Attackers Planted Millions of Imageless Repositories on Docker Hub

The purported metadata for each these containers had embedded links to malicious files.

Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident

London Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again.

To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware

USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.

Wireless Carriers Face $200M FCC Fine As Data Privacy Waters Roil

Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data to third parties.

R Programming Bug Exposes Orgs to Vast Supply Chain Risk

The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.

13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers

Tracking code used for keeping tabs on how members navigated through the healthcare giant's online and mobile sites was oversharing a concerning amount of information.

'Muddling Meerkat' Poses Nation-State DNS Mystery

Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.

How to Red Team GenAI: Challenges, Best Practices, and Learnings

Red teaming is a crucial part of proactive GenAI security that helps map and measure AI risks.

Palo Alto Updates Remediation for Max-Critical Firewall Bug

Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.

CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.

The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains

Hackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect.

Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries

Mobile malware-as-a-service operators are upping their game by automatically churning out hundreds of unique samples on a whim.

Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare

Cyberattacks on logistics are becoming increasingly common, and the potential impact is enormous.

Attacker Social-Engineered Backdoor Code Into XZ Utils

Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.

Lights On in Leicester: Streetlights in Disarray After Cyberattack

The city is stymied in efforts to pinpoint the issue since its IT systems were shut down in the wake of the cyberattack.

5 Hard Truths About the State of Cloud Security 2024

Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update

The company reports most systems are functioning again but that analysis of the data affected will take months to complete.

ToddyCat APT Is Stealing Data on 'Industrial Scale'

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar

An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims' Microsoft credentials.

MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs

The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.

Zero-Trust Takes Over: 63% of Orgs Implementing Globally

Though organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner.

Where Hackers Find Your Weak Spots

The five intelligence sources that power social engineering scams.

FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat

Chinese actors are ready and poised to do "devastating" damage to key US infrastructure services if needed, he said.

Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam

CryptoChameleon attackers trade quantity for quality, dedicating time and resources to trick even the most diligent user into handing over their high-value credentials.

Rethinking How You Work With Detection and Response Metrics

Airbnb's Allyn Stott recommends adding the Human Maturity Model (HMM) and the SABRE framework to complement MITRE ATT&CK to improve security metrics analysis.

Russian APT Group Thwarted in Attack on US Automotive Manufacturer

The group gained access to the victim network by duping IT employees with high administrative-access privileges.

Dangerous ICS Malware Targets Orgs in Russia and Ukraine

"Kapeka" and "Fuxnext" are the latest examples of malware to emerge from the long-standing conflict between the two countries.

Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns

Once attackers have control over a workload in the cluster, they can leverage access for lateral movement both inside the cluster and to external resources.

Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities

Users will need to download the latest version of Ivanti's Avalanche to apply fixes for all of the bugs.

Enterprise Endpoints Aren't Ready for AI

Enterprises need to think about the impact on security budgets and resources as they adopt new AI-based applications.

Global Cybercriminal Duo Face Imprisonment After Hive RAT Scheme

The two allegedly sold the Trojan on Hack Forums, allowing other threat actors to gain unauthorized control, disable programs, browse files, record keystrokes, and steal credentials.

Name That Toon: Last Line of Defense

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Defense Award Launches Purdue Project to Strengthen Cyber-Physical Systems

Roku Mandates 2FA for Customers After Credential-Stuffing Compromise

Roku assures customers that no financial information was stolen and that any purchases made through user accounts have been reimbursed.

Palo Alto Network Issues Hotfixes for Zero-Day Bug in Its Firewall OS

A sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions.

Iran-Backed Hackers Blast Out Threatening Texts to Israelis

Handala threat group claims to have hacked radar systems in Israel as tensions rise between the two nations.

Microsoft Wants You to Watch What It Says, Not What It Does

The responsibility to hold Microsoft accountable for abiding by its self-proclaimed principles shouldn't fall to customers and competition authorities.

CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.

CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits

Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.

The Race for AI-Powered Security Platforms Heats Up

Microsoft, Google, and Simbian each offer generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.

DPRK Exploits 2 New MITRE Techniques: Phantom DLL Hijacking, TCC Abuse

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

Apple Warns Users in 150 Countries of Mercenary Spyware Attacks

In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.

Selecting the Right Authentication Protocol for Your Business

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

TA547 Uses an LLM-Generated Dropper to Infect German Orgs

It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.

Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners

Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang.

LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities

Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.

Proper DDoS Protection Requires Both Detective and Preventive Controls

DDoS attacks still plague the enterprise, but adding preventive measures can reduce their impact.

Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply

We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now.

Software-Defined Vehicle Fleets Face a Twisty Road on Cybersecurity

As manufacturers sprint to add software-defined features for vehicles, the ability for third-party maintenance and repair falls behind, leaving businesses with few choices to manage their cybersecurity.

StrikeReady Raises $12M for AI Security Command Platform

The Fight for Cybersecurity Awareness

Investing in cybersecurity skills creates a safer digital world for everyone.

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms

An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.

Panera Bread Fuels Ransomware Suspicions With Silence

The restaurant chain hasn't provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers.

CISO Corner: Ivanti's Mea Culpa; World Cup Hack; CISOs & Cyber Awareness

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes.

How Do We Integrate LLMs Security Into Application Development?

Large language models require rethinking how to bake security into the software development process earlier.

Magecart Attackers Pioneer Persistent E-Commerce Backdoor

The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.

Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

So far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products.

Malicious Latrodectus Downloader Picks Up Where QBot Left Off

Initial access brokers are using the new downloader malware, which emerged just after QBot's 2023 disruption.

Action1 Unveils 'School Defense' Program To Help Small Educational Institutions Thwart Cyberattacks

Thousands of Australian Businesses Targeted With 'Reliable' Agent Tesla RAT

Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware.

How Soccer's 2022 World Cup in Qatar Was Nearly Hacked

A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.

Oil & Gas Sector Falls for Fake Car Accident Phishing Emails

Effective Rhadamanthys phishing campaign spoofs nonexistent "Federal Bureau of Transportation" to compromise recipients, analysts discover.

Omni Hotel IT Outage Disrupts Reservations, Digital Key Systems

Guests affected by the companywide disruption vented their frustrations on social media.

The Biggest Mistake Security Teams Make When Buying Tools

Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish.

NIST Wants Help Digging Out of Its NVD Backlog

The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward.

HHS Plans for Cyber 'One-Stop Shop' After United Healthcare Attack

The initiative is meant to provide more resources and better strategies for healthcare entities that face an increasing amount of cybersecurity challenges.

Iran's Evolving Cyber-Enabled Influence Operations to Support Hamas

Understanding Iran's techniques, coupled with comprehensive threat intel, can give organizations an edge in identifying and defending against these attacks.

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature.

Cybercriminals Weigh Options for Using LLMs: Buy, Build, or Break?

While some cybercriminals have bypassed guardrails to force legitimate AI models to turn bad, building their own malicious chatbot platforms and making use of open source models are a greater threat.

Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings

UK regulator said that one of the world's most toxic sites accumulated cybersecurity "offenses" from 2019 to 2023.

AT&T Confirms 73M Customers Affected in Data Leak

AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine.

Name That Edge Toon: Defying Gravity

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Collaboration Needed to Fight Ransomware

A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs.