Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base

The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January. [TechWeb]( Follow Dark Reading: [RSS]( March 11, 2024 LATEST SECURITY NEWS & COMMENTARY [Russia-Sponsored Cyberattackers Infiltrate Microsoft's Code Base]( The Midnight Blizzard APT is mounting a sustained, focused cyber campaign against the computing kahuna, using secrets it stole from emails back in January. [Japan Blames North Korea for PyPI Supply Chain Cyberattack]( Open source software ecosystem compromise leaves developers in Asia and around the globe at risk. [CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps]( Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. [Broke Cyber Pros Flock to Cybercrime Side Hustles]( Burned-out cybersecurity professionals dealing with layoffs and stressful working conditions are increasingly finding a better way to earn a buck: cybercrime. [Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory]( The proof-of-concept exploits for Atlassian Confluence would enable arbitrary code execution without requiring file system access. [Google Engineer Steals AI Trade Secrets for Chinese Companies]( Chinese national Linwei Ding is accused of pilfering more than 500 files containing Google IP while affiliating with two China-based startups at the same time. [The Ongoing Struggle to Protect PLCs]( A decade after Stuxnet, vulnerabilities in OT systems and programmable logic controllers remain exposed. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How CISA Fights Cyber Threats During Election Primary Season]( Election cyber threats come from various places, including compromised voting machines, AI deepfakes, and potential physical harm to workers. But CISA has been working diligently with various public and private partners to stymie the risk. [Don't Give Your Business Data to AI Companies]( Handing over your business data to artificial intelligence companies comes with inherent risks. [Cyber Insurance Strategy Requires CISO-CFO Collaboration]( Cyber-risk quantification brings together the CISO's technical expertise and the CFO's focus on financial impact to develop a stronger and better understanding of what's at stake. ['The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs]( USBs are fetch again, as major APTs from Russia, China, and beyond are turning to them for BYOD cyberattacks. [MORE]( PRODUCTS & RELEASES [Silence Laboratories Raises $4.1M Funding to Enable Privacy Preserving Collaborative Computing]( [Bipartisan Members of Congress Introduce Enhanced Cybersecurity for SNAP Act to Secure Food Benefits Against Hackers and Thieves]( [Veeam Launches Veeam Data Cloud]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive]( Just one day after disclosure, adversaries began targeting the vulnerabilities to take complete control of affected instances of the popular developer platform. LATEST FROM THE EDGE [Creating Security Through Randomness]( How lava lamps, pendulums, and suspended rainbows keep the Internet safe. LATEST FROM DR TECHNOLOGY [How to Ensure Open Source Packages Are Not Landmines]( CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring malicious software components into code. LATEST FROM DR GLOBAL [South Korean Police Deploy Deepfake Detection Tool in Run-up to Elections]( The nation's battle with political deepfakes may be a harbinger for what's to come in elections around the world this year. WEBINARS - [The Anatomy of a Ransomware Attack, Revealed]( - [Building a Modern Endpoint Strategy for 2024 and Beyond]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Collective defense is more important than ever--is your workforce ready?]( - [Understanding Today's Threat Actors]( - [Causes and Consequences of IT and OT Convergence]( - [Stopping Active Adversaries: Lessons from the Cyber Frontline]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( - [2023 Work-from-Anywhere Global Study]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121982&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.11.24&sp_cid=52436&utm_content=DR_NL_Dark%20Reading%20Daily_03.11.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#e0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)