Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. [TechWeb]( Follow Dark Reading: [RSS]( February 02, 2023 LATEST SECURITY NEWS & COMMENTARY [Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms]( An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. [Discrepancies Discovered in Vulnerability Severity Ratings]( Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says. [Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows]( Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable. [Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover]( Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment. [Nearly All Firms Have Ties With Breached Third Parties]( The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds. [Application Security Must Be Nonnegotiable]( Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems. [Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry]( Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward. [CISA to Open Supply Chain Risk Management Office]( A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance. [Google Fi Users Caught Up in T-Mobile Breach]( Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Firmware Flaws Could Spell 'Lights Out' for Servers]( Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access. [Will Cybersecurity Remain Recession-Proof in 2023?]( Demand for skilled professionals will remain high, but cyber budgets will be eaten away. [Are Your Employees Thinking Critically About Their Online Behaviors?]( Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices. [MORE]( EDITORS' CHOICE [Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status]( Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps. LATEST FROM THE EDGE [Why CISOs Should Care About Brand Impersonation Scam Sites]( Enterprises often don't know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers' trust, money, and personally identifiable information. LATEST FROM DR TECHNOLOGY [Checkmarx Launches Threat Intelligence for Open Source Packages]( The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain. WEBINARS - [The Ransomware Evolution: Protecting Against Professionalized Cybercriminal Operations]( Ransomware gangs are highly professional operations, with teams dedicated for customer service, help-desk, software development, distribution, and even marketing. There are marketplaces where attackers can easily pick up ransomware and attack infrastructure. Does your organization understand what kind of cybercriminal ... - [Deciphering the Hype Around XDR]( Security teams are increasingly being asked about the organization's Extended Detection and Response capabilities. There is still a lot of confusion and misunderstanding about XDR and what it can accomplish. XDR goes beyond endpoint monitoring and detection, while extending visibility ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( - [State of Email Security]( - [Ransomware Resilience and Response: The Next-Generation]( - [Ransomware Is On The Rise]( - [State of Ransomware Readiness: Facing the Reality Gap]( - [How Hybrid Work Fuels Ransomware Attacks]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Vista Equity Partners Completes Acquisition of KnowBe4]( [Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC]( [Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report]( [Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats]( [Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data]( [Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)