ChromeLoader Malware Hijacks Browsers With ISO Files

The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections. [TechWeb]( Follow Dark Reading: [RSS]( May 31, 2022 LATEST SECURITY NEWS & COMMENTARY [ChromeLoader Malware Hijacks Browsers With ISO Files]( The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections. [Critical OAS Bugs Open Industrial Systems to Takeover]( The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says. [New Chaos Malware Variant Ditches Wiper for Encryption]( The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes. [Physical Security Teams' Impact Is Far-Reaching]( Here's how physical security teams can integrate with the business to identify better solutions to security problems. [6 Steps to Ensure Cyber Resilience]( To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft. [(Sponsored Article) Is Your Data Security Living on the Edge?]( Gartner's security service edge fundamentally changes how companies should be delivering data protection in a cloud and mobile first world. [Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years]( The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message]( Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required. [The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand]( The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security. [Act Now: Leveraging PCI Compliance to Improve Security]( Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards. [MORE]( EDITORS' CHOICE [VMware, Airline Targeted as Ransomware Chaos Reigns]( Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain. LATEST FROM THE EDGE [Most Common Threats in DBIR]( Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion. LATEST FROM DR TECHNOLOGY [Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks]( Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors. Tech Resources - [5 Critical Cyber Range Exercises from the Experts]( - [Securely Work From Anywhere With the Fortinet Security Fabric]( - [Five Keys to a Secure Work-From-Anywhere Solution]( - [Broken Supply Chains Leave Medical Devices Vulnerable to Cyber Attacks]( - [Protecting Medical Device IP From Cybersecurity Threats]( - [Best Practices for Application Security in the Cloud]( - [AppSec Shift Left Progress Report]( [ACCESS TECH LIBRARY NOW]( - [Vendors as Your Largest BEC Threat]( The tactics that worked for your business five years ago likely aren't still working today, and cybercrime is no different. The CEO fraud that dominated the last few years is not nearly as successful as it used to be, partially ... - [Harnessing the Power of Security Automation]( With many organizations pinched for both dollars and manpower, security and IT teams are turning to a new class of technology and practices designed to automate repetitive and time-consuming tasks in security operations. How can companies truly unleash the potential ... [MORE WEBINARS]( FEATURED REPORTS - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [How Enterprises Are Assessing Cybersecurity Risk in Today's Environment]( Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns. [MORE REPORTS]( CURRENT ISSUE [Incorporating a Prevention Mindset into Threat Detection and Response]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam]( [Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)