Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps. [TechWeb]( Follow Dark Reading:
[RSS](
February 22, 2024 LATEST SECURITY NEWS & COMMENTARY [Misconfigured Custom Salesforce Apps Expose Corporate Data](
Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.
[El Al Flight Crew Suffers Midflight Communication Disruption](
Though the incident took place over a known Houthi area, some say this incident was at the hands of a Somali group, based on frequent communication disruptions in the country.
[Iran Warship Aiding Houthi Pirates Hacked by US](
US reportedly launched a cyberattack against an Iranian military ship suspected of helping Houthi rebel pirates menacing shipping traffic in the Red Sea.
[Critical ConnectWise RMM Bug Poised for Exploitation Avalanche](
Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation â and researchers warn it could get ugly, fast.
['KeyTrap' DNS Bug Threatens Widespread Internet Outages](
Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
[CISO Corner: CIO Convergence, 10 Critical Security Metrics & Ivanti Fallout](
Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus.
[Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity](
"Voltzite," the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa.
[Google's Cloud Run Service Spreads Several Bank Trojans](
A surging bank malware campaign abuses Google Cloud Run and targets Latin America, with indications that it's hitting other regions as well, researchers warn.
[iOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps](
Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan.
[Cybersecurity's Transformative Shift](
The industry is evolving from one of conventional threat detection toward a strategy that emphasizes context and preempts user behavior.
[How CISOs Balance Business Growth, Security in Cyber-Threat Landscape](
Collaboration, care, and proactive planning need to be part of CISO toolboxes as worsening threat environments become the new normal. CISOs need to adjust processes so business innovation can continue.
[Cyber Insurance Needs to Evolve to Ensure Greater Benefit](
A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios.
[Name That Toon: Keys to the Kingdom](
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
['VoltSchemer' Hack Allows Wireless Charger Takeovers](
Researchers tested their theory on nine chargers, each different and available to consumers, and found them all vulnerable to their attacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [CISO and CIO Convergence: Ready or Not, Here It Comes]( Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation.
[4 Key Steps to Reevaluate Your Cybersecurity Priorities]( Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy.
[Like Seat Belts and Airbags, 2FA Must Be Mandatory ASAP]( One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure.
[We're at a Pivotal Moment for AI and Cybersecurity]( But generative AI's ability to strengthen security and fortify defenses can keep bad actors in check. [MORE]( PRODUCTS & RELEASES [Vade Releases 2023 Phishers' Favorites Report]( [Strata Identity Reins in Global Access and Compliance Challenges With Cross-Border Orchestration Recipes]( [Quorum Cyber Joins Elite Microsoft FastTrack-Ready Partner Group]( [LightEdge Releases Next-Gen Suite of Cloud Security & Managed Services]( [Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID]( [Perforce to Acquire Delphix, Adding Enterprise Data Management Software to its DevOps Portfolio]( [Demand for 'Secure by Design' Product Growing, Creating Opportunity for Software Security Specialization]( [Cobalt's New Report Uncovers a Big Shift in Cybersecurity Strategy]( [Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug](
Microsoft has observed signs of active exploits targeting CVE-2024-21410. LATEST FROM THE EDGE [Library Cyber Defenses Are Falling Down](
Librarians are being asked to defend themselves online against sophisticated and complex attacks. It's an unequal fight. LATEST FROM DR TECHNOLOGY [What Using Security to Regulate AI Chips Could Look Like](
An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence. LATEST FROM DR GLOBAL [Q&A: The Cybersecurity Training Gap in Industrial Networks](
Cyberattacks and threats increasingly are honed in on ICS/OT networks, but security training for operators of these critical infrastructure environments is perilously scarce. WEBINARS - [Securing the Software Development Life Cycle from Start to Finish](
- [API Security: Protecting Your Application's Attack Surface]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Solution Guide to Operational Technology Cybersecurity](
- [Demystifying Zero Trust in OT](
- [Secure Access for Operational Technology at Scale](
- [Stopping Active Adversaries: Lessons from the Cyber Frontline](
- [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE](
- [Global Perspectives on Threat Intelligence](
- [2023 Snyk AI-Generated Code Security Report]( [View More White Papers >>]( FEATURED REPORTS - [Zero-Trust Adoption Driven by Data Protection](
- [The State of Supply Chain Threats](
- [How to Deploy Zero Trust for Remote Workforce Security]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121490&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_02.22.24&sp_cid=52112&utm_content=DR_NL_Dark%20Reading%20Weekly_02.22.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#2a
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)