iSoon's Secret APT Status Exposes China's Foreign Hacking Machinations

Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest. [TechWeb]( Follow Dark Reading: [RSS]( February 23, 2024 LATEST SECURITY NEWS & COMMENTARY [iSoon's Secret APT Status Exposes China's Foreign Hacking Machinations]( Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest. [Pharmacy Delays Across US Blamed on Nation-State Hackers]( Healthcare tech provider Change Healthcare says a suspected nation-state threat actor breached its systems, causing pharmacy transaction delays nationwide. [Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit]( The most prolific ransomware group in recent years was on the decline at the time of its takedown, security researchers say. [Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft]( Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem. [NSA Cybersecurity Director Rob Joyce to Retire]( His retirement will go into effect on March 31, concluding 34 years of service to the National Security Agency. [Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets]( The latest ploy by the APT also known as Charming Cypress targets policy experts in the Middle East, Europe, and the US. [4 Key Steps to Reevaluate Your Cybersecurity Priorities]( Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy. [(Sponsored Article) Transform Your Security Operations Center With AI]( Attackers aren't slowing down and are using new methods to infiltrate orgs. To limit their impact, automation in the SOC is more critical now than ever. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking]( Admins are urged to remove vSphere's vulnerable Enhanced Authentication Plug-in, which was discontinued nearly three years ago but is still widely in use. ['Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers]( More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase, portending fire and brimstone to come. [How CISOs Balance Business Growth, Security in Cyber-Threat Landscape]( Collaboration, care, and proactive planning need to be part of CISO toolboxes as worsening threat environments become the new normal. CISOs need to adjust processes so business innovation can continue. [MORE]( PRODUCTS & RELEASES [Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID]( [Vectra AI Launches Global, 24x7 Open MXDR Service Built to Defend Against Hybrid Attacks]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns]( [Perforce to Acquire Delphix, Adding Enterprise Data Management Software to its DevOps Portfolio]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Critical ConnectWise RMM Bug Poised for Exploitation Avalanche]( Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation — and researchers warn it could get ugly, fast. LATEST FROM THE EDGE [10 Security Metrics Categories CISOs Should Present to the Board]( Boards of directors don't care about a security program's minute technical details. They want to see how key performance indicators are tracked and used. LATEST FROM DR TECHNOLOGY [Insurers Use Claims Data to Recommend Cybersecurity Technologies]( Policy holders using certain technologies — such as managed detection and response (MDR) services, Google Workspace, and email security gateways — gain premium discounts from cyber insurers. LATEST FROM DR GLOBAL [Russian Cyberattackers Launch Multiphase PsyOps Campaign]( Operation Texonto spanned several months, using various Russian propaganda lures and spear-phishing to misinform and trick users into giving up Microsoft 365 credentials. WEBINARS - [Building a Modern Endpoint Strategy for 2024 and Beyond]( - [Securing the Software Development Life Cycle from Start to Finish]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Understanding Today's Threat Actors]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Secure Access for Operational Technology at Scale]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [Threat Intelligence: Data, People and Processes]( - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121559&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.23.24&sp_cid=52145&utm_content=DR_NL_Dark%20Reading%20Daily_02.23.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#8b If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)