Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit | 'Play' Ransomware Group Targeting MSPs Worldwide

Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees. [TechWeb]( Follow Dark Reading: [RSS]( August 24, 2023 LATEST SECURITY NEWS & COMMENTARY [Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit]( Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees. ['Play' Ransomware Group Targeting MSPs Worldwide in New Campaign]( Attackers use remote monitoring and management tools at MSPs to gain unfettered access to target networks. [North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT]( The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies. [Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology]( Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed. [CISA Committee Tackles Remote Monitoring and Management Protections]( CISA's public-private partnership produces RMM strategies to shore up critical infrastructure and to educate the MSPs that provide remote access to them. [LinkedIn Suffers 'Significant' Wave of Account Hacks]( Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. [PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks]( Microsoft is aware of the issue, but so far its attempts to address it don't appear to have worked, researchers say. [DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws]( Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media. [Researchers Trick an iPhone Into Faking Airplane Mode]( How mobile attackers could gaslight iPhone users, allowing the perfect cover for post-exploitation malicious activity. [Name That Toon: Swift as an Arrow]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Unveiling the Hidden Risks of Routing Protocols]( Neglecting security of Border Gateway Protocol (BGP) and other routing protocols has created multiple vulnerabilities that must be addressed. [When Leadership Style Is a Security Risk]( Risk-aware leaders can be a cybersecurity advantage. Their flexible leadership style and emphasis on security first help set the tone and demonstrate a commitment to avoiding risk. [Generative AI Is Scraping Your Data. So, Now What?]( AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How Innovation Accelerators Are at Work on the Dark Side]( Digital commerce remains the richest target for cybercriminals, yet physical payment threats remain strong. [5 Early Warning Indicators That Are Key to Protecting National Secrets]( The Defense Department must modernize user activity monitoring by prioritizing data that can be used early to proactively mitigate insider risk. [The Physical Impact of Cyberattacks on Cities]( Understanding potential threats and regularly updating response plans are the best lines of defense in the new world of cyberattacks. [MORE]( EDITORS' CHOICE [Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts]( Attacks targeting the now-patched bug have been going on since at least April 2023, security vendor says. LATEST FROM THE EDGE ['Cuba' Ransomware Group Uses Every Trick in the Book]( How a Russian cybercrime group using Cuban Revolution references and iconography has emerged as one of the most profitable ransomware operations. LATEST FROM DR TECHNOLOGY [AI Risk Database Tackles AI Supply Chain Risks]( The open source tool — a collaboration between Robust Intelligence, MITRE, and Indiana University — assesses heavily shared, public machine learning models for risk. LATEST FROM DR GLOBAL [Energy One Investigates Cyberattack]( Energy One is trying to determine the initial point of entry and whether personal information has been compromised. WEBINARS - [Managing Security In a Hybrid Cloud Environment]( Many enterprises have embraced hybrid- and multi-clouds. They spread their workloads across private data centers and public cloud, or across multiple cloud providers. How do you manage security when the tools are all different? How do you enforce security controls ... - [The Threat Hunter's Playbook: Mastering Cloud Defense Strategies]( Secure your spot now for this unforgettable cybersecurity adventure, filled with real-world examples, best practices, and expert insights from our threat research team. Level up your cloud security defense. When you attend this webinar, you will hear from the Sysdig's ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Crucial Considerations when Enabling Secure Industrial Digital Transformation]( - [Causes and Consequences of IT and OT Convergence]( - [Essential SASE Must-haves]( - [Rediscovering Your Identity]( - [Cybersecurity in a post pandemic world: A focus on financial services]( [View More White Papers >>]( FEATURED REPORTS - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Grip Security Raising $41M Series B Led by Third Point Ventures]( [Forescout Joins MISA and Announces Integration With Microsoft Sentinel]( [Absolute Dental Services Notifies Patients of Data Security Incident]( [ProjectDiscovery Announces $25M Series A Financing and Launch of Cloud Platform]( [Israel-US Binational Industrial R&D Foundation to Invest $3.85M in Critical Infrastructure Cybersecurity Projects]( [ISC2 Announces Milestone as Community Grows to Half a Million]( [CyCognito Finds Large Volume of Personal Identifiable Information in Vulnerable Cloud and Web Applications]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [What Ransomware Groups Look for in Enterprise Victims]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117842&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_08.24.23&sp_cid=49587&utm_content=DR_NL_Dark%20Reading%20Weekly_08.24.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#90 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)