Dark Reading - Nostr Hypermedia

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environment. https://www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms

Students Spot Washing Machine App Flaw That Gives Out Free Cycles UCSC students say that after reporting the bug months ago they're still able to rack up unlimited free wash loads at their local laundromat. https://www.darkreading.com/ics-ot-security/students-spot-washing-machine-app-flaw-that-gives-out-free-cycles

What American Enterprises Can Learn From Europe&apos;s GDPR Mistakes As the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe's costly missteps. https://www.darkreading.com/cyber-risk/what-american-enterprises-can-learn-from-europe-gdpr-mistakes

Android Banking Trojan Antidot Disguised as Google Play Update Antidot uses overlay attacks and keylogging to target users' financial data. https://www.darkreading.com/endpoint-security/android-banking-trojan-antidot-disguised-as-google-play-update

CISOs Grapple With IBM&apos;s Unexpected Cybersecurity Software Exit IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms. https://www.darkreading.com/cybersecurity-analytics/ciso-grapple-with-ibm-unexpected-cybersecurity-software-exit

CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking do... https://www.darkreading.com/cybersecurity-operations/ciso-corner-cyber-labor-shortage-trouble-meeting-sec-disclosure-deadlines

Intel Discloses Max Severity Bug in Its AI Model Compression Software The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems. https://www.darkreading.com/cyber-risk/intel-discloses-max-severity-bug-in-its-ai-model-compression-software

10 Ways a Digital Shield Protects Apps and APIs Layers of protection can bring defense-in-depth practices to distributed clouds and other modern network architectures. https://www.darkreading.com/cloud-security/10-ways-a-digital-shield-protects-apps-and-apis-in-a-distributed-cloud-world

SEC Adds New Incident Response Rules for Financial Sector Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches. https://www.darkreading.com/cyber-risk/sec-adds-new-incident-response-rules-for-financial-sector

400K Linux Servers Recruited by Resurrected Ebury Botnet Cryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe. https://www.darkreading.com/threat-intelligence/400k-linux-servers-recruited-by-resurrected-ebury-botnet

CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules Most companies still can't determine whether a breach is material within the four days mandated by the SEC, skewing incident response. https://www.darkreading.com/cybersecurity-operations/cisos-and-their-companies-struggle-to-comply-with-sec-disclosure-rules

Whose Data Is It Anyway? Equitable Access in Cybersecurity Cybersecurity cannot be solely about defending against threats; it must also empower organizations with their data. https://www.darkreading.com/cybersecurity-operations/whose-data-is-it-anyway-equitable-access-in-cybersecurity

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details. https://www.darkreading.com/vulnerabilities-threats/microsoft-has-yet-to-patch-7-pwn2own-zero-days

There Is No Cyber Labor Shortage There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places. https://www.darkreading.com/cybersecurity-operations/no-cyber-labor-shortage

Addressing the Cybersecurity Vendor Ecosystem Disconnect How security teams can bridge the gap between short-term profits and long-term business needs. https://www.darkreading.com/endpoint-security/addressing-the-cybersecurity-vendor-ecosystem-disconnect

Santander Falls Victim to Data Breach Involving Third-Party Provider The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank. https://www.darkreading.com/cyberattacks-data-breaches/santander-falls-victim-to-data-breach-involving-third-party-provider

US AI Experts Targeted in SugarGh0st RAT Campaign Researchers believe the attacker is likely China-affiliated, since a previous version of the malware was used by a China nation-state attack group. https://www.darkreading.com/cyberattacks-data-breaches/us-ai-experts-targeted-in-sugargh0st-rat-campaign

GE Ultrasound Gear Riddled With Bugs, Open to Ransomware &amp; Data Theft Thankfully, GE ultrasounds aren't Internet-facing. Exploiting most of the bugs to cause serious damage to patients would require physical device access. https://www.darkreading.com/vulnerabilities-threats/ge-ultrasound-gear-riddled-with-bugs-open-to-ransomware-data-theft