North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report. [TechWeb]( Follow Dark Reading:
[RSS](
March 04, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft Zero-Day Used by Lazarus in Rootkit Attack](
North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report.
[CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok](
Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike.
[Millions of Malicious Repositories Flood GitHub](
GitHub and cyberattackers are waging a quiet, automated war over malicious repos.
[NIST Cybersecurity Framework 2.0: 4 Steps to Get Started](
The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action.
[Taiwan's Biggest Telco Breached by Suspected Chinese Hackers](
Stolen data from Chunghwa Telecom â including government-related details â are up for sale on the Dark Web, the Taiwanese defense ministry confirms.
[CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit](
A sophisticated threat actor using an MO similar to Scattered Spider is camouflaging itself with convincing impersonation techniques in targeted attacks.
[Tips on Managing Diverse Security Teams](
The better a security team works together, the bigger the direct impact on how well it can protect the organization.
[Biometrics Regulation Heats Up, Portending Compliance Headaches](
A growing thicket of privacy laws regulating biometrics is aimed at protecting consumers amid increasing cloud breaches and AI-created deepfakes. But for businesses that handle biometric data, staying compliant is easier said than done. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models]( The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.
[Echoes of SolarWinds in New 'Silver SAML' Attack Technique]( A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.
[MTTR: The Most Important Security Metric]( Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries. [MORE]( PRODUCTS & RELEASES [Entro Extends Machine Secrets and Identities Protection With Machine Identity Lifecycle Management]( [Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO]( [Troutman Pepper Forms Incidents and Investigations Team]( [Tenable Introduces Visibility Across IT, OT, and IoT Domains](
[MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs](
Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. LATEST FROM THE EDGE [It's 10 p.m. Do You Know Where Your AI Models Are Tonight?](
Lack of AI model visibility and security puts the software supply chain security problem on steroids. LATEST FROM DR TECHNOLOGY [Cloud Apps Make the Case for Pen-Testing-as-a-Service](
Applications are increasingly distributed, expanding companies' cloud attack surfaces and requiring regular testing to find and fix vulnerabilities â and avoid the risk of a growing sprawl of services. LATEST FROM DR GLOBAL [Infrastructure Cyberattacks, AI-Powered Threats Pummel Africa](
Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in cyberattacks on the continent. WEBINARS - [How To Optimize and Accelerate Cybersecurity Initiatives for Your Business](
- [How Supply Chain Attacks Work -- And How to Stop Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Secure Access for Operational Technology at Scale](
- [Endpoint Best Practices to Block Ransomware](
- [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions](
- [2023 Work-from-Anywhere Global Study](
- [Building Cyber Resiliency: Key Strategies for Proactive Security Operations](
- [Mandiant Threat Intelligence at Penn State Health](
- [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization](
- [Zero-Trust Adoption Driven by Data Protection](
- [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily
-- Published By [Dark Reading](
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.](
Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com)
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121824&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.04.24&sp_cid=52312&utm_content=DR_NL_Dark%20Reading%20Daily_03.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ad
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)