Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities

CEO of CyTaka says offensive actions would create a deterrent against cyberattacks. [TechWeb]( Follow Dark Reading: [RSS]( December 15, 2023 LATEST SECURITY NEWS & COMMENTARY [Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities]( Chinese threat actors are taking advantage of the poor state of edge security to breach both small and big fish. [New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks]( The fresh-faced cybercrime group has been using nothing but publicly available penetration testing tools in its campaign so far. [Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams]( New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments. [Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over]( The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic for evasion. [Safeguarding Our Children's Digital Future: A Call to Action]( Frequent cyberattacks on America's schools are putting our children at risk. Urgent action is needed to protect students and families. [The Unlikely Romance of Hackers and Government Suitors]( Very little modern federal infrastructure is managed by the government — putting a substantial portion of potentially targetable attack surfaces under oversight of federal contractors. [(Sponsored Article) 5 Fundamental Actions to Protect the SaaS Supply Chain]( Effective third-party risk management is crucial for identifying and mitigating vulnerabilities in the SaaS supply chain. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare]( Russia's APT29 is going after a critical RCE flaw in the JetBrains TeamCity software developer platform, prompting governments worldwide to issue an urgent warning to patch. [Ransomware Gangs Use PR Charm Offensive to Pressure Victims]( Threat actors are fully embracing the spin machine: rebranding, speaking with the media, writing detailed FAQs, and more, all in an effort to make headlines. [Software & Security: How to Move Supply Chain Security Up the Agenda]( Getting more insight helps you to prioritize across all your systems, letting you drive more collaboration, real change, and real success for your teams. [MORE]( PRODUCTS & RELEASES [Swinfen Charitable Trust, UVA Health, Telemedicine AI, and MITRE Collaborate on Secure Global Health Telemedicine]( [Stamus Networks Supports NATO Red Teaming Cyber Exercise for the Fifth Consecutive Year]( [Survey: 90% of IT Pros Felt Prepared for a Password-Based Cyberattack, Yet More Than Half Fell Victim to One]( [BlackBerry Appoints John Giamatteo as CEO]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Attackers Target Microsoft Accounts to Weaponize OAuth Apps]( After compromising Azure and Outlook user accounts, threat actors are creating malicious apps with high privileges to conduct cryptomining, phishing, and password spraying. LATEST FROM THE EDGE [Tips for Modernizing SecOps Teams]( Dark Reading's special report looks at ways security operations teams can improve their efficiency and effectiveness to address the latest threats. LATEST FROM DR TECHNOLOGY [Confidential AI Protects Data and Models Across Clouds]( Confidential AI integrates zero trust and confidential computing to guard data and models during inferencing, training, learning, and fine-tuning. LATEST FROM DR GLOBAL [Israeli Company Hires Overseas Attackers in 'Hack-Back' Effort]( CEO of CyTaka says offensive actions would create a deterrent against cyberattacks. WEBINARS - [Everything You Need to Know About DNS Attacks]( - [SecOps & DevSecOps in the Cloud]( Security teams today face the dual challenge of securing cloud-native applications as well as their software development processes that increasingly operate in the cloud. At the same time, attacks are rising against misconfigured cloud instances as well as a new ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Perspectives on Security for the Board: Edition 3]( - [Entering the era of generative AI-enabled security]( - [KVM Switch High Performance Applications with Dominion KX III]( - [The Forrester Wave™: Vulnerability Risk Management, Q3 2023]( - [Cloud Security Maturity Model: Vision, Path, Execution]( - [Ultimate Guide to Building a Data Governance Program]( - [Processing principles under the GDPR, CCPA, and the EU-US DPF]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119953&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.15.23&sp_cid=51021&utm_content=DR_NL_Dark%20Reading%20Daily_12.15.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#42 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)