A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware. [TechWeb]( Follow Dark Reading:
[RSS](
February 29, 2024 LATEST SECURITY NEWS & COMMENTARY [Cyberattackers Lure EU Diplomats With Wine-Tasting Offers](
A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware.
['Savvy Seahorse' Hackers Debut Novel DNS CNAME Trick](
Petty scammers have figured out how to leverage a core function of DNS in order to maintain scalable, stealthy, pliable malicious infrastructure.
['Voltzite' Zaps African Utilities as Part of Volt Typhoon's Onslaught](
The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa.
[eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation](
Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor.
[LockBit's Leak Site Reemerges, a Week After 'Complete Compromise'](
Is LockBit dead? Law enforcement and the group itself seem to be telling conflicting stories.
[iSoon's Secret APT Status Exposes China's Foreign Hacking Machinations](
Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest.
[Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft](
Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.
[NIST Releases Cybersecurity Framework 2.0](
New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.
[China Launches New Cyber-Defense Plan for Industrial Networks](
Government will provide additional cybersecurity training and recruit additional cybersecurity talent in an effort to better secure its industrial sector from attacks.
[U-Haul Reports 67K Customers Impacted by Data Breach](
In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach.
[Orgs Face Major SEC Penalties for Failing to Disclose Breaches](
In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules.
[What Companies & CISOs Should Know About Rising Legal Threats](
Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.
[Converging State Privacy Laws and the Emerging AI Challenge](
It's time for companies to look at what they're processing, what types of risk they have, and how they plan to mitigate that risk.
[The Next Gen of Cybersecurity Could Be Hiding in Big Tech](
Public-private partnerships, increasing cybersecurity budgets for public organizations, and retraining existing tech talent to make the jump to cyber will help ease the staffing crunch.
[4 Key Steps to Reevaluate Your Cybersecurity Priorities](
Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Name That Toon: Keys to the Kingdom]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
[Fostering Collaboration for Standardized Threat Investigation & Response]( Working together can bring much-needed trust to the industry and help safeguard people, organizations, and government â now and in the future.
[4 Ways Organizations Can Drive Demand for Software Security Training]( Developer-driven security programs place the development team at the center of reducing vulnerabilities. [MORE]( PRODUCTS & RELEASES [Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023]( [Fortress Information Security Deploys Automated Patch Notification and Authenticity Tool]( [Pentera Launches Global Partner Program to Accelerate Growing Channel]( [Delinea to Acquire Fastpath to Revolutionize Privileged Access and Identity Governance]( [Beyond Identity Introduces Device360 for Security Risk Visibility Across All Devices]( [Palo Alto Networks Launches Cortex Platform Offer]( [Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows]( [Optiv Accepting Applications for $10K Scholarship](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware](
Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers. LATEST FROM THE EDGE [10 Security Metrics Categories CISOs Should Present to the Board](
Boards of directors don't care about a security program's minute technical details. They want to see how key performance indicators are tracked and use LATEST FROM DR TECHNOLOGY [AI-Generated Patches Could Ease Developer, Operations Workload](
Using information from a common technique for finding vulnerabilities, Google's Gemini LLM can produce patches for 15% of such bugs. And it's not the only way to help automate bug fixing. LATEST FROM DR GLOBAL [Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East & Africa](
Experts advise organizations in the region to refuse to pay ransom demands. WEBINARS - [Building a Modern Endpoint Strategy for 2024 and Beyond](
- [Making Sense of Security Operations Data]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions](
- [Causes and Consequences of IT and OT Convergence](
- [Incident Response Planning Guide](
- [Endpoint Best Practices to Block Ransomware](
- [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions](
- [Migrations Playbook for Saving Money with Snyk + AWS](
- [2023 Software Supply Chain Attack Report]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [Zero-Trust Adoption Driven by Data Protection](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Weekly
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121742&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_02.29.24&sp_cid=52262&utm_content=DR_NL_Dark%20Reading%20Weekly_02.29.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#d4
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)