Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status

The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says. [TechWeb]( Follow Dark Reading: [RSS]( October 27, 2023 LATEST SECURITY NEWS & COMMENTARY [Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status]( The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says. [Complex Spy Platform StripedFly Bites 1M Victims]( Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer. [Rockwell's Verve Buy Enlivens Critical Infrastructure Security]( The industrial automation giant agrees to buy Verve Industrial Protection, joining in an ICS trend of bringing cybersecurity capabilities in-house to keep up with attackers. [Iran APT Targets the Mediterranean With Watering-Hole Attacks]( Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries. [What Would a Government Shutdown Mean for Cybersecurity?]( Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too. [Longer Support Periods Raise the Bar for Mobile Security]( With Google's announcement of seven years of support, other smartphone makers risk falling behind. [(Sponsored Article) 3 Essential Steps to Strengthen SaaS Security]( SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [As Citrix Urges Its Clients to Patch, Researchers Release an Exploit]( In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide. [Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior]( We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors. [A Cybersecurity Framework for Mitigating Risks to Satellite Systems]( Cyber threats on satellite technology will persist and evolve. We need a comprehensive cybersecurity framework to protect them from attackers. [MORE]( EDITORS' CHOICE [Virtual Alarm: VMware Issues Major Security Advisory]( VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins. LATEST FROM THE EDGE [SMBs Need to Balance Cybersecurity Needs and Resources]( Small and midsize businesses face the same cyberattacks as enterprises, with fewer resources. Here's how to protect a company that has leaner means. LATEST FROM DR TECHNOLOGY [IriusRisk Brings Threat Modeling to Machine Learning Systems]( The newly launched AI & ML Security Library allows developers to analyze the code used in machine learning systems to identify and address risks. LATEST FROM DR GLOBAL [Nigerian Cybercrime Hub Shut Down With 6 Arrests]( The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise. WEBINARS - [Modern Threats, Modern Security: 3 Practical Tips for CISOs to Stop Cyber Threats in the Age of AI]( Join our Cloudflare security experts as they share advice on how modernize your threat defense and highlight: --Trends in cybersecurity like the emergence of AI, multi-channel attacks, and cybercrime-as-a-service --Practical threat defense use cases based on recent cyberattacks and customer ... - [Building an Effective Active Directory Security Strategy]( For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Tines Report Finds More than Half of Security Professionals Likely To Switch Jobs Next Year]( [2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report]( [Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico]( [SailPoint Unveils Annual 'Horizons of Identity Security' Report]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Tips for a Streamlined Transition to Zero Trust]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118973&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.27.23&sp_cid=50290&utm_content=DR_NL_Dark%20Reading%20Daily_10.27.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#da If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)