GE, DARPA Hack Claims Raise National Security Concerns | Former Uber CISO Speaks Out on Data Breach, SolarWinds

Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. [TechWeb]( Follow Dark Reading: [RSS]( November 30, 2023 LATEST SECURITY NEWS & COMMENTARY [General Electric, DARPA Hack Claims Raise National Security Concerns]( Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies. [Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds]( Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. [Google Patches Another Chrome Zero-Day as Browser Attacks Mount]( The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently. [Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack]( The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. [Ex-Cybersecurity Adviser to Bush, Obama Weighs in On Current Admin]( Melissa Hathaway, a former White House cybersecurity adviser, says Biden is pushing through more regulatory reforms than previous administrations. [Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw]( A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys. [CISA to Congress: US Under Threat of Chemical Attacks]( Dropping the ball on chemical security has precipitated "a national security gap too great to ignore," CISA warns. [Rootkit Turns Kubernetes from Orchestration to Subversion]( Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. [macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks]( Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers. [Name That Toon: Slam Dunk]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [3 Ways to Stop Unauthorized Code From Running in Your Network]( As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code. [How the Evolving Role of the CISO Impacts Cybersecurity Startups]( CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity]( Companies must do a delicate dance between consumer privacy protection, upholding their product's efficacy, and de-risking cyber breaches to run the business. [Thought GDPR Compliance Was Hard? Buckle Up]( Guy Tytunovich, founder and CEO of CHEQ, says the days of a one-size-fits-all consent strategy are gone. Consider a two-pronged approach and use smart consent management technology to adapt to differing regulations. [Fight or Flight: How to Keep Cyberattacks From Taking Off]( As industries around the world act to mitigate the increase in cyber threats, the aviation sector should be leading the cybersecurity uprising, explains William "Hutch" Hutchison, CEO of SimSpace. [MORE]( EDITORS' CHOICE [Dark Reading Debuts Fresh New Site Design]( Check out our new look — it's crisp, fast, and more reader-friendly. LATEST FROM THE EDGE [10 Holiday Gifts For Stressed-Out Security Pros]( Office giving-friendly fidgets, stress balls, brain teasers, and more that are perfect to calm the most harried cybersecurity professionals. LATEST FROM DR TECHNOLOGY [Rundown of Security News from AWS re:Invent 2023]( Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event. LATEST FROM DR GLOBAL [How a Teenage Saudi Hacker Went From Lockpicking to Ransomware]( Black Hat speaker and 13-year-old ethical hacker Marco Liberale talks about his interest in cybersecurity, and what opportunities he has in Saudi Arabia. WEBINARS - [How to Combat the Latest Cloud Security Threats]( More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ... - [Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing]( Many of today's most damaging cyberattacks begin with a phishing lure delivered over corporate email. The attacks against Microsoft Exchange illustrated the extent of damage attackers can inflict by targeting enterprise email servers. Many enterprises still don't have a unified ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Code Scanner by Piiano Helps Enterprises Prevent Data Leaks Proactively]( [1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms]( [Announcing Fortanix Key Insight — A Solution to Discover and Remediate Data Security Risks in Hybrid Multicloud Environments]( [XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Effective Security Analytics for Enterprises]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119633&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_11.30.23&sp_cid=50757&utm_content=DR_NL_Dark%20Reading%20Weekly_11.30.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#58 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)