprises that support many users and endpoints, building and maintaining a consistent security strategy was a major challenge even before 2020. Since the onset of the global pandemic, however, it has become more difficult than ever to build and maintain ... - [Two Sides of the PAM Coin]( There are two sides of the PAM (Privileged Access Management) Coin. Password vaulting is one. Privilege Elevation is the other. A vault is a great first step in protecting your company from identity-related data breaches, but don't stop there! We ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Are Developing Secure Applications]( - [Tech Insights: Detecting and Preventing Insider Data Leaks]( [MORE REPORTS]( CURRENT ISSUE [The State of Cybersecurity Incident Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Farsight Security to Preview Real-Time Protective DNS Tools at Black Hat USA 2021]( [No More Ransom Initiative Celebrates Fifth Year of Fighting Ransomware]( [NightDragon Closes $750M Growth Fund as Part of Next-Generation Cybersecurity, Safety, Security, and Privacy Platform]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)