China APT Cracks Cisco Firmware in Attacks Against the US and Japan

Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance. [TechWeb]( Follow Dark Reading: [RSS]( September 28, 2023 LATEST SECURITY NEWS & COMMENTARY [China APT Cracks Cisco Firmware in Attacks Against the US and Japan]( Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance. [Researchers Release Details of New RCE Exploit Chain for SharePoint]( One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution. [Hackers Trick Outlook Into Showing Fake AV Scans]( Researchers spot attackers using an existing phishing obfuscation tactic in order to better ensure recipients fall for their scam. [Microsoft Adds Passkeys to Windows 11]( It's the latest step in the gradual shift away from traditional passwords. [How the Okta Cross-Tenant Impersonation Attacks Succeeded]( Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you. [Threat Data Feeds and Threat Intelligence Are Not the Same Thing]( It's important to know the difference between the two terms. Here's why. [Kenyan Financial Firm Fined for Mishandling Data]( Kenyan data protection regulator issues monetary penalties to multiple firms for improper handling of personal data. [(Sponsored Article) Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection]( Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [MOVEit Flaw Leads to 900 University Data Breaches]( National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment. [The Hot Seat: CISO Accountability in a New Era of SEC Regulation]( Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities. [Suspicious New Ransomware Group Claims Sony Hack]( A deceitful threat actor claims its biggest haul yet. But what, if any, Sony data does it actually have? [4 Pillars for Building a Responsible Cybersecurity Disclosure Program]( Responsible disclosure must strike a balance between the immediate need to protect users and the broader security implications for the entire community. [MORE]( EDITORS' CHOICE [Amid MGM, Caesars Incidents, Attackers Focus on Luxury Hotels]( A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware. LATEST FROM THE EDGE [Will Government Secure Open Source or Muck It Up?]( The US government aims to support open source projects, while the European Union seeks to make open source projects liable for their software. Which approach will lead to more security? LATEST FROM DR TECHNOLOGY [A Preview of Windows 11’s Passkeys Support]( The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. LATEST FROM DR GLOBAL [Chad Taps Huawei for Digital Modernization Project]( Fiber optic networks and better connectivity for Chad's users are part of the ICT modernization project with the Chinese networking giant. WEBINARS - [The Enterprise View to Cloud Security]( Today's enterprises may have dozens and dozens of cloud applications and services running in their environment. Enterprises need to coordinate security, manage privileges and access, and handle incident response - the service provider will do only so much. In this ... - [The Evolution of the Vulnerability Landscape in 2023]( While this summer has been jokingly called "zero-day summer" by some, 2023 fits Mandiant observations that zero-day exploitation has been trending upward for the last few years. As shown in our zero-day trends blog post, Mandiant tracked 55 zero-day vulnerabilities that we ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Digital Transformation and Connected Systems Have Opened the Door to New Threat Vectors]( - [Evaluating SASE for the Work-From-Anywhere Era]( - [Essential SASE Must-haves]( - [The Ultimate Guide to the CISSP]( - [Cybersecurity in a post pandemic world: A focus on financial services]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle]( [Cyemptive Technologies Expands Operations in the Middle East and the Americas]( [Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities]( [Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118446&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.28.23&sp_cid=49955&utm_content=DR_NL_Dark%20Reading%20Daily_09.28.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#4f If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)