Ransomware Mastermind Uncovered After Oversharing on Dark Web

Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview." [TechWeb]( Follow Dark Reading: [RSS]( November 09, 2023 LATEST SECURITY NEWS & COMMENTARY [Ransomware Mastermind Uncovered After Oversharing on Dark Web]( Meet "farnetwork," one of the most prolific RaaS operators around, who spilled too many details during an affiliate "job interview." [Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes]( A premier Russian APT used living-off-the-land techniques in a major OT hit, raising tough questions about whether or not we can defend against the attack vector. [Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant]( The attacks are another manifestation of the concerning rise in information stealers for harvesting data and enabling persistent access to enterprise networks. [CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us]( In a rapidly evolving cybersecurity landscape, CISOs must take proactive measures to safeguard their careers and mitigate risks associated with their roles. [MGM and Caesars Attacks Highlight Social Engineering Risks]( Relying on passwords to secure user accounts is a gamble that never pays off. [(Sponsored Article) Keep Your Organization's APIs Protected This Holiday Season]( Understanding API security risks isn't just a good idea — it's a business imperative. A single API breach can lead to financial losses and reputational damage. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Meet Your New Cybersecurity Auditor: Your Insurer]( As cyber insurance gets more expensive and competitive, security decision-makers have actionable opportunities to strengthen their cyber defenses. [Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable]( Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10. [CVSS 4.0 Offers Significantly More Patching Context]( The latest vulnerability severity scoring system addresses gaps in the previous version; here's how to get the most out of it. [Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack]( To combat sophisticated threats, we need to improve how we approach authorization and access controls. [Crafting an AI Policy That Safeguards Data Without Stifling Productivity]( Companies must recognize AI's utility, while setting clear boundaries to curtail unsafe utilization. [MORE]( EDITORS' CHOICE [Marina Bay Sands Becomes Latest Hospitality Cyber Victim]( Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment. LATEST FROM THE EDGE [Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule]( Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule. LATEST FROM DR TECHNOLOGY [Software Complexity Bedevils Mainframe Security]( The high-performance and resilient platforms satisfy critical roles, but software complexity and the graying of the specialist workforce are creating security challenges. LATEST FROM DR GLOBAL [Iran-Linked Agrius APT Group Targets Israeli Education, Tech Sectors]( The attackers also use custom wipers to cover their tracks and bypass EDR. WEBINARS - [SecOps & DevSecOps in the Cloud]( Security teams today face the dual challenge of securing cloud-native applications as well as their software development processes that increasingly operate in the cloud. At the same time, attacks are rising against misconfigured cloud instances as well as a new ... - [Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods]( Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Risk Ledger Secures £6.25M to Prevent Cyberattacks on the Supply Chains of Nation's Largest Enterprises]( [Myrror Security Emerges From Stealth With $6M Seed Round to Prevent Attacks on the Software Development Process]( [Malwarebytes Launches ThreatDown to Empower Resource Constrained IT Organizations]( [Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Key DevSecOps Principles for Enterprise Mobile App Development]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119214&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_11.09.23&sp_cid=50444&utm_content=DR_NL_Dark%20Reading%20Daily_11.09.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#5e If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)