Prudential Files Voluntary Breach Notice With SEC | Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs

The finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort. [TechWeb]( Follow Dark Reading: [RSS]( February 15, 2024 LATEST SECURITY NEWS & COMMENTARY [Prudential Files Voluntary Breach Notice With SEC]( The finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort. [Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs]( The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections. [AWS SNS Compromises Fuel Cloud Smishing Campaign]( Using a custom Python script to send bulk phishing messages with a USPS lure, the cyberattackers are posing a risk to consumer-facing organizations moving workloads to the cloud. [Fortinet, Ivanti Keep Customers Busy With Yet More Critical Bugs]( Brand-new vulnerabilities from both vendors this week — one exploited in the wild — add to a steady stream of critical security issues in the security platforms. [Deepfake Democracy: AI Technology Complicates Election Security]( While cybersecurity risks to the democratic process have been pervasive for many years now, the prevalence of AI now represents new threats. [Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors]( The NFL's digitization of almost all aspects of the event means it has a lot more turf to protect for itself, and for the game's tens of millions of fans. ['Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps]( Brazil, the world's center for banking Trojan malware, has produced one of its most advanced tools yet. And as history shows, Coyote may soon expand its territory. [China Caught Dropping RAT Designed for FortiGate Devices]( Dutch military intelligence warns that new malware, called "Coathanger," was found in multiple FortiGate devices during an incident response, and that Chinese-state actors are using the persistent RAT for espionage. [CISO Corner: DoD Regs, Neurodiverse Talent & Tel Aviv's Light Rail]( Also in this issue: How the SEC's reporting rules are being weaponized, quishing attacks plaguing execs, and tabletop exercises making a comeback. [QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security]( The use of QR codes to deliver malicious payloads jumped in Q4 2023, especially against executives, who saw 42 times more QR code phishing than the average employee. [BumbleBee Malware Buzzes Back on the Scene After 4-Month Hiatus]( Cyberattacks targeting thousands of US organizations wields a new attack vector to deliver the versatile initial-access loader — and is a harbinger of a surge in threat activity. [United Nations Digging Into DPRK Crypto Cyberattacks Totaling $3B]( The UN is reportedly investigating dozens of crypto cyberattacks suspected to have earned the North Korean regime billions to fund its nuclear program. [BofA Warns Customers of Data Leak in Third-Party Breach]( An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers. [CISO and CIO Convergence: Ready or Not, Here It Comes]( Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation. [How 'Big 4' Nations' Cyber Capabilities Threaten the West]( Russia, China, Iran, and North Korea pose significant cyber threats to Western nations. [It's Time to Rethink Third-Party Risk Assessment]( Continuously evaluating and updating your third-party risk assessment can improve your security posture and ensure your company doesn't have the next headline-making incident. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [We're at a Pivotal Moment for AI and Cybersecurity]( But generative AI's ability to strengthen security and fortify defenses can keep bad actors in check. [How Hospitals Can Help Improve Medical Device Data Security]( To thwart cybercriminals, medical device manufacturers and hospitals must understand each other's roles and shared responsibilities in protecting health information. [5 AI Priorities to Stay Competitive]( In 2023, we learned just how big an impact AI will have on the world. What happens next? [MORE]( PRODUCTS & RELEASES [OpenText Joins the Joint Cyber Defense Collaborative to Enhance US Government Cybersecurity]( [ISC2 Collaborates With IBM to Launch Entry-Level Cybersecurity Certificate]( [BlackBerry Provides Update on Progress in Separation of Divisions and Path to Profitability]( [Akto Launches Proactive GenAI Security Testing Solution]( [CSC Partners With NetDiligence to Help Mitigate Cyber Risks]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks]( It's not theoretical anymore: the world's major powers are working with large language models to enhance their offensive cyber operations. LATEST FROM THE EDGE [Researchers Map AI Threat Landscape, Risks]( With the rush to adopt large language models, companies have not thought through all of the security implications to their businesses. Two groups of researchers tackle the questions. LATEST FROM DR TECHNOLOGY [10 Security Metrics Categories CISOs Should Present to the Board]( Boards of directors don't care about the minute technical details of the security program. They want to see how key performance indicators are tracked and utilized. LATEST FROM DR GLOBAL [Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?]( Hamas-linked threat actors have defied norms, with no discernible uptick in cyber operations prior to the group's attack in Israel — and a complete abandonment of them thereafter. WEBINARS - [How Supply Chain Attacks Work -- And How to Stop Them]( - [Building a Modern Endpoint Strategy for 2024 and Beyond]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Demystifying Zero Trust in OT]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [Threat Intelligence: Data, People and Processes]( - [2023 Snyk AI-Generated Code Security Report]( - [Buyer's Guide: Choosing a True DevSecOps Solution for Your Apps on AWS]( - [Understanding AI Models to Future-Proof Your AppSec Program]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121293&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_02.15.24&sp_cid=51987&utm_content=DR_NL_Dark%20Reading%20Weekly_02.15.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#4f If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)