SEC Charges Against SolarWinds CISO Send Shockwaves | Biden's AI Executive Order Covers Broad Concerns

The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are. [TechWeb]( Follow Dark Reading: [RSS]( November 02, 2023 LATEST SECURITY NEWS & COMMENTARY [SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks]( The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are. [Biden's Artificial Intelligence Executive Order Covers Broad Concerns]( The executive order is ambitious and seeks to protect a variety of different groups that are most at risk from the irresponsible use of AI. [Boeing Confirms Cyberattack, System Compromise]( The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack. [Boeing Breached by Ransomware, LockBit Gang Claims]( LockBit gives Boeing a Nov. 2 deadline to pay the ransom or have its sensitive documents leaked to the public, but it hasn't given evidence of the compromise. [Safari Side-Channel Attack Enables Browser Theft]( The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history. ['Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains]( Cybercriminals are upping their phishing with shortened links and showing that coveted, regulated top-level domains aren't as exclusive as you'd think. [Microsoft: 0ktapus Cyberattackers Evolve to 'Most Dangerous' Status]( The English-speaking cyberattack group behind the MGM and Caesars Entertainment attacks is adding unique capabilities and gaining in sophistication. Prepare now, Microsoft says. [Octo Tempest Group Threatens Physical Violence as Social Engineering Tactic]( The financially motivated English-speaking threat actors use advanced social engineering techniques, SIM swapping, and even threats of violence to breach targets. [Google Dynamic Search Ads Abused to Unleash Malware 'Deluge']( An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless. [20 Years Later, Is Patch Tuesday Enough?]( Microsoft's longstanding practice isn't enough to handle its vulnerability problem. [What Would a Government Shutdown Mean for Cybersecurity?]( Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too. [What the Boardroom Is Missing: CISOs]( From communicating why security should be a priority to advocating for accountability and greater focus on protecting data in the cloud, CISOs can make the case for keeping people and sensitive data secure. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Survey: AppSec Maturity Hindered by Staffing, Budgets, Vulnerabilities]( Report highlights the challenges impeding the applications industry from achieving AppSec maturity. [What Lurks in the Dark: Taking Aim at Shadow AI]( Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks. [3 Ways to Close the Cybersecurity Skills Gap — Now]( The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training. [It's Cheap to Exploit Software — and That's a Major Security Problem]( The solution? Follow in the footsteps of companies that have raised the cost of exploitation. [MORE]( EDITORS' CHOICE [Iran APT Targets the Mediterranean With Watering-Hole Attacks]( Nation-state hackers are using hybrids to ensnare those in the maritime, shipping, and logistics industries. LATEST FROM THE EDGE [A Ukrainian Company Shares Lessons in Wartime Resilience]( The CTO of MacPaw provides a case study in planning for cybersecurity and uptime in the face of armed conflict. LATEST FROM DR TECHNOLOGY [New Index Finds AI Models Are Murky, Not Transparent At All]( Despite the growing demand for AI transparency, 10 of the better-known models did not score very highly on Stanford's new Foundation Model Transparency Index. LATEST FROM DR GLOBAL [UAE Cyber Council Warns of Google Chrome Vulnerability]( The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser. WEBINARS - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... - [Modern Threats, Modern Security: Lessons in Facing the 3 Urgent Risks of Zero-Days, Supply Chain Attacks, and Social Engineering]( $10.5 trillion. That is one projection for the costs of global cybercrime by 2025 - which would represent the greatest transfer of economic wealth in history. Open up DarkReading, and it seems like we are on that trajectory, with high-profile attacks and ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Proofpoint Signs Definitive Agreement to Acquire Tessian]( [Healey-Driscoll Awards $2.3M to CyberTrust Massachusetts to Strengthen Municipal Cybersecurity Efforts]( [Cranium Announces $25 Million in Series A Funding to Secure AI]( [Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time]( [ReasonLabs Unveils RAV VPN for Apple iOS]( [70% of Crypto Companies Report Deepfake Fraud Rise]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Key DevSecOps Principles for Enterprise Mobile App Development]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119087&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_11.02.23&sp_cid=50368&utm_content=DR_NL_Dark%20Reading%20Weekly_11.02.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#76 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)