eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation

Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor. [TechWeb]( Follow Dark Reading: [RSS]( February 28, 2024 LATEST SECURITY NEWS & COMMENTARY [eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation]( Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor. [Russia's 'Midnight Blizzard' Targets Service Accounts for Initial Cloud Access]( CISA and its counterparts in the UK and other countries this week offered new guidance on how to deal with the threat actor's recent shift to cloud attacks. [Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom]( Apple's PQ3 for securing iMessage and Signal's PQXH show how organizations are preparing for a future in which encryption protocols must be exponentially harder to crack. [U-Haul Reports 67K Customers Impacted by Data Breach]( In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach. [Mexico's 'Timbre Stealer' Campaign Targets Manufacturing]( A new infostealer spreading to organizations across Mexico heralds 2024's fresh season of tax-themed phishing attacks. [What Companies & CISOs Should Know About Rising Legal Threats]( Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession. [(Sponsored Article) Defending Against Cyber Threats in the Age of AI]( Changing threat landscapes and artificial intelligence's evolving role in cyber defense have important lessons for defending against attacks. [4 Ways Organizations Can Drive Demand for Software Security Training]( Developer-driven security programs place the development team at the center of reducing vulnerabilities. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [LockBit's Leak Site Reemerges, a Week After 'Complete Compromise']( Is LockBit dead? Law enforcement and the group itself seem to be telling conflicting stories. [The Next Gen of Cybersecurity Could Be Hiding in Big Tech]( Public-private partnerships, increasing cybersecurity budgets for public organizations, and retraining existing tech talent to make the jump to cyber will help ease the staffing crunch. [White House Urges Switching to Memory Safe Languages]( The Office of the National Cyber Director technical report focuses on reducing memory-safety vulnerabilities in applications and making it harder for malicious actors to exploit them. [MORE]( PRODUCTS & RELEASES [Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023]( [Delinea to Acquire Fastpath to Revolutionize Privileged Access and Identity Governance]( [Optiv Accepting Applications for $10K Scholarship]( [Palo Alto Networks Launches Cortex Platform Offer]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [NIST Releases Cybersecurity Framework 2.0]( New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity. LATEST FROM THE EDGE [Redesigning the Network to Fend Off Living-Off-the-Land Tactics]( The growing threat of living-off-the-land tactics requires a rethink of network traffic visibility to prevent these types of attacks. LATEST FROM DR TECHNOLOGY [Insurers Use Claims Data to Recommend Cybersecurity Technologies]( Policy holders using certain technologies — such as managed detection and response (MDR) services, Google Workspace, and email security gateways — gain premium discounts from cyber insurers. LATEST FROM DR GLOBAL ['Illusive' Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms]( UNC1549, aka Smoke Sandstorm and Tortoiseshell, appears to be the culprit behind a cyberattack campaign customized for each targeted organization. WEBINARS - [Unleash the Power of Gen AI for Application Development, Securely]( - [Unbiased Testing. Unbeatable Results]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [Demystifying Zero Trust in OT]( - [Zero Trust Access For Dummies, 2nd Fortinet Special Edition]( - [Threat Intelligence: Data, People and Processes]( - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Migrations Playbook for Saving Money with Snyk + AWS]( - [2023 Software Supply Chain Attack Report]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121681&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.28.24&sp_cid=52228&utm_content=DR_NL_Dark%20Reading%20Daily_02.28.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#eb If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)