It's Time for Cybersecurity to Talk About Climate Change | OWASP Lead Flags Hole in Software Supply Chain Security

From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution. [TechWeb]( Follow Dark Reading: [RSS]( August 10, 2023 LATEST SECURITY NEWS & COMMENTARY [It's Time for Cybersecurity to Talk About Climate Change]( From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change. [OWASP Lead Flags Gaping Hole in Software Supply Chain Security]( SBOMs aren't enough: Developers need to dig deeper into how software is built by using a process called binary source validation. ['Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw]( A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause. [DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023]( Dark Reading News Desk returns for a second day of interviews from Black Hat USA 2023. The livestream will start at 10 a.m. PT. [Microsoft Patches Zero-Day Bug Under Active Exploit in August Update]( Attackers are already exploiting one of Microsoft's August Patch Tuesday fixes in the wild, which offers up a low attack complexity for cyberattackers. [Black Hat Opens With Call to Steer AI from Predictions to Policy]( Without cybersecurity guardrails now, AI will be harder to harness in the future. [Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised]( Many organizations have failed to patch a critical zero-day vulnerability, allowing hackers to install Web shells on hundreds of endpoints. [Apple Users See Big Mac Attack, Says Accenture]( Accenture's Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue. [Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics]( The group continues to target SQL servers, adding the Remcos RAT, BatCloak, and Metasploit in an attack that shows advance obfuscation methods. [Tesla Jailbreak Unlocks Theft of In-Car Paid Features]( Want heated seats for free? Self-driving in Europe despite a regulatory ban? Researchers have discovered the road to free car-modding on the popular Tesla EVs. [Google, Microsoft Take Refuge in Rust Language's Better Security]( More tech giants are turning to the Rust programming language for its built-in memory safety and other security features. [Salesforce Zero-Day Exploited to Phish Facebook Credentials]( The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections. [Exclusive: CISA Sounds the Alarm on UEFI Security]( Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says. [Burger King Serves Up Sensitive Data, No Mayo]( The incident marks the second time since 2019 that a misconfiguration could have let threat actors "have it their way" when it comes to BK's data. [Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages]( Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market. [Selling Software to the US Government? Know Security Attestation First]( Challenging new safety requirements are needed to improve security and work toward a more secure future. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance]( More-effective cyber-risk management controls can help bolster a company's policy worthiness. Start with these 10 tips to manage risk as underwriter requirements get more sophisticated. [Why Shellshock Remains a Cybersecurity Threat After 9 Years]( Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself. [How to Talk So Your CISO Will Listen]( Tailor your business project proposal to suit the language your company's CISO speaks, be it business, technical, or compliance. Do your research first and gather support from around the company. [MORE]( EDITORS' CHOICE [Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR]( A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems. LATEST FROM THE EDGE [Name That Edge Toon: How Now?]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [AI Risk Database Tackles AI Supply Chain Risks]( The open source tool — a collaboration between Robust Intelligence, MITRE, and Indiana University — assesses heavily shared, public machine learning models for risk. LATEST FROM DR GLOBAL [Iran's APT34 Hits UAE With Supply Chain Attack]( The prolific APT, also known as OilRig, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage. WEBINARS - [The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital Age]( Artificial Intelligence has come roaring to the forefront of today's technology landscape. It has revolutionized industries and will modernize careers, bringing numerous benefits and advancements to our daily lives. However, it is crucial to recognize that AI also introduces unseen ... - [Where and When Automation Makes Sense For Enterprise Cybersecurity]( A shortage of skilled IT security professionals has made it tempting to try to automate everything. But security teams have to be able to determine which tasks are safe to automate. How does emerging automation technology work, and how can ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Checkmarx CISO Study Finds 96% of CISOs Say Their Business Prospects Consider Their Organizations' AppSec Maturity When Making Deal Decisions]( [Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right]( [Brillio Partners With Google Cloud to Build Generative AI Solutions for the Financial Services and Healthcare Industries]( [75% of Organizations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices]( [Akamai Research: Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware]( [Symmetry Systems Closes $17.7M To Scale its AI-Powered Data Security Platform]( [LastPass Announces Availability of FIDO2 Authenticators for Passwordless Login]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Supply Chain Attacks Work, and How to Stop Them]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117669&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_08.10.23&sp_cid=49452&utm_content=DR_NL_Dark%20Reading%20Weekly_08.10.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#8c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)