Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity

"Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa. [TechWeb]( Follow Dark Reading: [RSS]( February 16, 2024 LATEST SECURITY NEWS & COMMENTARY [Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity]( "Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa. [Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug]( Microsoft has observed signs of active exploits targeting CVE-2024-2140. [iOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps]( Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan. [Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs]( A spate of recent cyber-espionage attacks showcases Turla's brand-new modular custom malware, and an expansion of the state-sponsored group's scope of targets. [AWS SNS Hijackings Fuel Cloud Smishing Campaign]( Using a custom Python script to send bulk phishing messages with a USPS lure, the cyberattackers are posing a risk to consumer-facing organizations moving workloads to the cloud. [DoJ Breaks Russian Military Botnet in Fancy Bear Takedown]( The feds disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code. [Cybersecurity's Transformative Shift]( The industry is evolving from one of conventional threat detection toward a strategy that emphasizes context and preempts user behavior. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [We're at a Pivotal Moment for AI and Cybersecurity]( But generative AI's ability to strengthen security and fortify defenses can keep bad actors in check. [Prudential Files Voluntary Breach Notice With SEC]( The finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort. [Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs]( The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections. [CISO and CIO Convergence: Ready or Not, Here It Comes]( Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation. [MORE]( PRODUCTS & RELEASES [Critical Software Vulnerabilities Impacting Credit Unions Discovered by LMG Security Researcher]( [Surge in 'Hunter-Killer' Malware Uncovered by Picus Security]( [Cobalt's New Report Uncovers a Big Shift in Cybersecurity Strategy]( [Perforce to Acquire Delphix, Adding Enterprise Data Management Software to its DevOps Portfolio]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks]( It's not theoretical anymore: the world's major powers are working with large language models to enhance their offensive cyber operations. LATEST FROM THE EDGE [Why Demand for Tabletop Exercises Is Growing]( Tabletop exercises can be an effective and affordable way to test an organization's defense and response capabilities against cyberattack. LATEST FROM DR TECHNOLOGY [CISA HBOM Framework Doesn't Go Far Enough]( CISA's recently introduced framework for hardware bill of materials is an important step in addressing semiconductor risks. But further tracking beyond manufacturing is critical to its usefulness. LATEST FROM DR GLOBAL [Cyberattack Disrupts German Battery-Production Lines]( It's unclear what kind of cyberattack VARTA AG is facing, but it has shut down its systems until it can become operational again. WEBINARS - [Unbiased Testing. Unbeatable Results]( - [API Security: Protecting Your Application's Attack Surface]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Understanding Today's Threat Actors]( - [Secure Access for Operational Technology at Scale]( - [Strengthen Microsoft Defender with MDR]( - [Incident Response Planning Guide]( - [Threat Intelligence: Data, People and Processes]( - [Mandiant Threat Intelligence at Penn State Health]( - [2023 Snyk AI-Generated Code Security Report]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [How Enterprises Assess Their Cyber-Risk]( - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121327&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.16.24&sp_cid=52000&utm_content=DR_NL_Dark%20Reading%20Daily_02.16.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#17 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)