Linux Distros Hit by RCE Vulnerability in Shim Bootloader | Verizon Employee Data Exposed in Insider Threat Incident

However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug. [TechWeb]( Follow Dark Reading: [RSS]( February 08, 2024 LATEST SECURITY NEWS & COMMENTARY [Linux Distros Hit by RCE Vulnerability in Shim Bootloader]( However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug. [Verizon Employee Data Exposed in Insider Threat Incident]( Tens of thousands of workers are effected by a fellow employee dipping into files that include everything from SSNs and names to union status and compensation data. [China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure]( Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to CISA. [AnyDesk Compromised, Passwords Revoked]( Production systems at the remote access company were breached, leading AnyDesk to revoke code signing certificate and reset Web portal credentials as part of its incident response. [Cloudflare Falls Victim to Okta Breach, Atlassian Systems Cracked]( The cyberattackers, believed to be state sponsored, didn't get far into Cloudflare's global network, but not for lack of trying. [China Infiltrates US Critical Infrastructure in Ramp-up to Conflict]( Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials. [Fulton County Court System Still Hobbled by Cyberattack]( Even clients are having a difficult time searching for information on cases online. [Critical Bugs in Canon Small Office Printers Allow Code Execution, DDoS]( A grouping of serious printer bugs, unveiled at last summer's Pwn2Own, were patchless for months, but are finally fixed now. [Microsoft Azure HDInsight Bugs Expose Big Data to Breaches]( Security holes in a big data tool could lead to big data compromise. [Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists]( Deepfakes are fast becoming more realistic, and access to them more democratic, enabling even ordinary attackers to enact major fraud. What's the most effective way to fight back? [Teens Committing Scary Cybercrimes: What's Behind the Trend?]( Crypto theft, sextortion tactics, swattings, and ransomware: teenagers are increasingly taking up cybercrime for fun and profit — and experts credit an array of contributing factors. [How to Prepare for Elevated Cybersecurity Risk at the Super Bowl]( Super Bowl 2024 in Las Vegas is a magnet for cybercrime. Here are a few things businesses should consider to minimize their risk. [CISO Corner: Gen Z Challenges, CISO Liability & Cathay Pacific Case Study]( Dark Reading's roundup of strategic cyber-operations insights for chief information security officers. [Why Gen Z Is the New Force Reshaping OT Security]( Modernizing legacy operational technology (OT) systems to align with younger workers' technology habits, skills, and expectations can enhance security and resiliency. [How Neurodiversity Can Help Fill the Cybersecurity Workforce Shortage]( Many people with ADHD, autism, dyslexia, and other neurodiverse conditions bring new perspectives that can help organizations solve cybersecurity challenges. [Interpol's 'Synergia' Op Nabs Dozens of Cybercriminals, Zaps Global C2s]( The largest number of takedowns in Africa were in South Sudan and Zimbabwe. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How the SEC's Rules on Cybersecurity Incident Disclosure Are Exploited]( Cyber hygiene is no longer a nice-to-have but necessary for organizations that want to survive the relentless barrage of cyberattacks being unleashed daily. [The Imperative for Robust Security Design in the Health Industry]( It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information. [CMMC Is the Starting Line, Not the Finish]( Cybersecurity Maturity Model Certification (CMMC) and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies. [MORE]( PRODUCTS & RELEASES [New Report From Flare Highlights Pervasive Threat of Initial Access Brokers in NATO Countries]( [Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision]( [Akamai Announces Content Protector to Stop Scraping Attacks]( [IONIX ​​Completes $42M Financing Round to Expand Threat Exposure Management Across the Entire Attack Surface]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [macOS Malware Campaign Showcases Novel Delivery Technique]( Threat actor behind the Activator macOS backdoor is using pirated apps to distribute the malware in what could be a botnet-building operation. LATEST FROM THE EDGE [Name That Edge Toon: The Great Escape]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem]( With prompt injection, AI puts new spin on an old security problem LATEST FROM DR GLOBAL [UAE Cybersecurity Official Warns of VPN Abuse]( More than 6 million VPNs are now deployed on devices in the United Arab Emirates. WEBINARS - [Securing the Software Development Life Cycle from Start to Finish]( - [API Security: Protecting Your Application's Attack Surface]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [SANS ICS/OT Cybersecurity Survey: 2023's Challenges and Tomorrow's Defenses]( - [Pixelle's OT Security Triumph with Security Inspection]( - [The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security]( - [2023 Snyk AI-Generated Code Security Report]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [2023 Software Supply Chain Attack Report]( - [Understanding AI Models to Future-Proof Your AppSec Program]( [View More White Papers >>]( FEATURED REPORTS - [The State of Supply Chain Threats]( - [How to Deploy Zero Trust for Remote Workforce Security]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121109&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_02.08.24&sp_cid=51868&utm_content=DR_NL_Dark%20Reading%20Weekly_02.08.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#15 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)