Dangerous Google Chrome Zero-Day Allows Sandbox Escape (www.darkreading.com)
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (www.darkreading.com)
Chinese Hackers Deployed Backdoor Quintet to Down MITRE (www.darkreading.com)
Citrix Addresses High-Severity NetScaler Servers Flaw (www.darkreading.com)
Amnesty International Cites Indonesia as a Spyware Hub (www.darkreading.com)
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft (www.darkreading.com)
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (www.darkreading.com)
'Cuttlefish' Zero-Click Malware Steals Private Cloud Data (www.darkreading.com)
Iran Dupes US Military Contractors, Gov't Agencies in Cyber Campaign (www.darkreading.com)
North Korea APT Triumvirate Spied on South Korean Defense Industry For Years (www.darkreading.com)
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar (www.darkreading.com)
ToddyCat APT Is Stealing Data on 'Industrial Scale' (www.darkreading.com)
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (www.darkreading.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (www.darkreading.com)
Nigeria & Romania Ranked Among Top Cybercrime Havens (www.darkreading.com)
A survey of cybercrime experts assessing the top cybercrime-producing nations results in some expected leaders — Russia, Ukraine, and China — but also some surprises.
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (www.darkreading.com)
Iran-Backed Hackers Blast Out Threatening Texts to Israelis (www.darkreading.com)
Handala threat group claims to have hacked radar systems in Israel as tensions rise between the two nations.
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits (www.darkreading.com)
CISA has issued an emergency directive in response to Midnight Blizzard, or Cozy Bear, a Russian threat actor targeting Microsoft email accounts. The group is extracting information to access Microsoft customer systems. Strict security measures, including strong passwords and multi-factor authentication, are strongly recommended...
CISA's Malware Analysis Platform Could Foster Better Threat Intel (www.darkreading.com)
But just how the government differentiates its platform from similar private-sector options remains to be seen.
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously (www.darkreading.com)
Cagey Phishing Attack Drops Multiple RATs to Steal Data (www.darkreading.com)
NSA Updates Zero-Trust Advice to Reduce Attack Surfaces (www.darkreading.com)
NSA recommendations include the use of encryption, tagging, labeling, data-loss prevention strategies, and data rights management tools. The NSA suggestions are intentionally aligned with zero-trust frameworks to help government agencies and enterprises defend against increasingly sophisticated cyberattacks.
Critical Bugs Put Hugging Face AI Platform in a 'Pickle' (www.darkreading.com)
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection (www.darkreading.com)
Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed (www.darkreading.com)
