Initial Access Broker Market Booms, Posing Growing Threat | ChatGPT Could Create Polymorphic Malware Wave

A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks. [TechWeb]( Follow Dark Reading: [RSS]( January 19, 2023 LATEST SECURITY NEWS & COMMENTARY [Initial Access Broker Market Booms, Posing Growing Threat to Enterprises]( A rapid increase in the number of operators in the space — the "locksmiths" of the cyber underground — has made it substantially cheaper for cybercriminals to buy access to target networks. [ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn]( The powerful AI bot can produce malware without malicious code, making it tough to mitigate. [CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools]( High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate infrastructure. Here's what to do about it. [Java, .NET Developers Prone to More Frequent Vulnerabilities]( About three-quarters of Java and .NET applications have vulnerabilities from the OWASP Top 10 list, while only 55% of JavaScript codebases have such flaws, according to testing data. [Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services]( Two of the vulnerabilities — in Azure Functions and Azure Digital Twins — required no account authentication for an attacker to exploit them. [Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity]( A security vendor's investigation of infrastructure associated with a new, crypto-focused Magecart skimmer leads to discovery of cryptoscam sites, malware distribution marketplace, Bitcoin mixers, and more. [Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available]( Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations. [Better Phishing, Easy Malicious Implants: How AI Could Change Cyberattacks]( Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated. [Cybercriminals Target Telecom Provider Networks]( The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say. [Vulnerable Historian Servers Imperil OT Networks]( These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks. [The Dangers of Default Cloud Configurations]( Default settings can leave blind spots but avoiding this issue can be done. [ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready]( From updating employee education and implementing stronger authentication protocols to monitoring corporate accounts and adopting a zero-trust model, companies can better prepare defenses against chatbot-augmented attacks. [Kubernetes-Related Security Projects to Watch in 2023]( Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes. [Cybersecurity and the Myth of Quiet Quitting]( People are working harder than ever, but they're not happy about it — and the insider threat is all too real. [Why Businesses Need to Think Like Hackers This Year]( Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal." [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [5 Cybersecurity Tips for Higher Education Institutions]( Following these basic cybersecurity hygiene policies can help make data more secure and protect colleges and universities from becoming the next ransomware headline. The steps aren't complicated, and they won't break the bank. [Fast-Track Secure Development Using Lite Threat Modeling]( Establish clear and consistent processes and standards to scale lite threat modeling's streamlined approach across your organization. [Ethically Exploiting Vulnerabilities: A Play-by-Play]( There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks. [MORE]( EDITORS' CHOICE [Norton LifeLock Warns on Password Manager Account Compromises]( Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse. LATEST FROM THE EDGE [3 Lessons Learned in Vulnerability Management]( In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting. LATEST FROM DR TECHNOLOGY [Software Supply Chain Security Needs a Bigger Picture]( SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain. WEBINARS - [Rethinking Authentication: MFA, Passwordless, Certificates, and More]( Today's data protection requires stronger, better authentication. What does going beyond passwords look like? What are some of the latest strategies around authentication and authorization? What is continuous authentication and what would it look like in your organization? What kind ... - [Every DDoS Resilience and Response Playbook Should Include These Things]( Cyber attackers can level organizations with a distributed denial-of-service (DDoS) attack. How do security teams keep stakeholders informed when services are down? Who do they call to remediate the incident and make sure the attackers don't knock everything down again? ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Mendix and Software Improvement Group Launch a New Software Application Quality and Security Scanning Solution]( [New Research From EMA Reveals How Organizations Are Struggling to Develop Secure Software Applications]( [Founder and Majority Owner of Cryptocurrency Exchange Charged With Processing Over $700 Million of Illicit Funds]( [DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch]( [Darktrace Publishes 2022 Cyberattack Trend Data For Energy, Healthcare & Retail Sectors Globally]( [Lares Research Highlights Top 5 Penetration Test Findings From 2022]( [Cloudflare Expands Relationship With Microsoft]( [Man Sentenced for Role in International Telemarketing Scheme]( [1 in 3 Organizations Do Not Provide Any Cybersecurity Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data]( [KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)