The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs.
Follow Dark Reading:
 November 13, 2024
LATEST SECURITY NEWS & COMMENTARY
2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
Citrix Issues Patches for Zero-Day Recording Manager Bugs
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
Citrix 'Recording Manager' Zero-Day Bug Allows Unauthenticated RCE
The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
The Power of the Purse: How to Ensure Security by Design
CISA should make its recommended goals mandatory and perform audits to ensure compliance.
(Sponsored Article) Data Is the Foundation of Identity Security
It's impossible to make cybersecurity decisions without putting data-informed context into every identity that spans your enterprise.
MORE NEWS / MORE COMMENTARY
DON'T MISS OUR VIRTUAL EVENT ON THURSDAY
Know Your Enemy: Understanding Cybercriminals and Nation-State Actors
Nov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!
LISTEN TO OUR LATEST PODCAST
Dark Reading Confidential: Quantum Has Landed, So Now What?
NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University
MORE
PRODUCTS & RELEASES
Business Leaders Shift to Tangible AI Results, Finds New TeamViewer Study
Xiphera & Crypto Quantique Announce Partnership
Canadians Expected to Lose More Than $569M to Scams in 2024
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Revamped Remcos RAT Deployed Against Microsoft Windows Users
Windows users are at risk for full device takeover by an emerging malicious version of the Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.
LATEST FROM THE EDGE

How Playing Cyber Games Can Help You Get Hired
When it comes to landing a job in cybersecurity, what does it take to stand out from the pack? Try playing games.
LATEST FROM DR TECHNOLOGY

CrowdStrike Spends to Boost Identity Threat Detection
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise.
LATEST FROM DR GLOBAL

Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us