Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked. [TechWeb]( Follow Dark Reading: [RSS]( July 03, 2023 LATEST SECURITY NEWS & COMMENTARY [Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier]( The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked. [Mobile Cyberattacks Soar, Especially Against Android Users]( The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones. [African Nations Face Escalating Phishing & Compromised Password Cyberattacks]( Cyberattacks against organizations in some African nations increased significantly in 2022, despite a major expansion in cybersecurity hiring to support cloud and digital migration. [Russian Hacktivist Platform 'DDoSia' Grows Exponentially]( As cybercrime amidst the Russia-Ukraine war continues to escalate, the DDoSia project, launched by a known hacktivist group, has exploded in its number of members and quality of tools used for attacks. [CISA BOD 23-01: What Agencies Need to Know About Compliance]( The new network visibility mandate provides a good foundation for identifying risks and building better security programs at federal agencies. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics]( Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs. [Why the FDA's SBOM Mandate Changes the Game for OSS Security]( The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem. [When It Comes to Secure Coding, ChatGPT Is Quintessentially Human]( We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues. [6 Ways Cybersecurity Is Gut-Checking the ChatGPT Frenzy]( Generative AI chatbots like ChatGPT are the buzziest of the buzzy right now, but the cyber community is starting to mature when it comes to assessing where it should fit into our lives. [MORE]( EDITORS' CHOICE [Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel]( Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks. LATEST FROM DR TECHNOLOGY [Google Cloud GenAI Is Coming to Thales' Data Security Platform]( Thales will build new machine learning-powered data discovery and classification features based on Google Cloud's Vertex AI. LATEST FROM THE EDGE [Make Diversity the 'How,' Not the 'What,' of Cybersecurity Success]( Cybersecurity leaders should strive to reward high-performing teams that are powered by high levels of inclusion. LATEST FROM DR GLOBAL [Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools]( The APT35 group (aka Charming Kitten) has added backdoor capabilities to their spear-phishing payloads — and targeted an Israeli reporter with it. WEBINARS - [Finding a Backup Strategy That Works For You]( You've been hit with a ransomware, DDoS, natural disaster, or destructive cyberattack. One of the first questions: can we get our data back? Good back-ups are key to business continuity and disaster recovery, but backing up your data in preparation ... - [Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy]( Threat intelligence -- collecting data about broad trends in online attacks -- helps security teams improve their defenses by identifying online exploits that have the potential to hit their organizations and to prioritize their security resources accordingly. But how should ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [The Cloud Security Workflow Handbook]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Everything You Need to Know About DNS Attacks]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security]( [IP Fabric Announces $25M Series B Funding to Accelerate Adoption of Network Assurance]( [Perception Point Unveils AI Model to Thwart Generative AI-Based BEC Attacks]( [IEC Standardization Leaders Convene in Amsterdam to Review Utility Interworking of Key Standards]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Use Threat Intelligence to Mitigate Third-Party Risk]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)