Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain

CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government. [TechWeb]( Follow Dark Reading: [RSS]( September 29, 2023 LATEST SECURITY NEWS & COMMENTARY [Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain]( CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government. [Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits]( So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them. [New Cisco IOS Zero-Day Delivers a Double Punch]( The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. [Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool]( Attackers exclusively target Windows users with an impersonation website that distributes information-stealing malware. [Supply Chain Attackers Escalate With GitHub Dependabot Impersonation]( Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice. [Johnson Controls International Disrupted by Major Cyberattack]( The company filed with the SEC and is assessing its operations and financial damages. [4 Legal Surprises You May Encounter After a Cybersecurity Incident]( Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. [Looking Beyond the Hype Cycle of AI/ML in Cybersecurity]( Artificial intelligence and machine learning aren't yet delivering on their cybersecurity promises. How can we close the gaps? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How the Okta Cross-Tenant Impersonation Attacks Succeeded]( Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you. [China APT Cracks Cisco Firmware in Attacks Against the US and Japan]( Sophisticated hackers are rewriting router firmware in real time and hiding their footprints, leaving defenders with hardly a fighting chance. [Microsoft Adds Passkeys to Windows 11]( It's the latest step in the gradual shift away from traditional passwords. [Threat Data Feeds and Threat Intelligence Are Not the Same Thing]( It's important to know the difference between the two terms. Here's why. [MORE]( EDITORS' CHOICE [Researchers Release Details of New RCE Exploit Chain for SharePoint]( One of the already-patched flaws enables elevation of privilege, while the other enables remote code execution. LATEST FROM THE EDGE [QR Code 101: What the Threats Look Like]( Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them. LATEST FROM DR TECHNOLOGY [7 Ways SMBs Can Secure Their WordPress Sites]( This Tech Tip outlines seven easy fixes small and midsize businesses can use to prevent the seven most common WordPress vulnerabilities. LATEST FROM DR GLOBAL [Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World]( How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC). WEBINARS - [DevSecOps for Mobile App Development]( Baking security into applications earlier in the software development lifecycle has become the mantra of the enterprise today, with software development and security teams working closely together to ensure more secure coding throughout the development process to ensure safer and ... - [Using AI in Application Security Tooling]( As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Mandiant Threat Intelligence at Penn State Health]( - [Causes and Consequences of IT and OT Convergence]( - [Digital Transformation and Connected Systems Have Opened the Door to New Threat Vectors]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [Rediscovering Your Identity]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities]( [Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent]( [Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities]( [Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023]( [Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The State of Supply Chain Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118469&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.29.23&sp_cid=49967&utm_content=DR_NL_Dark%20Reading%20Daily_09.29.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#fd If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)