Tag: darkreading

Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads. Elizabeth Montalbano, Contributing…

Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Active Directory Recovery Can’t Be an Afterthought Active Directory is one of the most vulnerable access points in an organization’s IT environment. Companies cannot wait for a real attack to pressure-test their AD recovery strategy. Dan Conrad Go to gbhackers.com

Accounting Firms Can’t Skimp on Cybersecurity Cybercriminals capitalize on tax preparation stress, technology sprawl, and lax communications. Accounting teams can’t afford to treat cybersecurity as an afterthought. Joan Goodchild Go to gbhackers.com

Max Severity Bug in Apache Roller Enabled Persistent Access The remediated flaw gave adversaries a way to maintain access to the app through password resets. Jai Vijayan, Contributing Writer Go to gbhackers.com

With AI’s Help, Bad Bots Are Taking Over the Web Bad bots are becoming increasingly difficult to detect as they more easily mimic human behaviors and utilize evasion techniques, researchers say. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Hertz Falls Victim to Cleo Zero-Day Attacks Customer data such as birth dates, credit card numbers and driver’s license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats Russia-backed APT29’s latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages — errr, victims — and delivers a novel backdoor, GrapeLoader. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Are We Prioritizing the Wrong Security Metrics? True security isn’t about meeting deadlines — it’s about mitigating risk in a way that aligns with business objectives while protecting against real-world threats. Swati Babbar Go to gbhackers.com

China-Backed Threat Actor ‘UNC5174’ Using Open Source Tools in Stealthy Attacks Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

AI Code Tools Widely Hallucinate Packages The hallucination problem is not just pervasive, it is persistent as well, according to new research. Jai Vijayan, Contributing Writer Go to gbhackers.com

Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts Prodaft is currently buying accounts from five Dark Web forums and offers to pay extra for administrator or moderator accounts. The idea is to infiltrate forums to boost its threat intelligence. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all. Becky Bracken, Senior Editor, Dark Reading…

A New ‘It RAT’: Stealthy ‘Resolver’ Malware Burrows In A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it’s downright difficult to count them all. Nate Nelson, Contributing Writer Go to gbhackers.com

7 RSAC 2025 Cloud Security Sessions You Don’t Want to Miss Some of the brightest minds in the industry will discuss how to strengthen cloud security. Snir Ben Shimol Go to gbhackers.com

How DigitalOcean Moved Away From Manual Identity Management DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions which had been previously handled manually. Mercedes Cardona Go to gbhackers.com

Morocco Investigates Social Security Agency Data Leak A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Pall Mall Process Progresses but Leads to More Questions Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out. Arielle Waldman Go to gbhackers.com

Paper Werewolf Threat Actor Targets Flash Drives With New Malware The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches. Robert Lemos, Contributing Writer Go to gbhackers.com

Using Third-Party ID Providers Without Losing Zero Trust With $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating. Stephanie Domas Go to gbhackers.com

Organizations Lack Incident Response Plans, But Answers Are on the Way Developing strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them. Arielle Waldman Go to gbhackers.com

11 Bugs Found in Perplexity AI’s Chatbot Android App Researchers characterize the company’s artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek. Nate Nelson, Contributing Writer Go to gbhackers.com

Zero-Day in CentreStack File Sharing Platform Under Attack Gladinet’s platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy. Rob Wright Go to gbhackers.com

AuthZEN Aims to Harmonize Fractured Authorization Controls Managing permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that. Robert Lemos, Contributing Writer Go to gbhackers.com

Ping Identity Doubles Down on Partner Strategy with New Partner Program and Advisory Board Go to gbhackers.com

Digital Asset Management Platform Liminal Raises $4.7M Funding Led by Elevation Capital Go to gbhackers.com

Trump’s DoJ Targets Krebs, Revokes SentinelOne Security Clearance An executive order is targeting former Trump appointees, including former CISA director Chris Krebs and his current coworkers, in the latest in a series of directives against those who dissented against the president and his associates. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

What Should the US Do About Salt Typhoon? Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Open Source Poisoned Patches Infect Local Software Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering “patches” for locally installed programs. Nate Nelson, Contributing Writer Go to gbhackers.com

Why Data Privacy Isn’t the Same as Data Security Failing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight. Chris Borkenhagen Go to gbhackers.com

Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives Darktrace researchers detailed “spam bombing,” a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Google Merges Security Offerings Into a Cohesive Suite Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference. Agam Shah Go to gbhackers.com

Advanced Preparation Was Key to a Secure Paris Olympics The security teams associated with the 2024 Olympic Games in Paris focused on in-depth penetration testing, crisis management exercises, and collaboration to defend against potential cyberattacks. Richard Thurston Go to gbhackers.com

US Comptroller Cyber ‘Incident’ Compromises Org’s Emails A review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a “major cyber incident.” Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Tariffs May Prompt Increase in Global Cyberattacks Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity. Robert Lemos, Contributing Writer Go to gbhackers.com

China-Linked Hackers Continue Harassing Ethnic Groups With Spyware Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Using Post-Quantum Planning to Improve Security Hygiene With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future. Murali Palanisamy Go to gbhackers.com

Microsoft Drops Another Massive Patch Update A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries. Jai Vijayan, Contributing Writer Go to gbhackers.com

UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI’s ability to supercharge attacks. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

2 Android Zero-Day Bugs Under Active Exploit Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Experts Optimistic about Secure by Design Progress Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? Security experts Chris Wysopal and Jason Healey say things are improving for the better. Arielle Waldman Go to gbhackers.com

Palo Alto Networks Begins Unified Security Rollout Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation. Jeffrey Schwartz Go to gbhackers.com

ToddyCat APT Targets ESET Bug to Load Silent Malware Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems. Jai Vijayan, Contributing Writer Go to gbhackers.com

NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD). Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Autonomous, GenAI-Driven Attacker Platform Enters the Chat “Xanthorox AI” provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Intergenerational Mentoring: Key to Cybersecurity’s AI Future As threats evolve and technology changes, our ability to work together across generations will determine our success. Han Cho Go to gbhackers.com

RSAC Unveils Keynote Speaker Slate for RSAC (TM) 2025 Conference Go to gbhackers.com

Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder New end-to-end Gmail encryption alone isn’t secure enough for an enterprise’s most sensitive and prized data, experts say. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

CISA Warns: Old DNS Trick ‘Fast Flux’ Is Still Thriving An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025? Nate Nelson, Contributing Writer Go to gbhackers.com

Minnesota Tribe Struggles After Ransomware Attack Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Medusa Rides Momentum From Ransomware-as-a-Service Pivot Shifting to a RaaS business model has accelerated the group’s growth, and targeting critical industries like healthcare, legal, and manufacturing hasn’t hurt either. Robert Lemos, Contributing Writer Go to gbhackers.com

CISA Layoffs Are a Momentary Disruption, Not a Threat Layoffs may cause short-term disruptions, but they don’t represent a catastrophic loss of cybersecurity capability — because the true cyber operations never resided solely within CISA to begin with. John Spencer-Taylor Go to gbhackers.com

Secure Communications Evolve Beyond End-to-End Encryption Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private. Robert Lemos, Contributing Writer Go to gbhackers.com

China-Linked Threat Group Exploits Ivanti Bug The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution. Jai Vijayan, Contributing Writer Go to gbhackers.com

Counterfeit Phones Carrying Hidden Revamped Triada Malware The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support. Fahmida Y. Rashid Go to gbhackers.com

Social Engineering Just Got Smarter Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over. Steve Stasiukonis Go to gbhackers.com

Google Quick Share Bug Bypasses Allow Zero-Click File Transfer Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced “QuickShell” silent RCE attack chain against Windows users. Tara Seals, Managing Editor, News, Dark Reading Go to gbhackers.com

Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication. Nate Nelson, Contributing Writer Go to gbhackers.com

DPRK ‘IT Workers’ Pivot to Europe for Employment Scams By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

In Salt Typhoon’s Wake, Congress Mulls Potential Options While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

How an Interdiction Mindset Can Help Win War on Cyberattacks The US military and law enforcement learned to outthink insurgents. It’s time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework. Mike McNerney Go to gbhackers.com

Gootloader Malware Resurfaces in Google Ads for Legal Docs Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Malaysian Airport’s Cyber Disruption a Warning for Asia Transportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable to agile cyberattackers, as demonstrated by the $10 million ransomware attack. Robert Lemos, Contributing Writer Go to gbhackers.com

Google Brings End-to-End Encryption to Gmail The new Google Workspace features will make it easier for enterprise customers to implement end-to-end encryption within Gmail. Jeffrey Schwartz Go to gbhackers.com

Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities. Jai Vijayan, Contributing Writer Go to gbhackers.com

As CISA Downsizes, Where Can Enterprises Get Support? In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

FDA’s Critical Role in Keeping Medical Devices Secure The FDA’s regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered. Morey J. Haber Go to gbhackers.com

Google ‘ImageRunner’ Bug Enabled Privilege Escalation Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks A continuation of the North Korean nation-state threat’s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Oracle Cloud Users Urged to Take Action Although Oracle has denied its cloud infrastructure services were breached, security experts recommend Oracle customers independently verify if they were affected and take measures to reduce exposure to potential fallout. Jai Vijayan, Contributing Writer Go to gbhackers.com

CoffeeLoader Malware Is Stacked With Viscous Evasion Tricks Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

DoJ Seizes Over $8M from Sprawling Pig Butchering Scheme The department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

CISA Warns of Resurge Malware Connected to Ivanti Vuln Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Bridging the Gap Between the CISO & the Board of Directors Positioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite. Michael Fanning Go to gbhackers.com

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

GSA Plans FedRAMP Revamp The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy. Edge Editors Go to gbhackers.com

Evilginx Tool (Still) Bypasses MFA Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens. Rob Wright Go to gbhackers.com

Oracle Still Denies Breach as Researchers Persist Evidence suggests an attacker gained access to the company’s cloud infrastructure environment, but Oracle insists that didn’t happen. Jai Vijayan, Contributing Writer Go to gbhackers.com

Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market Go to gbhackers.com

Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations Go to gbhackers.com

SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks Go to gbhackers.com

Concord Orthopaedic Notifies Individuals of Security Incident Go to gbhackers.com

Malaysia PM Refuses to Pay $10M Ransomware Demand The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Navigating Cyber-Risks and New Defenses Digital transformation has revolutionized industries with critical infrastructure — but it has also introduced new vulnerabilities. Chris Novak Go to gbhackers.com

Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. Nate Nelson, Contributing Writer Go to gbhackers.com

Hoff’s Rule: People First Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture. Dark Reading Staff Go to gbhackers.com

DoJ Recovers $5M Lost in BEC Fraud Against Workers’ Union The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Fake DeepSeek Ads Spread Malware to Google Users Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers. Rob Wright Go to gbhackers.com

Security Expert Troy Hunt Lured in by Mailchimp Phish Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

High-Severity Cloud Security Alerts Tripled in 2024 Attackers aren’t just spending more time targeting the cloud — they’re ruthlessly stealing more sensitive data and accessing more critical systems than ever before. Nate Nelson, Contributing Writer Go to gbhackers.com

Cybersecurity Gaps Leave Doors Wide Open Attackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in. Jai Vijayan, Contributing Writer Go to gbhackers.com

Beyond STIX: Next-Level Cyber-Threat Intelligence While industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats. Ryan Hohimer, Jans Aasman Go to gbhackers.com

‘Lucid’ Phishing-as-a-Service Exploits Faults in iMessage, Android RCS Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols. Nate Nelson, Contributing Writer Go to gbhackers.com

New Testing Framework Helps Evaluate Sandboxes The Anti-Malware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats. Arielle Waldman Go to gbhackers.com