CISO Corner: CIO Convergence, 10 Critical Security Metrics & Ivanti Fallout

Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus. [TechWeb]( Follow Dark Reading: [RSS]( February 20, 2024 LATEST SECURITY NEWS & COMMENTARY [CISO Corner: CIO Convergence, 10 Critical Security Metrics & Ivanti Fallout]( Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus. [Russian APT 'Winter Vivern' Targets European Government, Military]( TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor. [NSO Group Adds 'MMS Fingerprinting' Zero-Click Attack to Spyware Arsenal]( The purveyor of the infamous Pegasus mobile spyware now has a new method for obtaining critical information from target iPhones and other mobile devices. [Major Tech Firms Develop 'Tech Accord' to Combat AI Deepfakes]( The accord covers initiatives to create more transparency regarding what tech firms like Meta, Microsoft, Google, TikTok, and OpenAI are doing to combat malicious AI, especially around elections. [Iran Warship Aiding Houthi Pirates Hacked by US]( US reportedly launched a cyberattack against an Iranian military ship suspected of helping Houthi rebel pirates menacing shipping traffic in the Red Sea. [Q&A: The Cybersecurity Training Gap in Industrial Networks]( Cyberattacks and threats increasingly are honed in on ICS/OT networks, but security training for operators of these critical infrastructure environments is perilously scarce. [Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP]( One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure. [Name That Toon: Keys to the Kingdom]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [iOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps]( Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan. [Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug]( Microsoft has observed signs of active exploits targeting CVE-2024-21410. [Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks]( It's not theoretical anymore: the world's major powers are working with large language models to enhance their offensive cyber operations. [Cybersecurity's Transformative Shift]( The industry is evolving from one of conventional threat detection toward a strategy that emphasizes context and preempts user behavior. [CISO and CIO Convergence: Ready or Not, Here It Comes]( Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation. [MORE]( PRODUCTS & RELEASES [Demand for 'Secure by Design' Product Growing, Creating Opportunity for Software Security Specialization]( [Vade Releases 2023 Phishers' Favorites Report]( [Strata Identity Reins in Global Access and Compliance Challenges With Cross-Border Orchestration Recipes]( [Quorum Cyber Joins Elite Microsoft FastTrack-Ready Partner Group]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity]( "Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa. LATEST FROM THE EDGE [Enterprises Worry End Users Will Be the Cause of Next Major Breach]( Respondents to Dark Reading's Strategic Security Survey believe the primary cause of their organizations' next major data breach will involve social engineering, negligent users, and insecure remote workers. LATEST FROM DR TECHNOLOGY [What Using Security to Regulate AI Chips Could Look Like]( An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence. LATEST FROM DR GLOBAL [Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs]( A spate of recent cyber-espionage attacks showcases Turla's brand-new modular custom malware, and an expansion of the state-sponsored group's scope of targets. WEBINARS - [Your Everywhere Security Guide: 4 Steps to Stop Cyberattacks]( - [Making Sense of Security Operations Data]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Understanding Today's Threat Actors]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Strengthen Microsoft Defender with MDR]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [2023 Snyk AI-Generated Code Security Report]( [View More White Papers >>]( FEATURED REPORTS - [How Enterprises Assess Their Cyber-Risk]( - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [The State of Supply Chain Threats]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121401&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.20.24&sp_cid=52060&utm_content=DR_NL_Dark%20Reading%20Daily_02.20.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#b9 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)