Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach

Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. [TechWeb]( Follow Dark Reading: [RSS]( October 13, 2023 LATEST SECURITY NEWS & COMMENTARY [Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach]( Joe Sullivan's lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. [DarkGate Operator Uses Skype, Teams Messages to Distribute Malware]( A plurality of the targets in the ongoing campaign have been based in the Americas. [Brands Beware: X's New Badge System Is a Ripe Cyber-Target]( Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike. [Backdoor Lurks Behind WordPress Caching Plug-in to Hijack Websites]( Evasive malware disguised as a caching plug-in allows attackers to create an admin account on a WordPress site, then take over and monetize sites at the expense of legitimate SEO and user privacy. [Protect Critical Infrastructure With Same Rigor as Classified Networks]( Government security processes are often viewed as tedious and burdensome — but applying the lessons learned from them is imperative for private industry to counter a nation-state threat. [The Cyberwar Between the East and the West Goes Through Africa]( By working cooperatively, the West and Africa can mobilize to tackle nation-state-backed cyber threats. [Microsoft Set to Retire Grunge-Era VBScript, to Cybercrime's Chagrin]( Popular malware like QakBot and DarkGate rely on VBScript, which dates back to 1996 — but their days are numbered now that Microsoft is finally deprecating the Windows programming. language. [Simpson Manufacturing Launches Investigation After Cyberattack]( The company has taken down its systems in an effort to determine the scope of the attack. [(Sponsored Article) How to Interpret the 2023 MITRE ATT&CK Evaluation Results]( Unpack MITRE's methodology, understand the results, and learn top takeaways from Cynet's evaluation of MITRE's annual security vendor tests. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware]( A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail. [Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear]( Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims. [Addressing a Breach Starts With Getting Everyone on the Same Page]( The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align. [Reassessing the Impacts of Risk Management With NIST Framework 2.0]( The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk. [MORE]( EDITORS' CHOICE [Curl Bug Hype Fizzles After Patching Reveal]( Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments. LATEST FROM THE EDGE [Insurance Companies Have a Lot to Lose in Cyberattacks]( Not only do insurance companies collate sensitive information from their clients, but they also generate their own corporate data to protect. LATEST FROM DR TECHNOLOGY [Making the Case for Cryptographic Agility and Orchestration]( Finding the right post-quantum cryptographic (PQC) algorithms is necessary, but not sufficient, to future-proof cybersecurity. LATEST FROM DR GLOBAL [Pan-African Financial Apps Leak Encryption, Authentication Keys]( Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows. WEBINARS - [Building an Effective Active Directory Security Strategy]( For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ... - [Using AI in Application Security Tooling]( As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [2023 Global Future of Cyber Report]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [BlackBerry Unveils Next-Generation UEM Redefining the Endpoint Management Market]( [New Malwarebytes Survey: Consumers Lack Trust in New Tech]( [ForAllSecure Announces Dynamic Software Bill of Materials for Application Security]( [Okta Launches Cybersecurity Workforce Development Initiative to Help Close the Tech and Cybersecurity Skills Gap]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Deploy Zero Trust for Remote Workforce Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118733&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.13.23&sp_cid=50131&utm_content=DR_NL_Dark%20Reading%20Daily_10.13.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#94 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)