SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023. [TechWeb]( Follow Dark Reading: [RSS]( April 28, 2023 LATEST SECURITY NEWS & COMMENTARY [SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023]( SEO-aided attacks, developer targeting, and malicious use of AI top the list for 2023. [CISO Survival Guide for Cyberattacks]( CISOs who have survived major cyber incidents recommend letting company ethos guide incident response. [Threat Actor Names Proliferate, Adding Confusion]( Goodbye, Phosphorus! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more? [Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive]( As threat actors around the world grow and evolve, APTs from the DPRK stand out for their spread and variety of targets. [China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor]( Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications. [Combating Kubernetes — the Newest IAM Challenge]( IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals. [The White House National Cybersecurity Strategy Has a Fatal Flaw]( The government needs to shift focus and reconsider how it thinks about securing our nation's digital and physical assets. [Google 2FA Syncing Feature Could Put Your Privacy at Risk]( Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Malware-Free Cyberattacks Are on the Rise; Here's How to Detect Them]( Last year, 71% of enterprise breaches were pulled off quietly, with legitimate tools, research shows. [Effects of the Hive Ransomware Group Takedown]( Despite some success in limiting damage from Hive, there's no time to relax security vigilance. [Name That Toon: Lucky Charm]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( EDITORS' CHOICE [Metaverse Version of the Dark Web Could Be Nearly Impenetrable]( Law enforcement will likely find it much harder to take down criminal activities on the "deepverse." LATEST FROM THE EDGE [Cyber Certainty: Investing in Resilience During a Post-Correction Market]( In 2023, there is massive innovation being developed in all sectors, from cybersecurity to AI and quantum computing to IT management and information security, and in all the ways they intersect. LATEST FROM DR TECHNOLOGY [Software-Dependency Data Delivers Security to Developers]( Google has opened up its software-dependency database, adding to the security data available to developers and toolmakers. Now developers need to use it. WEBINARS - [Next-Generation Supply Chain Security]( Supply chain attacks are on the rise. Attackers are injecting malicious code into software and hardware components to create backdoors into the organization. As the Kaseya attack demonstrated, compromising a widely used product gives attackers privileged access into corporate networks. ... - [Puzzled by Patching: Solve Endpoint Pains]( In this webinar, you'll learn critical steps to improve your security posture and reduce patching complexity so that your IT team can do more with less while keeping security at the forefront. Now is the time to slay the time-consuming ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Invicti AppSec Indicator: Tuning Out the AppSec Noise is All About DAST]( - [Cybersecurity Maturity Model Certification (CMMC) Version 1.02]( - [Every Minute Matters: Real-World Incident Response Timelines In Action]( - [The Big Business Of Cybercrime: A Deep Dive Guide]( - [The 3 Approaches to Breach & Attack Simulation Technologies]( - [What Are the Top and Niche Use Cases for Breach and Attack Simulation Technology?]( - [The Cloud Security Workflow Handbook]( [View More White Papers >>]( FEATURED REPORTS - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [MajorKey Accelerates Pureplay Information Security Strategy With Acquisition of Legion Star]( [Tessian Fully Integrates With M365 To Provide Threat Protection and Insider Risk Protection]( [Delinea Onsite RSA Conference Survey Reveals Cloud Security Remains Top Cybersecurity Concern in 2023]( [Tenable Makes Generative AI Security Tools Available to the Research Community]( [Uptycs Launches Cloud Security Early Warning System]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)