Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds

Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. [TechWeb]( Follow Dark Reading: [RSS]( November 29, 2023 LATEST SECURITY NEWS & COMMENTARY [Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds]( Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. [CISA to Congress: US Under Threat of Chemical Attacks]( Dropping the ball on chemical security has precipitated "a national security gap too great to ignore," CISA warns. [Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads]( Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company. [Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks]( Online shopping websites often lack basic security protections when it comes to PII, allowing malicious actors to capitalize on consumer data or perpetuate retail and hospitality scams. [macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks]( Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers. [Slovenian Electrical Utility HSE Suffers Ransomware Attack]( The company's power production remains in operation, and authorities have been notified of the attack. [Attacks Against South African ICS and IoT Systems Steadily Decrease]( All African nations saw a reduced number of cyberattacks on industrial and IoT systems in the third quarter of 2023 compared with earlier this year. [Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk]( Google says the issue has to do with organizations ensuring they implement least-privilege principles. [Fight or Flight: How to Keep Cyberattacks From Taking Off]( As industries around the world act to mitigate the increase in cyber threats, the aviation sector should be leading the cybersecurity uprising, explains William "Hutch" Hutchison, CEO of SimSpace. [Name That Toon: Slam Dunk]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [(Sponsored Article) 3 Essential Steps to Strengthen SaaS Security]( SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [General Electric, DARPA Hack Claims Raise National Security Concerns]( Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. [Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity]( Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business. [CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines]( US and UK authorities issued new recommendations for companies that build and rely on AI, but they stop short of laying down the law. [MORE]( EDITORS' CHOICE [Dark Reading Debuts Fresh New Site Design]( Check out our new look — it's crisp, fast, and more reader-friendly. LATEST FROM THE EDGE [Exploited Vulnerabilities Can Take Months to Make KEV List]( The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other sources of threat intelligence. LATEST FROM DR TECHNOLOGY [GenAI Requires New, Intelligent Defenses]( Understanding the risks of generative AI and the specific defenses to build to mitigate those risks is vital for effective business and public use of GenAI. LATEST FROM DR GLOBAL [Egyptian E-Payment Vendor Recovering From LockBit Ransomware Attack]( Fawry confirms addresses, phone numbers, and dates of birth, leaked online. WEBINARS - [Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven]( In this session, you'll learn what a holistic approach to SSCS requires, including a comprehensive inventory of your supply chain, connecting risks across the development lifecycle, and leveraging code-to-runtime context to prioritize risks. We'll provide examples of "toxic combinations" between ... - [Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods]( Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Hack The Box Launches 5th Annual University CTF Competition]( [Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market]( [CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Tips for a Streamlined Transition to Zero Trust]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119608&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_11.29.23&sp_cid=50740&utm_content=DR_NL_Dark%20Reading%20Daily_11.29.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#c0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)